MailgunとRailsを使用して受信メールを処理する

Question

メールを受信して​​、paramsを取得して正しいデータを解析してブックマークを作成するために、悪意のあるコードとrubyを使用してメールを受信しようとしています。 Mailgunは受信メールを正常に処理していますが、レールはブックマークを作成していません。あなたは私がバグを見つけるのを助けてくれますか？

私は私が作成したメソッドでincoming_controller.rbを作成しroutes.rbを

post :incoming, to: 'incoming#create'

Rails.application.routes.draw do 

    post :incoming, to: 'incoming#create' 

    resources :topics do 
    resources :bookmarks, except: [:index] 
    end 

    devise_for :users 

    get 'about' => 'welcome#about' 

    root 'welcome#index' 

end 

にPOSTを追加しました。

class IncomingController < ApplicationController 
    skip_before_action :verify_authenticity_token, only: [:create] 

    def create 
    user = User.find(params[:sender]) 

    topic = Topic.find(params[:subject]) 

    url = params["body-plain"] 

    if @user.nil? 
     @user = User.new(email: user, password: "password") 
     @user.save! 
    end 

     if @topic.nil? 
     @topic = Topic.new(title: topic) 
     @topic.save! 
     end 

     @bookmark = @topic.bookmarks.build(user: user, url: url) 

     @bookmark.save! 


    head 200 
    end 
end 

私はこの情報とサンプルメール送る：に

を：postmaster@appd5fb3842ce6a4e52a5acb511e854e06b.mailgun.org

対象：ルビーon Railsの

体を：www.amazon.com

Mailgunは受信メールを正常に処理します。アプリはHerokuの中で展開され、その後、私は、サンプル電子メールを送信した後、ログをチェックしている：

016-07-19T19:34:54.444997+00:00 app[web.1]: Started POST "/incoming" for 173.203.37.61 at 2016-07-19 19:34:54 +0000 
2016-07-19T19:34:54.450111+00:00 app[web.1]: Processing by IncomingController#create as */* 
2016-07-19T19:34:54.452049+00:00 app[web.1]: Completed 401 Unauthorized in 2ms (ActiveRecord: 0.0ms) 
2016-07-19T19:34:54.450405+00:00 app[web.1]: Parameters: {"recipient"=>"postmaster@appd5fb3842ce6a4e52a5acb511e854e06b.mailgun.org", "sender"=>"davefogo@gmail.com", "subject"=>"Fwd: Ruby on Rails", "from"=>"Davefogo <davefogo@gmail.com>", "X-Mailgun-Incoming"=>"Yes", "X-Envelope-From"=>"<davefogo@gmail.com>", "Received"=>"by 10.31.54.67 with HTTP; Tue, 19 Jul 2016 12:34:33 -0700 (PDT)", "Dkim-Signature"=>"v=1; a=rsa-sha256; c=relaxed/relaxed;  d=gmail.com; s=20120113;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to;  bh=/GqYYnS19tzrvCvJfrBdDl6MnpgkPapnQaEWEQ5bjxo=;  b=IGVDlfbjQxBnPDgDKds2xTU0wZgS80r8/qaH3HxgvbSA/yxrzBrC403Zl9hDldBnw3   ttdGYaW1A333eqMN/O8QRrG9tm0twYonKA1/D3qaWVx6DgnOHc5R1pfxpQuGFU+KlSNb   zwNoU33lSVSIooZuoWkSp2xMoonK7PF0QBUck7/OMeh1acV0pN9FSNKypTRyxXAa3hVW   8j8+6uSnRMH6qfyb9JgRDx65ar6McJ1zPTnUoRry15zEzGVoJbtzIWF8t4s9yJSjqt55   RwMtikD+12NAL39b4Gnq35EsuoNFDB39P/3jrYd+e/LDbvdZ+KpMguNt5hOsxGU6EGSL   4mtA==", "X-Google-Dkim-Signature"=>"v=1; a=rsa-sha256; c=relaxed/relaxed;  d=1e100.net; s=20130820;  h=x-gm-message-state:mime-version:in-reply-to:references:from:date   :message-id:subject:to;  bh=/GqYYnS19tzrvCvJfrBdDl6MnpgkPapnQaEWEQ5bjxo=;  b=JUVYyBwmTVhxne5e+T/avE5Zw8d9BQxqXEohI24RDeJfgn7cHsl8kwebPFHFETL+BL   cMSTR4GE+AlbvogjPgE3oQYpo51mbFSH4tPmOLl3eF72K4E4jYaLRKQEFHNb+OXC+mLJ   w687MluK367IK3GAoK8S+f4AIAuirAFNiUP+jqB5rLC2twjAzu5K4VNFIazharMXMMOP   ts4M4HpzKZ/KvWznbwjmLh5m0Mh6n6mbgmya4nisgbgGq49u68VvceQIv+HQEjo9hMDG   Ujn0z7GAwo9aHR1dLcjgKh9DDR7xPQabBd42JzrS9w03qkKISqo0+Ari5BOqNclwAz/y   cH7g==", "X-Gm-Message-State"=>"ALyK8tKGA4dQBPYYeMhpAaxb2WJMsQanxVpTNLNlmJVonUtlUECi9H9lqwH3smCcwZgC2WEwTOkBLqBQfyZ/hQ==", "X-Received"=>"by 10.31.181.81 with SMTP id e78mr10214430vkf.154.1468956892490; Tue, 19 Jul 2016 12:34:52 -0700 (PDT)", "Mime-Version"=>"1.0", "In-Reply-To"=>"<C179685D-46B8-4120-A9E9-0631DF1F774C@gmail.com>", "References"=>"<C179685D-46B8-4120-A9E9-0631DF1F774C@gmail.com>", "From"=>"David Forero Gomez <davefogo@gmail.com>", "Date"=>"Tue, 19 Jul 2016 14:34:33 -0500", "Message-Id"=>"<CACkRELFAYA_8-EcQxP8yXYuWe+wV-Zyvo8DJ0C5jxA7hF=qG7g@mail.gmail.com>", "Subject"=>"Fwd: Ruby on Rails", "To"=>"postmaster@appd5fb3842ce6a4e52a5acb511e854e06b.mailgun.org", "Content-Type"=>"multipart/alternative; boundary=\"001a114394cec470160538022db5\"", "message-headers"=>"[[\"X-Mailgun-Incoming\", \"Yes\"], [\"X-Envelope-From\", \"<davefogo@gmail.com>\"], [\"Received\", \"from mail-vk0-f50.google.com (mail-vk0-f50.google.com [209.85.213.50]) by mxa.mailgun.org with ESMTP id 578e80dd.7f15044ad6f0-in3; Tue, 19 Jul 2016 19:34:53 -0000 (UTC)\"], [\"Received\", \"by mail-vk0-f50.google.com with SMTP id w127so39074349vkh.2  for <postmaster@appd5fb3842ce6a4e52a5acb511e854e06b.mailgun.org>; Tue, 19 Jul 2016 12:34:53 -0700 (PDT)\"], [\"Dkim-Signature\", \"v=1; a=rsa-sha256; c=relaxed/relaxed;  d=gmail.com; s=20120113;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to;  bh=/GqYYnS19tzrvCvJfrBdDl6MnpgkPapnQaEWEQ5bjxo=;  b=IGVDlfbjQxBnPDgDKds2xTU0wZgS80r8/qaH3HxgvbSA/yxrzBrC403Zl9hDldBnw3   ttdGYaW1A333eqMN/O8QRrG9tm0twYonKA1/D3qaWVx6DgnOHc5R1pfxpQuGFU+KlSNb   zwNoU33lSVSIooZuoWkSp2xMoonK7PF0QBUck7/OMeh1acV0pN9FSNKypTRyxXAa3hVW   8j8+6uSnRMH6qfyb9JgRDx65ar6McJ1zPTnUoRry15zEzGVoJbtzIWF8t4s9yJSjqt55   RwMtikD+12NAL39b4Gnq35EsuoNFDB39P/3jrYd+e/LDbvdZ+KpMguNt5hOsxGU6EGSL   4mtA==\"], [\"X-Google-Dkim-Signature\", \"v=1; a=rsa-sha256; c=relaxed/relaxed;  d=1e100.net; s=20130820;  h=x-gm-message-state:mime-version:in-reply-to:references:from:date   :message-id:subject:to;  bh=/GqYYnS19tzrvCvJfrBdDl6MnpgkPapnQaEWEQ5bjxo=;  b=JUVYyBwmTVhxne5e+T/avE5Zw8d9BQxqXEohI24RDeJfgn7cHsl8kwebPFHFETL+BL   cMSTR4GE+AlbvogjPgE3oQYpo51mbFSH4tPmOLl3eF72K4E4jYaLRKQEFHNb+OXC+mLJ   w687MluK367IK3GAoK8S+f4AIAuirAFNiUP+jqB5rLC2twjAzu5K4VNFIazharMXMMOP   ts4M4HpzKZ/KvWznbwjmLh5m0Mh6n6mbgmya4nisgbgGq49u68VvceQIv+HQEjo9hMDG   Ujn0z7GAwo9aHR1dLcjgKh9DDR7xPQabBd42JzrS9w03qkKISqo0+Ari5BOqNclwAz/y   cH7g==\"], [\"X-Gm-Message-State\", \"ALyK8tKGA4dQBPYYeMhpAaxb2WJMsQanxVpTNLNlmJVonUtlUECi9H9lqwH3smCcwZgC2WEwTOkBLqBQfyZ/hQ==\"], [\"X-Received\", \"by 10.31.181.81 with SMTP id e78mr10214430vkf.154.1468956892490; Tue, 19 Jul 2016 12:34:52 -0700 (PDT)\"], [\"Mime-Version\", \"1.0\"], [\"Received\", \"by 10.31.54.67 with HTTP; Tue, 19 Jul 2016 12:34:33 -0700 (PDT)\"], [\"In-Reply-To\", \"<C179685D-46B8-4120-A9E9-0631DF1F774C@gmail.com>\"], [\"References\", \"<C179685D-46B8-4120-A9E9-0631DF1F774C@gmail.com>\"], [\"From\", \"David Forero Gomez <davefogo@gmail.com>\"], [\"Date\", \"Tue, 19 Jul 2016 14:34:33 -0500\"], [\"Message-Id\", \"<CACkRELFAYA_8-EcQxP8yXYuWe+wV-Zyvo8DJ0C5jxA7hF=qG7g@mail.gmail.com>\"], [\"Subject\", \"Fwd: Ruby on Rails\"], [\"To\", \"postmaster@appd5fb3842ce6a4e52a5acb511e854e06b.mailgun.org\"], [\"Content-Type\", \"multipart/alternative; boundary=\\\"001a114394cec470160538022db5\\\"\"]]", "timestamp"=>"1468956894", "token"=>"0e3d93f6085cc41f8b5e13cc37b5ff6fb6d93b96f00b51808a", "signature"=>"4548f253e920556cd514d0a4342c7e1121a47b28a91f4e890bf5a80449001bc7", "body-plain"=>"http://www.amazon.com\r\n", "body-html"=>"<div dir=\"ltr\"><br><div class=\"gmail_quote\"><br><div style=\"word-wrap:break-word\"><a href=\"http://www.amazon.com\" target=\"_blank\">http://www.amazon.com</a>&nbsp;</div></div><br></div>\r\n", "stripped-html"=>"<html><body><div dir=\"ltr\"><br><br></div></body></html>", "stripped-text"=>"http://www.amazon.com", "stripped-signature"=>""} 
2016-07-19T19:34:54.439193+00:00 heroku[router]: at=info method=POST path="/incoming" host=nameless-oasis-20950.herokuapp.com request_id=1c9d12fb-1ae7-4394-b8fc-a0f209c4dbb8 fwd="173.203.37.61" dyno=web.1 connect=1ms service=32ms status=302 bytes=989 

Answer 1

この質問に対する答えは非常に簡単です。このバグに苦しんでの時間後。

がincominig_controller.rbに追加：ユーザーが電子メールを送信し、アプリはユーザーが（明らかにそのようにすべきではない）でログインすることを期待されるよう

skip_before_action :authenticate_user!, only: [:create]

をエラーが来てました。