Adding sensitive data to heroku application (ruby on rails) - ruby-on-rails

I am trying to set up a mailer with my heroku application. I fear if I push up my production.rb, my gmail password will be exposed. How can I prevent this?
Production.rb:
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:authentication => :plain,
:user_name => "whatever#gmail.com",
:password => "**********"
}

You can use environment variables: https://devcenter.heroku.com/articles/config-vars
It's a best-practice to never include sensitive information in your repo. Env variables are also a good way to go, because they'll work with whatever provider you use, so if you move from Heroku to another platform, you won't need to make any changes to your code.

Related

Heroku Action Mailer with Gmail, sends email only once = Net::SMTPAuthenticationError

Strange behaviour I have. I'm using gmail to send my emails in my Rails app. I have my gmail configured to accept less secure apps.
However I send one email and then when I go to my google account it prompts me to restore the account via my phone.
After that, my app no longer sends email and I get this in my Heroku logs:
Net::SMTPAuthenticationError (534-5.7.9 Please log in with your web browser and then try again.
My production.rb is set up this way:
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:user_name => 'xxx#gmail.com',
:password => 'xxxxxx',
:authentication => "plain",
:enable_starttls_auto => true,
}
Anybody any ideas?
I think you have to set the domain to gmail.com
config.action_mailer.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => "gmail.com",
:user_name => "xxx#gmail.com",
:password => "xxxxxxx",
:authentication => :plain,
:enable_starttls_auto => true
}
If it worked then ok, if not try to change the :authentication to :login.
Advice: Check Gmail's security events too and double-check that all security settings are intact.
So I had several problems. The one that was caused by my inattention was that I didn't read Figaro gem docs properly and I wasn't sending out the proper info to Heroku with figaro heroku:set -e production.
Secondly my account would go into lockdown after I created it and sent first email. Steps to do:
enable two-step verifiation
generate app specific keys
put them in your config/application.yml if you're using Figaro
push and run figaro command
you might have to clear CAPTCHA on gmail see here
Follow the coment by #Mohamed
Advice: Check Gmail's security events too and double-check that all security settings are intact.
LINK: https://www.google.com/settings/security/lesssecureapps

How do I setup different ActionMailer Base smtp settings for development and production?

I have ActionMailer working correctly in both production and development. I use different smtp settings for each environment, gmail for development and a SendGrid account through Heroku for production. I manually switch the settings in the setup_mail.rb file to work in development and then switch them back before pushing into production. This prevents my gmail password from becoming public on github as the SendGrid/Heroku settings do not require my password in the file:
development setup_mail.rb
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => "mysite.com",
:user_name => "me#mysite.com",
:password => 'mypassword',
:authentication => "plain",
:enable_starttls_auto => true
}
production setup_mail.rb
ActionMailer::Base.smtp_settings = {
:address => 'smtp.sendgrid.net',
:port => '587',
:authentication => :plain,
:user_name => ENV['SENDGRID_USERNAME'],
:password => ENV['SENDGRID_PASSWORD'],
:domain => 'heroku.com'
}
ActionMailer::Base.delivery_method = :smtp
I am concerned that I will accidentally push the development settings with my password to github. I'd like to stop switching settings manually to prevent this from happening. How do I setup different ActionMailer Base smtp settings for development and production? Thanks
Have this setting in production.rb and development.rb, instead of having your password hard coded, you could use environment variables locally too, create a .env file in your project, which will be loaded when you cd in:
EMAIL=me#mysite.com
EMAIL_PASSWORD= mypassword
Use ENV['EMAIL'] AND ENV['EMAIL_PASSWORD'] in development.rb

Rails Mailer is not actually sending emails

I have just started learning ruby on rails and this was one of the tutorials i followed:
http://railscasts.com/episodes/206-action-mailer-in-rails-3
I followed it to a T and I have yet to receive anything in my gmail account. Is it fair to assume some updates to ruby have changed how you do things?
My best guess from reading everything over the net, the tutorial is missing actually setting the mailer to use smtp setting.
Here are my smtp settings:
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => "alexei.herokuapp.com",
:user_name => "mygmailaccount",
:password => "mygmailpassword",
:authentication => "plain"
:enable_starttls_auto => true
}
Could it be that i am still in local environment when testing this?
In that Railscast, Ryan has a line in there that doesn't send any email in development:
Mail.register_interceptor(DevelopmentMailInterceptor) if Rails.env.development?
Did you put that in? If so, then no email will go out when you run your app locally in development.
Try removing it.
Also open myapp/logs/development.log to see if what shows up there when you try to send an email.

Has anyone successfully set up their email settings on EngineYard?

I am attempting to add email capabilities to my app (forgotten password, notifications, etc.) and I am using EngineYard for hosting. I have successfully configured email in my test environment but upon uploading to EY it seems to error out in Production. I don't pay for their support and the only resource is a bit vague (or beyond me).
I am curious to know if there is any specific file additions, server set up etc. that is needed when using email on EY. I am using Google apps so I thought it would be as easy as adding the same code block for test in production but doesn't seem to be the case.
Here's my config for Google apps, in .../config/environments/production.rb:
require 'tlsmail'
Net::SMTP.enable_tls(OpenSSL::SSL::VERIFY_NONE)
ActionMailer::Base.raise_delivery_errors = true
ActionMailer::Base.perform_deliveries = true
ActionMailer::Base.delivery_method = :smtp
ActionMailer::Base.smtp_settings = {
:address => 'smtp.gmail.com',
:port => 587,
:tls => true,
:domain => 'example.com',
:authentication => :plain,
:user_name => "sender#example.com",
:password => 'tr1ckypwd!'
}
Note, for the security minded out there, I actually keep the password in a separate file and have code to patch it into the settings on launch, but I figured that would distract from the meat of the response.
Hope that helps.

how to set up restful_authentication email activation using gmail SMTP?

I have installed restful_authentcation from technoweenie with activation, and so I see the generated UserMailer < ActionMailer::Base.
However, the instructions don't include how to set it up to work with Google SMTP.
I am guessing that environments/development.rb needs to have the SMTP settings, but still not sure given Google (via Google apps) are all TLS.
Anyone set up activation using restful_authentication?
I currently put into environments.rb the following:
ActionMailer::Base.smtp_settings = {
:enable_starttls_auto => true,
:address => "smtp.gmail.com",
:port => "587",
:domain => "mydomain.com",
:authentication => :plain,
:user_name => "xxx#mydomain.com",
:password => "mypassword"
}
Thanks!!
As far as I know, ActionMailer doesn't do TLS out of the box (2.3.2). A couple of months ago I had the same issue and found some code on a Japanese page and integrated that. it appears that code has been wrapped up into a plugin now (with english docs yeah!). That's not exactly what I'm using, but it advertises the same effect.
so add this plugin:
http://github.com/openrain/action_mailer_tls/tree/master
and in environments/development.rb or environements.rb you need something like this:
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => "yourdomain.com",
:user_name => "first.last#gmail.com",
:password => "passwd",
:authentication => :plain
}
I see that :enable_starttls_auto => true is now in the docs, but it wasn't when I started. this at least works for me...
Edit: for some reason that link doesn't work if you follow it, but copy paste in the address bar and it's live...
I've never used SMTP from ruby (I have from python), but that looks right. You have the right domain and port (actually, multiple ports are supported, but that's one of them), and you're using starttls and AUTH PLAIN, which Google does use.

Resources