Using Google's Audit API to monitor google apps email - ruby-on-rails

I need to get some admin users using google apps gmail the ability to monitor their employees email. Have you used Google's Audit API to do this.
I wish there there was a way for the admins to just click a view my users email but that doesn't be the case.
If it matters the application is a rails app. The email is completely done on googles mail through google apps. Anyone that has done this any advice would be helpful.
Update! 500 points for this one!
I'm using ruby on rails hosting an app on heroku. The email is completely hosted with google apps standard, not business so we will have to upgrade, and the DNS is with zerigo which you already know if you use heroku.

Well, I hadn't planned on extending the gdata-ruby-util gem :), but here's some code that could be used for the Google Audit API based on Google's documentation. I only wrote a create_monitor_on method, but the rest are pretty easy to get.
Let me know if it works or needs any rewrites and I'll update it here:
class Audit < GData::Client::Base
attr_accessor :store_at
def initialize(options = {})
options[:clientlogin_service] ||= 'apps'
options[:authsub_scope] ||= 'https://apps-apis.google.com/a/feeds/compliance/audit/'
super(options)
end
def create_monitor_on(email_address)
user_name, domain_name = email_address.split('#')
entry = <<-EOF
<atom:entry xmlns:atom='http://www.w3.org/2005/Atom' xmlns:apps='http://schemas.google.com/apps/2006'>
<apps:property name='destUserName' value='#{#store_at}'/>
<apps:property name='beginDate' value=''/>
<apps:property name='endDate' value='2019-06-30 23:20'/>
<apps:property name='incomingEmailMonitorLevel' value='FULL_MESSAGE'/>
<apps:property name='outgoingEmailMonitorLevel' value='FULL_MESSAGE'/>
<apps:property name='draftMonitorLevel' value='FULL_MESSAGE'/>
<apps:property name='chatMonitorLevel' value='FULL_MESSAGE'/>
</atom:entry>
EOF
return true if post('https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/'+domain_name+'/'+user_name, entry).status_code == 201
false
end
end
Then use it elsewhere like this:
auditor = Audit.new
auditor.store_at = 'this-username'
auditor.clientlogin(username, password)
render :success if auditor.create_monitor_on('email-address#my-domain.com')
My suggestion is to create one core email address that all the email monitors are sent to, so your admins' inboxes aren't slammed with everyone else's mail. Then in your Rails app, use Net::IMAP to download the messages you want from that master email account. i.e., you can create a link that says "View Joe's Email" and the method does something like this:
require 'net/imap'
imap = Net::IMAP.new('imap.gmail.com', 993, true)
imap.login('this-username#my-domain.com', password)
imap.select('INBOX')
messages = []
imap.search(["TO", "joe#email.com").each do |msg_id|
msg = imap.fetch(msg_id, "(UID RFC822.SIZE ENVELOPE BODY[TEXT])")[0]
body = msg.attr["BODY[TEXT]"]
env = imap.fetch(msg_id, "ENVELOPE")[0].attr["ENVELOPE"]
messages << {:subject => env.subject, :from => env.from[0].name, :body => body }
end
imap.logout
imap.disconnect
Then you can put those messages in your view -- or send them all in one bulk email, or whatever you want to do.

Related

Send URLs via SMS through Twilio-Rails

Working on a Rails project that needs to send a link to a record to someone via SMS.
/services/twilio_client.rb:
def send_text(job, message)
client = Twilio::REST::Client.new account_sid, auth_token
client.messages.create(
to: job.cell_number,
from: phone_number,
body: message
)
end
From Controller:
if job.save?
message = "#{#job.company} worker, you've got a new job. See it here:"
TwilioClient.new.send_text(#job, message)
In an ideal world, I could send them a link directly to the job via SMS, but Twilio won't accept ruby code as a media_url and dropping #{#job} in the message results in receiving the object #<Job:0x00007f0b60818338> in the SMS.
Clearly, this is a syntax issue, but try as I might I can't find a solution in the docs, the twilio-ruby gem, or examples published on the interweb.
I would change the interface of the send_message a bit:
# in /services/twilio_client.rb:
def send_text(number, message)
client = Twilio::REST::Client.new(account_sid, auth_token)
client.messages.create(to: number, from: phone_number, body: message)
end
And then call it from the controller like this:
if job.save?
message = "#{#job.company} worker, you've got a new job. See it here: #{media_url}"
TwilioClient.new.send_text(#job.cell_number, message)
# ...
The important fact here is that URL builders are only available in controllers and views in Rails per default. When you need a URL in another object like a service model then the easiest way is to generate it on the controller level and pass it to the service.

how to get the sent emails count from my account using gmail api?

iam using gmail api, in my rails application to send emails. a user can authenticate to google and send emails(it will ask for user consent. upon user approval he can send emails from his account)
my requirement is i want to show the logined user, how many emails sent from his email id in my rails app. for that im using using the below end point. but im getting an error
require 'net/http'
require 'uri'
in controler
def sent_email_count
_
api_key = "api_key_contains_smal_case_capital_case_letters_and_special_symbols"
uri = URI.parse("https://www.googleapis.com/gmail/v1/users/#{current_user.email}/messages?labelIds=SENT&q=newer_than%3A1d&key={api_key}")
#gmail_response = Net::HTTP.get_response(uri)
end
in views :-
response <%= #gmail_response >
but getting unauthorized error.
sent email count :- #Net::HTTPUnauthorized:0x00007f6f5e3e2158
i tried like below also. but its not working.(string interpoltion changes for api key)
uri = URI.parse("https://www.googleapis.com/gmail/v1/users/#{current_user.email}/messages?labelIds=SENT&q=newer_than%3A1d&key=#{api_key}")
#gmail_response = Net::HTTP.get_response(uri)
uri = URI.parse("https://www.googleapis.com/gmail/v1/users/#{current_user.email}/messages?labelIds=SENT&q=newer_than%3A1d&key=api_key")
#gmail_response = Net::HTTP.get_response(uri)
can some one help me with this
Answer
You are missing the token in your code, that's why your requests are HTTP 401 Unauthorized, I strongly recommend you to use the Official documentation Quickstart In your case, you should use the list_user_messages method.
First of all list all the messages using the q parameter as in:sent which means read all the sent messages from my Gmail and then count your array of messages. Here's an example:
# ...
# Previous quickstart code
user_id = "email#example.com"
result = service.list_user_messages(user_id=user_id, q="in:sent")
puts "count : #{result.messages.length()}\n\n"
Reference
Ruby Google API Client
Method: users.messages.list

Rails: access git email config

We have a mail interceptor in our local environment, so that email aren't sent to the actual mail addresses, but a copy is sent to the developpers (devs#project.com).
It is cool, except that all the developpers receive the mails of the whole team, which can be annoying, disturbing.
I'd like to filter with each one using his own email address. I thought of using the git email address, which is set by all of us.
Can my Rails code have an access to this mail address?
Otherwise, I'll create a .gitignored file that each of us should set, but that's more setup then.
Found the solution here: Is it possible to call Git or other command line tools from inside a Thor script?
mail = %x(git config user.email)
So the whole interceptor would be:
class DevelopmentMailInterceptor
def self.delivering_email(message)
git_email = %x(git config user.email)
filter_email = !git_email.empty? git_email : 'devs#project.com'
if Rails.env.development? && !message.to.include?(filter_email)
message.subject = "[Local Filter] To: #{message.to} - #{message.subject}"
message.to = filter_email
end
return message
end
end

Trouble authenticating with Google Content API for Shopping

I'm trying to use OAuth2 for Server to Server Applications in conjunction with Google's Content API for Shopping using the google-api-client gem and Ruby on Rails 3.2.5. Also, I have already set up my merchant account as prescribed in the Content API documentation.
This was the best way I found to be able to:
create/update products in the background
have created products fall under my company's Google Products 'umbrella'
not require every user to authenticate/authorize when their token expires
Using lines 1 - 23 from this sample as a starting point, I've begun to write the following module for use in background jobs:
require 'httparty'
require 'google/api_client'
module GoogleProducts
GOOGLE_CONFIG = YAML.load_file(File.join(Rails.root, "config", "google.yml"))[Rails.env]
CLIENT_ID = "XXXXXXXXXXXX#developer.gserviceaccount.com"
MERCHANT_ID = "XXXXXXX"
SCOPE = "https://www.googleapis.com/auth/structuredcontent"
KEY_FILE_PATH = File.join(Rails.root, "config", "my-privatekey.p12")
KEY_FILE_PASS = "XXXXXXXXXX"
def self.add_item(item_id)
self.fetch_token
xml = self.gen_item_xml(item_id)
headers = {"Content-type" => "application/atom+xml", "Content-Length" => xml.length.to_s}
url = "https://content.googleapis.com/content/v1/#{MERCHANT_ID}/items/products/generic?access_token=#{$gp_token}"
response = HTTParty.post(url, :body => xml, :headers => headers).parsed_response
end
def self.gen_item_xml(item_id)
#building product xml
end
private
def self.fetch_token
api_client = Google::APIClient.new(:authorization => :oauth2)
key = Google::APIClient::PKCS12.load_key(KEY_FILE_PATH, KEY_FILE_PASS)
asserter = Google::APIClient::JWTAsserter.new(CLIENT_ID, SCOPE, key)
begin
api_client.authorization = asserter.authorize
#todo - store in something other than a global
$gp_token = api_client.authorization.access_token
rescue Signet::AuthorizationError => e
puts e.message
ensure
return $gp_token
end
end
end
Everything seemingly works fine - the authentication, the handling of the auth token - until I attempt to actually add an item, which I get the following when I do:
<errors xmlns='http://schemas.google.com/g/2005'>
<error>
<domain>GData</domain>
<code>ServiceForbiddenException</code>
<internalReason>Could not find authenticated customer</internalReason>
</error>
</errors>
Any ideas?
After much anguish and mental toil, I've finally solved my issue!
Since I am using OAuth 2 Server to Server authentication the suggestion hjblok gave didn't apply (thanks for giving it a shot, though!).
I simply added the email address that was associated with my Service Account key from the Google API Console (e.g. XXXXXXXXXXXX#developer.gserviceaccount.com) to my Google Merchant account (Settings > Users on the merchant admin page), and it worked.
If there's any clarification needed, please feel free to comment!
The Google Content API documentation says you need to set it up in the Settings page of the Google Merchant Center:
https://developers.google.com/shopping-content/getting-started/usingapi-products
EDIT rewrote the answer after diving into the Google's API documentation
Did you already try to use Google's OAuth 2.0 playground? I was able to successfully access https://content.googleapis.com/content/v1/#{MERCHANT_ID}/items/products/generic.
In "Step 1" I've chosen the "Content API for Shopping" and then authorized the API with my account.
Then in "Step 2" I've "exchanged authorization code for tokens", which results in a "refresh token" and an "access token".
Then in "Step 3" I've invoked a GET request to https://content.googleapis.com/content/v1/1234567/items/products/generic. Because 1234567 is not a valid MERCHANT_ID it returns an Error. But the Error Messages contains a MERCHANT_ID which actually belongs to your account.
I repeated "Step 3" but now with the correct MERCHANT_ID. Which returns a HTTP/1.1 200 OK with the requested items in the body.
Furthermore I'm not sure, but doesn't Google API expect an Authorization header to be present with the access_token ($gp_token)? Within the OAuth 2.0 playground this Authorization header is used to sent the access_token.
I also found the Structured Content API demo page (https://google-content-api-tools.appspot.com/demo/demo.html), which is more specific to the Content API for Shopping.

Playing around with mails in Rails

I`m trying to create the following feature: You register and receive an email like vouldjeff+ewr#myapp.com and when you send something to this email it automatically appears in something like your wall... So my problem is how to realize the creation of the email and the receiving of the mail itself.
Any ideas?
Ruby provides Net/IMAP and Net/POP3 you can use to login into your email account.
Here's a small tutorial.
POP3
pop = Net::POP3.new("pop.gmail.com", port)
pop.enable_ssl
pop.start('YourAccount', 'YourPassword')
if pop.mails.empty?
puts 'No mail.'
else
i = 0
pop.each_mail do |m|
File.open("inbox/#{i}", 'w') do |f|
f.write m.pop
end
m.delete
i += 1
end
puts "#{pop.mails.size} mails popped."
end
pop.finish
IMAP
imap = Net::IMAP.new('imap.gmail.com')
imap.authenticate('LOGIN', 'username', 'password')
imap.select('INBOX')
imap.search(['ALL']).each do |message_id|
msg = imap.fetch(message_id,'RFC822')[0].attr['RFC822']
MailReader.receive(msg)
imap.store(message_id, "+FLAGS", [:Deleted])
end
imap.expunge()
There might be other options but that's how we do it:
Postfix
Rails Cron Job
Postfix allows you to specify a MySQL table/view to check whether an email address exists or not. You can also define Mail Forwardings.
Create a DB View to match the requirements on Postfix
This View should contain all the email addresses and forward them to a different mail account, like mailparser.
Now your Rails can either
use a POP3/IMAP frontend to the mailserver (you should install Dovecot or Courier then) to fetch the mails and process them
or go to the place on the disk where all the mails are located (check Postfix config for that) and parse the files as TMail objects and process them.
A different option is to make Postfix call script/runner with the Mail data, but rails boot-up can take long and a lot of memory, so I prefer having a Cronjob/Backgroundjob/Worker to do this.
P.S. The Creation of the E-Mail will be done by creating a Model for your Rails app which the View will use as a basis.
Sending E-Mails is simple as pie. Simply have a look at the ActionMailer Basics. If you also want to receive E-Mail, you should write a daemon that fetches Mails from the mailserver continuously in the background.
Here a snippet that fetches Mails via POP:
require 'net/pop'
config = {
:host => "mail.example.com",
:user => "foobar#example.com",
:password => "…",
:port => 110,
:timeout => 10
}
pop = Net::POP3.new(config[:host])
pop.start(config[:user], config[:password])
if pop.mails.empty?
puts "No mails…"
else
pop.mails.each do |mail|
# do stuff with mail
end
end
This is pure Ruby-Code, Rails is not needed for this snippet.

Resources