Forem: Andriy Zapisotskyi

Wet VS Electric VS Digital Signatures: What Developers Should Know

Andriy Zapisotskyi — Mon, 09 Aug 2021 08:38:40 +0000

How long did the process of signing and delivering documents take, let’s say, 10 years ago? And how long does it take now? We all know that many documents require a signature. But if before the only way to sign agreements was by hand, digitalization has taken the signing process to a whole new level.

Let’s discover the definitions of wet signatures as well as electronic and digital ones, their differences, and when you can use each of them to authorize documents.

The definition of a wet signature

When a person physically marks a document either with a pen, name seal, or another writing device, he is leaving a wet signature.

It does not necessarily need to be a person’s name written with an ink pen. Everything from stamp marks, seals, cursive, or just an “X” is legally distinguished as a wet signature as long as it is physically done. Depending on the company, rules might still vary, hence it is usually advised to check before signing a document to ensure your signature is valid.

Nowadays, thanks to digital technologies, electronic signatures can carry similar legal effects when it comes to signing various agreements. Besides, with electronic signatures, businesses can complete the document authorization within a day without the need to print it, sign, scan, and send it back.

The definition of an electronic signature

Marks on electronic documentation that have an intention to serve as a person's document authorization are determined as electronic signatures. The latter can be done by selecting a checkbox, through a keystroke or a simple stylus swipe.

You are giving an electronic signature when you, signing up for Netflix and creating an account with them, check several boxes related to their policies. Your name at the end of every email you send is also considered an electronic signature.

An electronic signature can have a number of different forms, including:

Entering pin code when you withdraw money from an ATM
Sending a scanned document with your wet signature
Typing your first and last name in an electronic contract

A lot of people also recreate their handwritten signature with the help of their smartphones to have it in an electronic format and reuse for various purposes.

Electronic signing is easy to implement and it eliminates a lot of hassle around piles of paper. However, due to security reasons, electronic type of signature is defined as low trust because it doesn’t carry any proof of the identity of the signer and doesn’t track the possible changes that can occur after the document was already signed.

To secure documents that are signed electronically, digital signatures like SmallPDF were introduced.

The definition of a digital signature

One of the most reliable methods for executing electronic agreement authorization is through digital signatures. The latter includes an authority certificate to validate the signatory and ensure the sent document was not changed after it was signed.

Besides, all electronic communication is also signed with a private decryption key of the sender and can be verified by those who have access to the public key of the sender. Such a system ensures that two parties are exactly who they say they are, and all the exchanged content between them has not been edited.

A digital signature example is when you select a platform for eSignature to sign and share your document. Once you are done with editing, the platform offers to leave a digital signature to secure it and eliminate the possibility of someone unauthorized viewing it.

A digital signature serves as your unique fingerprint. While electronic signatures confirm your agreement with the T&Cs of a particular contract, a digital signature verifies its authenticity. The process of signatory and originator identification is the main difference between the two signatures.

Advantages and Disadvantages of Wet Signatures

Although both signatures, digital and electronic, are legally accepted across the world, there are many situations when you will be asked to sign a contract with a wet signature.

A signature serves as an approval between several parties involved. Hence, one of the advantages of working with a wet signature is that all participants should be present in order to get everything signed. People can discuss the terms of the agreement, confirm all the details, and ensure that each party agrees with everything before signing.

Despite this, there exist several reasons electronic signatures prevail when it comes to the process of signing different types of agreements.

First, the amount of effort required to get a document signed using a wet signature is tremendous. It might seem okay, but on a bigger scale, when a company needs to sign a number of documents with different clients, the process can be seriously delayed.

Second, printed documents can be damaged, stolen, or just lost, either outside of the office or in a pile of other papers. That does not happen with electronic documentation which requires no printing or scanning and can be safely saved on the cloud.

Third, paper documents take a lot of space for storage, tons of effort to manage, and a lot of people’s resources to fill them. When you need to prepare a contract within no time, electronic documents will be lifesavers. Besides, it’s far easier then to find the needed file on the laptop rather than go looking for it among thousands of stacks of printed files.

Advantages of Digital Signatures

Shifting to digital signing might be overwhelming at first, but is definitely worth the effort.

There exist quite a lot of solutions on the market that provide companies with a ready-made system where they can store and easily manage all the electronic documentation and sign them securely and with no effort.

Contracts can be created with customized digital signatures which will ensure absolute confidentiality and security of the signed documents. You can also create your own lists of those people who need to sign an agreement and track the entire process without moving from the laptop.

Digital signatures save you time and eliminate most of the routine work when it comes to creating and signing contracts. With digital signatures, it is easy to verify the identity of the signer, obtain a legal signature, and store the received documents with no hassle and additional costs.

Wrap Up

The rise of digitalization and process automation has changed the way of collecting signatures. From using ink to sign papers to shifting to name seals, from utilizing faxes to moving to electronic means of authorization, people are looking for means to conduct things quicker than they used to. In a fast-paced environment like ours, the less time spent on the process, the better.

Although wet signatures are still used in a number of cultures, many companies, service providers, and mobile apps have moved to electronic means of signing documents. The latter is fast and efficient and eliminates the need to process and store piles of paper.

For people who value privacy and security, digital signatures are a way to make sure the agreement is signed by the right person, is safely transmitted, and undergoes no change after being signed. Besides, with a vast amount of digital platforms offering customized and safe tools for signing documents, it has become even easier to make a shift from traditional wet signatures to a new world of digitalization.

10 Tips for Safe and Secure Remote Work for Developers

Andriy Zapisotskyi — Thu, 01 Jul 2021 17:10:15 +0000

10 Tips for Safe and Secure Remote Working

Modern employees require more flexibility than their previous counterparts.

54% of employees say they’d rather shift to a career that offers them more flexibility. In other words, organizations are more likely to retain employees if they offer flexible work arrangements.

But shifting from in-person work to remote work comes with a full host of changes (and something to keep in mind when starting a business). The most crucial one? Making sure your remote team is set up to work safely and securely.

But before we touch on 10 tips to improve your remote team’s security, let’s take a look at the importance of safe and secure remote working.

The importance of safe and secure remote working

Now that more employees are working remotely, many companies are using cloud based workflows, cloud communication platforms or other cloud management solutions, and office management software, so everyone has access to real-time information and documents. That way, the process of tracking developer productivity get also simplified. With employees being able to access company information from anywhere in the world, data security is more important than ever.

But the average remote employee may not have the set-up that businesses require to protect sensitive and proprietary information.

Without business-grade security, businesses are leaving themselves open to compliance issues, brand damage, leaked data, financial loss, and other legal and costly risks.

That’s why it’s crucial to be proactive about protecting your business’s security.

To protect your business, check out the following 10 safety tips.

10 Tips for Safe and Secure Remote Working for Developers

1: Use a VPN

Our first tip for increasing home and remote network security is providing development teams with access to a virtual private network (VPN).

VPNs act like a highly protected tunnel within another network connection you manage. All data stays within the tunnel, meaning:

No one outside the VPN has the authority to access it
Your data never mingles with or leaks out into the internet

VPNs also unlock geographically restricted internet pages without encrypting your traffic (so it doesn’t affect your internet speed). Finally, you'll have a chance to check your favorite sites or other quality content materials worldwide.

When choosing a VPN, look for one that offers 24/7 customer support, native apps for multiple operating systems and devices, and international servers, like ExpressVPN does.

2: Keep HR processes and data confidential

HR processes and data contain sensitive information that could lead to business and legal problems if compromised.

Because of this, HR teams need a way to access important data to do their jobs without sacrificing security. The answer?

Storing data securely and making it accessible to the right people.

To do this, you’ll either need to use a tool like Microsoft’s Compliance Manager in Microsoft 365 or you can hire a professional employer organization (PEO) service provider to handle it for you.

3: Have a safe contract signing process

Remote working means that you’ll likely hire your team (developers, product managers, web designers etc.) without seeing them face-to-face.

From non-disclosure agreements to work contracts and W-4s, new employees have a lot of forms to sign.

To make sure your onboarding process is secure, you’ll need to use contract management software.

This ensures that all documents are:

In order
Signed and dated electronically
Encrypted and secured from lurkers

Having a safe contract signing process is also important for other contracts and forms, such as:

Client contracts
Vendor contracts
Tax forms
Legal forms
Banking forms
Inventory reports

4: Share documents securely

Collaboration and file sharing are integral parts of a remote business.

Whether it’s NDA, copy templates, product description, or ad copy – all documents have to be shared securely across the whole team.

Using premium collaboration tools is a more secure way to share files because of the tools' advanced built-in security features.

To help your employees securely share files, consider using protected PDFs and private Google docs with assigned permissions.

Make sure to encourage your employees to refrain from collaborating and sharing files through email. Although sharing through email is usually quick and easy, it’s best to avoid communicating and transferring files this way if confidential information is involved.

If you have to use email to send or receive a file, always triple-check where it’s coming from or where you’re sending it to make sure it’s a valid and secure email address.

Also, if you want to bring your advertising metrics into Google Workspace, you can increase productivity by using a Google spreadsheet add-on or even try GDocs to WordPress markup cleaner. Make sure it is a Premier Google Partner, since this guarantees you that this process is 100% secure.

5: Issue devices to your team

When employees use their own devices to work from home, they tend to use devices that are less secure than business-issued devices.

It’s possible that:

Their devices don’t have proper security applications installed
They don’t update their software
They could be using the same simple password for all logins

Even worse, they could be accessing insecure websites like torrents or suspicious sites using those same devices. This increases the risk of data leaks and viruses plaguing your confidential files.

To avoid this, consider issuing professional devices to your employees that your IT team recommends. If this isn’t possible, see if your IT team can tighten the security around your employees’ personal devices.

6: Use antivirus software

Your business probably already uses cybersecurity tools to protect against phishing, viruses, malware, and ransomware on business hardware.

But if employees are using personal devices for work, they need high-level protection too.

To make sure they use antivirus software, provide them with security software programs and ask them to show you proof that they’ve been installed. You can also provide a list of acceptable security software programs as an alternative.

In the end, there’s no way around it — everyone needs antivirus software to work safely.

7: Implement remote working policies

Implementing remote work security policies shows your team that your business is serious about having security measures in place. This also holds your staff accountable for working securely.

After choosing which policies to implement, be a virtual mentor and make sure to coach your team, so they fully understand what’s expected of them.

Your security policies may include rules about:

Screen positioning
Session logout
Sharing access
Alternative work sites
Lockable, burglar-resistant office equipment
Backup media storage
Time management through various tools

Whether it's a software project or remote policy – make sure to have a proper implementation plan.

8: Encourage employees to report suspicious attempts

Employees often feel nervous reporting suspicious attempts or potential cyber incidents. They may fear losing their job, getting penalized, or being questioned about breaching security policies.

But encouraging employees to report cyber incidents can make them feel more comfortable about coming forward when something happens.

To foster open communication, create a single source dedicated to reporting suspicious activity via a dedicated messaging group, Slack channel, or IT support email. This way, they’ll know exactly how to report the incident when they’re working from home or coworking space.

It’s also important to ask employees to report suspicious activity, even if they broke one of your security policies. To encourage them to do this, ensure employees that they won’t face harsh disciplinary action if they come forward. Then, offer additional security training so they can be better equipped to follow policies in the future.

9: Provide security training and reminders to your team

Conducting security training in the form of webinars, workshops, and video classes helps employees better understand how to work safely. For this, there are tons of useful online video editors, webinar platforms or course platforms

When deciding on a training program, choose one that’s hands-on. This way, employees can practice sharing files, updating software, configuring their routers, installing virus protection, and using VPNs.

One more important point, use LastPass as a password management system or any other LastPass alternative.

It’s also important to explain exactly what to do if something goes awry.

10: Prepare for a security breach

Remember, security is a team effort. It’s not really a question of if you’ll have a security breach, but rather when you’ll have one.

To make sure your business will still be up and running when that happens, have backup systems in place.

What will you do if an employee’s device is stolen?

What will you do if a manager accidentally opens a phishing email?

Have a backup plan in place in case anything happens. That way, you won’t lose productivity, even if your systems and networks are breached.

Conclusion

And that’s it! We hope these 10 tips for safe and secure remote working are just what you needed to read.

With careful planning and training, your team will be on its way to operating as securely as possible.

Are you curious about the history of cloud-based workflows, AKA the main reason businesses can operate and collaborate remotely? Then check out our podcast episode “The History of the Cloud.”

Sending Emails with JavaScript

Andriy Zapisotskyi — Tue, 16 Jun 2020 11:28:58 +0000

The guide about Sending emails with Javascript first appeared on Mailtrap blog.

JavaScript is a programming language that you can use for both front-end and back-end development. When the name JavaScript is used in the context of sending emails, Node.js is the first thing that comes to mind. We even blogged about how to send emails with Node.js. In this article, we want to change the perspective from the server-side to the client-side. Let’s figure out how you can use JS to send emails from the app that has no back-end.

FAQ: Can I send emails with JS or not?

You can’t send emails using JavaScript code alone due to lack of support for server sockets. For this, you need a server-side language that talks to the SMTP server. You can use JS in conjunction with a server script that will send emails from the browser based on your requests. This is the value we’re going to introduce below.

Why you might want to send emails with JS

Traditionally, the server-side of a regular app is responsible for sending emails. You will need to set up a server using back-end technology. The client-side sends a request to the server-side, which creates an email and sends it to the SMTP server. If you’re curious about what happens with an email after that, read our blog post, SMTP relay.

So, why would anyone be willing to go another way and send emails right from the client-side using JavaScript? Such an approach is quite useful for building contact forms or other kinds of user interaction on web apps, which allows your app to send an email without refreshing the page the user is interacting with. Besides, you don’t have to mess around with coding a server. This is a strong argument if your web app uses email sending for contact forms only. Below, you will find a few options on how to make your app send emails from the client-side.

mailto: for sending form data

Since you can't send an email directly with JS, you can tell the browser to open a default mail client to do so. Technically, the mailto:` method does not send email directly from the browser, but it can do the job. Check out how the following code example works:

FirstName:
Email:

When you launch it in the browser, you’ll see the following:

Once the data has been submitted, the browser opens a default mail client. In our case, this is Gmail.

The mailto: method is a rather easy solution to implement but it has some specific drawbacks:

You can’t control the layout of the data since the data is submitted in the form sent by the browser.
mailto: doesn’t protect your email address from being harvested by spambots. Some time ago, this could be mitigated by constructing a link in JS. These days, more and more bots run JS and do not rely on HTML rendered by the server alone.

SmtpJS.com - true email sending from JavaScript

SmtpJS is a free library you can use for sending emails from JavaScript. All you need is an SMTP server and a few manipulations to get things done. We’ll use Mailtrap.io as the server because it is an actionable solution for email testing. Below is the flow you should follow:

Create an HTML file (for example, test.html) with the following script:
Create a button that will trigger the JavaScript function
Write the JS function to send emails via SmtpJS.com.
function sendEmail() {
Email.send({
Host : "smtp.mailtrap.io",
Username : "",
Password : "",
To : 'recipient@example.com',
From : "sender@example.com",
Subject : "Test email",
Body:
}).then(
message => alert(message)
);
}
Run test.html in the browser and send your email

The drawback with the code sample above is that your username and password are visible in the client-side script. This can be fixed if you utilize the encryption option provided by SmtpJS. Click the Encrypt your SMTP credentials button and fill in the required fields.

After that, press Generate security token and use it then in your JS function instead of SMTP server settings like the following:
SecureToken : "<your generated token>"

Want to more code samples for an HTML email and an email with attachments? Check the full article at Mailtrap blog.

Sending emails with Node.js

Andriy Zapisotskyi — Mon, 15 Jun 2020 11:20:54 +0000

Sending emails from Node.js is easy. We have gone over it in our previous blog post on sending emails with Nodemailer. Last time we reviewed Nodemailer’s capabilities we focused on sending HTML emails via SMTP. In this post, we will examine how to send emails with Node.js using popular email servers like Gmail. Also, we will have a look at other transport options and packages to build and send emails from Node.js.

The "Send emails in Node.js" blog post originally was published on Mailtrap's blog.

Building and sending emails with Node.js without Nodemailer

In some guides and tutorials, you might find a note that there are a variety of Node.js email packages but Nodemailer is the best one. It’s not true. In fact, you can barely find a decent alternative to Nodemailer (and I can hardly imagine why you might need it.)

On Github, you can find several Node.js packages related to emails but they won’t offer you a wide functionality. With Nodemailer, you can create HTML emails with attachments and send them via SMTP, SES (wrapper for sending emails via AWS SES), or sendmail.

The most similar package is Emaijs. Its features include:

sending emails via SMTP servers (both SSL and TLS) with authentication
HTML support and MIME attachments (also, attachments can be added as strings, streams, or file paths)
asynchronous sending of queued emails
UTF-8 encoding in headers and body.

So, the main difference is that in Emailjs you will use MIME type to work with attachments, while in Nodemailer you use strings.

Another quite popular package is email-templates. As you can see from the name, this package is designed for creating various custom templates for Node.js. It features support for automatic inline CSS, stylesheets, embedded images, and fonts. Also, it has an email preview option. The email templates package was made by the creator of the Lad framework. So it’s recommended to use it with Lad.
One more package worth mentioning here is Mailgen. It is aimed at creating HTML templates for transactional emails. There is a note on Github, that with Mailgen you can “Programmatically create beautiful e-mails using plain old JavaScript.” The package includes several open-source themes as well as supports custom elements like tables, action buttons, etc. It is your choice how to send an email created with Mailgen, but they recommend checking out Nodemailer for this purpose.

As you can see from the above table, Nodemailer is the most popular package, which offers functionality for both email creation and email sending. It’s not limited to one sending method. But it won’t be easy to create a special email template. This is why it might be a good idea to use Nodemailer in combination with another package.

To find all related packages and plugins, search for nodemailer in npm.

Sending HTML emails with dynamic content

In our previous blog post, we reviewed several examples of sending HTML emails with Nodemailer, embedding images, and attaching files. In most cases, for transactional emails like registration confirmation or resetting passwords, you need to use dynamic content. It will be easier and more efficient to do it with one of the template modules.

Let’s experiment with the email-templates package. It has several interesting features:

Support for different template engines (Pug is a default one)
Email preview (by default) in the development environment
Direct email sending. So, you don’t need extra packages like Nodemailer for email sending.

First of all, let’s create our templates, for a frequently occurring scenario: new user registration. In this example, we are working with the default option (for more details and samples of using Pug, refer to Github.)

Install the template engine:

npm:

npm install email-templates pug

yarn:

yarn add email-templates pug

We should create two files: subject and HTML body.

subject.pug:

= `Hi ${firstName} ${lastName}, happy to see you at My App!`

html.pug:

h1 Hello #{firstName} #{lastName}
    p.
Welcome to My App! Now your test emails will be safe. We just need to make sure your account is real. 
Please, click the button below and start using your account. 
a(href='https://example.com/confirmation') Confirm!

Now make sure that your directory has the following structure:

├── app.js

├── emails

│ └── welcome (the template name)

│ ├── html.pug

│ ├── subject.pug

│ └── text.pug

Pay attention to the text part of your message: if you don’t include it, it will be generated automatically. But if you add it, it will be rendered automatically. This means that the content of the text and HTML parts may differ.

Now we can write some code to gather all the elements together and add transport. As usual, we will use Mailtrap, to be able to test and check everything. In the same way, you can use any other SMTP server like Gmail, for example. Just be careful if experimenting with real email addresses!

const Email = require('email-templates');
const email = new Email({
 message: {
   from: 'hi@example.com'
 },
 send: true,
 transport: {
   host: 'smtp.mailtrap.io',
   port: 2525,
   ssl: false,
   tls: true,
   auth: {
     user: '1a2b3c4d5e6f7g', // your Mailtrap username
     pass: '1a2b3c4d5e6f7g' //your Mailtrap password
   }
 }
});

const people = [
 {firstName: 'Diana', lastName: 'One'},
 {firstName: 'Alex', lastName: 'Another'}
];

people.forEach((person) => {
 email
   .send({
     template: 'welcome',
     message: {
       to: 'test@example.com'
     },
     locals: person
   })
   .then(console.log)
   .catch(console.error);
}).

By default, the preview of your email will be opened in your browser. It might be helpful if you are working on your template and don’t need to actually send the message. If you need to test how the variables work, and you compose a message to dozens or even hundreds of recipients, be careful with this option. To switch it off, specify options.open as false.

This is why we use Mailtrap: we will see how the message looks for each recipient, explore both HTML and text versions, and will be able to perform additional checks. With Pug and email-templates, you can build a complex template using CSS, inlined images, tables, etc. Here is an example of how it should look in the Mailtrap virtual inbox:

* HTML*

* Text*

Enjoyed the reading? Full guide in Node.js and Emails is available at Mailtrap blog.

PHP built-in mail function vs PHP mailing packages

Andriy Zapisotskyi — Wed, 01 Apr 2020 20:05:24 +0000

The article on Sending Emails in PHP was originally published at Mailtrap's blog.

PHP built-in mail function ()

There are two basic ways of sending emails with PHP: built-in mail function and external mail packages.

PHP’s built-in mail function () is very simple but at the same time, it provides a limited functionality for sending emails. You won’t be able to add attachments to your email, and building a beautiful HTML template with embedded images will be a tricky task as well.

The other side of the PHP mail function () is that the email is sent from your web server, which may cause issues with deliverability due to security concerns such as suspicion of spam and blacklisting. The best way to overcome this problem is sending messages via an SMTP server, however, this functionality is limited as well. PHP mail() does not usually allow you to use the external SMTP server and it does not support SMTP authentication.

In other words, I don’t recommend using the PHP built-in mail function() and advise you to avoid the headaches it may cause by installing an external mailer package.

If you are still committed to the PHP built-in mail function() and are ready to accept the challenge, let’s take a look at the basic code and its main parameters.

Syntax and parameters
The PHP mail syntax is pretty simple:

<?php
mail($to_email_address,$subject,$message,[$headers],[$parameters]);
?>

It uses the following parameters:

“$to” = your message recipient(s). The email address format may be user@example.com or User user@example.com. If there are several recipients, separate them with comma(-s).
“$subject” = your message’s subject “$message” = the body of your message. Lines should be separated with a CRLF (\r\n). Each line should not exceed 70 characters.
“[$headers]” = additional recipients of your message, which can be included in CC or BCC. Headers are optional, except for the “from” header: it must be specified, otherwise, you will receive an error message like Warning: mail(): "sendmail_from" not set in php.ini or custom "From:" header missing.

For more details and additional parameters, refer to the PHP documentation.

Sending HTML email using PHP mail() function

The body of the message can be written in HTML. However, as I’ve mentioned above, it should be simple. In the PHP mail function(), the HTML part will look like this:

// Message
$message = '
<html>
<head>
  <title>Review Request Reminder</title>
</head>
<body>
  <p>Here are the cases requiring your review in December:</p>
  <table>
    <tr>
      <th>Case title</th><th>Category</th><th>Status</th><th>Due date</th>
    </tr>
    <tr>
      <td>Case 1</td><td>Development</td><td>pending</td><td>Dec-20</td>
    </tr>
    <tr>
      <td>Case 1</td><td>DevOps</td><td>pending</td><td>Dec-21</td>
    </tr>
  </table>
</body>
</html>
';

It’s important to remember that to send HTML mail, you need to set the Content-type header...

Continue reading the full guide on sending emails in PHP originally on Mailtrap blog.

Mails and Node JS

Andriy Zapisotskyi — Wed, 01 Apr 2020 17:52:51 +0000

The "send emails in Node.js" blog post originally was published on Mailtrap's blog.

Building and sending emails with Node.js without Nodemailer

The most similar package is Emaijs. Its features include:

sending emails via SMTP servers (both SSL and TLS) with authentication
HTML support and MIME attachments (also, attachments can be added as strings, streams, or file paths)
asynchronous sending of queued emails
UTF-8 encoding in headers and body.

So, the main difference is that in Emailjs you will use MIME type to work with attachments, while in Nodemailer you use strings.

Another quite popular package is email-templates. As you can see from the name, this package is designed for creating various custom templates for Node.js. It features support for automatic inline CSS, stylesheets, embedded images, and fonts. Also, it has an email preview option. The email templates package was made by the creator of the Lad framework. So it’s recommended to use it with Lad.
One more package worth mentioning here is Mailgen. It is aimed at creating HTML templates for transactional emails. There is a note on Github, that with Mailgen you can “Programmatically create beautiful e-mails using plain old JavaScript.” The package includes several open-source themes as well as supports custom elements like tables, action buttons, etc. It is your choice how to send an email created with Mailgen, but they recommend checking out Nodemailer for this purpose.

To find all related packages and plugins, search for nodemailer in npm.

Sending HTML emails with dynamic content

Let’s experiment with the email-templates package. It has several interesting features:

Support for different template engines (Pug is a default one)
Email preview (by default) in the development environment
Direct email sending. So, you don’t need extra packages like Nodemailer for email sending.

Install the template engine:

npm:

npm install email-templates pug

yarn:

yarn add email-templates pug

We should create two files: subject and HTML body.

subject.pug:

= `Hi ${firstName} ${lastName}, happy to see you at My App!`

html.pug:

h1 Hello #{firstName} #{lastName}
    p.
Welcome to My App! Now your test emails will be safe. We just need to make sure your account is real. 
Please, click the button below and start using your account. 
a(href='https://example.com/confirmation') Confirm!

Now make sure that your directory has the following structure:

├── app.js

├── emails

│ └── welcome (the template name)

│ ├── html.pug

│ ├── subject.pug

│ └── text.pug

const Email = require('email-templates');
const email = new Email({
 message: {
   from: 'hi@example.com'
 },
 send: true,
 transport: {
   host: 'smtp.mailtrap.io',
   port: 2525,
   ssl: false,
   tls: true,
   auth: {
     user: '1a2b3c4d5e6f7g', // your Mailtrap username
     pass: '1a2b3c4d5e6f7g' //your Mailtrap password
   }
 }
});

const people = [
 {firstName: 'Diana', lastName: 'One'},
 {firstName: 'Alex', lastName: 'Another'}
];

people.forEach((person) => {
 email
   .send({
     template: 'welcome',
     message: {
       to: 'test@example.com'
     },
     locals: person
   })
   .then(console.log)
   .catch(console.error);
}).

* HTML*

* Text*

Sending Emails with Nodemailer and SMTP

If configuring a new message in Nodemailer, we always should start with creating a transport method. The most popular one is the SMTP server, which can be easily set up for the majority of email clients or sending providers (like Sendgrid, Outlook, Gmail, etc.) SMTP configuration will be very simple and similar. For more detailed instructions on how to use Nodemailer, refer to the “Sending emails with Nodemailer explained” blog post.

Here we will demonstrate how to send emails with Gmail as it requires some tricks related to authentication.

Sending emails with Gmail

To be able to use Gmail to send messages via your app, you should start with several account configurations.

If you use a plain password , then you should allow access for less secure apps.

If you are using 2-Step Verification , you should sign in with App Passwords. To create your password:

Go to the Security section of your Gmail account.
Choose App Passwords in the Signing into Google block.
Select the app and device from the list and press Generate.

Please note that you can use it for your personal account only. It’s not available for accounts that are a part of an organization.

What else you should remember when setting the Gmail SMTP:

Gmail will automatically set the authenticated username as the From email address. To change it, you should “Add another address you own”. You will find it in your Gmail account -> Settings-> Accounts. For more details, refer to this Google Help Center article.
Gmail has its own email limits. For free (trial) accounts, it’s only 500 emails per day. If you reach the limit, your account might be suspended.

Now, when you made all necessary configurations, let’s set up the Gmail SMTP as a transport in the Node.js app.

Gmail SMTP hostname is smtp.gmail.com, the port should be 465 for SSL connection or 587 for TLS.

var nodemailer = require('nodemailer');
var transporter = nodemailer.createTransport({
    host: 'smtp.gmail.com',
    port: 465,
    secure: true, // use SSL
    auth: {
        user: 'yourusername@gmail.com',
        pass: 'yourpassword'
    }
});

To avoid authentication issues, it is recommended to use oAuth2. Nodemailer requires an Access Token to perform authentication. Read the instructions on the Nodemailer documentation to proceed with this method.

Once you have retrieved client ID and client Secret, refresh token and enable Gmail API at API console. It is recommended to use bunyan logger:

const bunyan = require('bunyan');
const nodemailer = require('../lib/nodemailer');

let logger = bunyan.createLogger({
    name: 'nodemailer'
});
logger.level('trace');
// Create a SMTP transporter object
let transporter = nodemailer.createTransport(
    {
        service: 'Gmail',
        auth: {
            type: 'OAuth2',
            user: 'mail',
            clientId: 'clientid',
            clientSecret: 'clientsecret',
            refreshToken: 'refreshtoken',
            accessToken: 'accesstoken',
            expires: 12345
        },

Otherwise, to get an access token, you can use xoauth2 package.

Sending emails without SMTP

If you stick to one of the popular email sending providers like Sendgrid, Mandrill, Mailgun, or Postmark, you can integrate your Node.js app with their API directly.

For AWS SES, there is a wrapper around Nodemailer, node-ses. You can use aws-sdk directly, but node-ses provides a simpler way to send complex email templates with images and attachments.

Bottom line

If you are adding the email sending functionality to your Node.js app, most likely you will use Nodemailer. It is the simplest and most popular sending option compatible with other packages.

Besides, there are still options for how to send emails in Node.js without Nodemailer and without the SMTP server as well. Choose the option which best suits your current environment and needs. Just don’t forget to inspect and debug your test emails before delivering them to your customers.

A Checklist For Evaluating the Skills of a ROR Dev

Andriy Zapisotskyi — Wed, 16 Oct 2019 17:29:58 +0000

Any product manager dreams of having a team of superb developers. If a squad consists of first-rate engineers, the chances of building a first-tier product increase significantly.

Each company establishes its own requirements for candidates depending on the technology in question.

For example, a Python engineer has to know language-specific libraries like Laravel or Symfony, as well as paradigms, databases and other tools. For that reason, a universal set of requirements can not be used.

Specifically, what is needed when the goal is to hire a Ruby on Rails developer? The following checklist of soft and hard skills will be helpful in assessing a candidate’s expertise.

Soft skills

These skills do not refer to software engineering at all but are no less important to evaluating the entire personality of the candidate.

Empathy

That’s an integral component of teamwork. Empathy allows you to look at something from another person’s perspective. The skill also acts as a filter of what needs to be said and why.

Patience

This skill contains a very important component - respect. Being patient means respecting your teammates' opinion regardless of what you're discussing.

Communication

It’s important to differentiate between sociability and communicability. The latter is more important for team collaboration than the first one due to the focus on outcome. Effective communication consists of the ability to listen to others without interruption and clearly express one's own thoughts.

Hard skills

Technical expertise of the Rails developer consists of skills in the Ruby programming language, the Ruby on Rails framework, as well as supplementary knowledge of databases, front-end technologies, and other tools.

The language

The evaluation of skills in Ruby is based on two aspects. The first one is syntax, which is the reason many developers opt for this programming language. It is necessary to check the candidate’s knowledge of Ruby’s essential elements including basic data structures, methods, loops & iterators, variables, etc.

Another domain knowledge to take into account is object-oriented programming. Ruby is the OOP language that forces the Rails engineer to be familiar with the main concepts of the object-oriented paradigm like encapsulation, inheritance, duck typing, and others.

The framework

Rubyists do not limit their knowledge to one framework, but since the goal is to hire a Rails engineer, he or she must be a pro in the following things:

Structure

An app made in Rails has a structure based on the model-view-controller paradigm. Each layers is meant for specific tasks. The candidate must know them to differentiate between where the view is and where the business logic is.

ORM + Active Record

The experience in creating web apps entails the work with relational databases. ORM, which is referred to object-relational mapping, is a fundamental programming technique represented by versatile frameworks written in Ruby. Active Record is one of them that comes out-of-the-box.

Templating engines

As a rule, companies mention the knowledge of two of the most popular templating systems, ERB and HAML. However, the Ruby society offers other view engines like Slim, eRuby, and others.

Testing frameworks

Test-driven development is the approach widely used in building RoR apps. The framework lets you write tests easily and offers versatile testing tools. Knowledge of some of them, like RSpec or Minitest, is essential.

JSON API

The framework is often leveraged for building JSON APIs. For that reason, the candidate has to know oats of the concept of application programming interface and the JavaScript Object Notation data-interchange format.

Front-end

There is nothing extraordinary here. Three pillars of front-end development, HTML5, CSS, and JavaScript, are the essential expertise of any web developer. As for a Ruby on Rails engineer, these set of skills is a great bonus to his or her domain knowledge.

DB

Some background knowledge of database engines is also welcomed. In most cases, it refers to MySQL and PostgreSQL due to their popularity and widespread use. NoSQL DBs lag behind in popularity, but a basic understanding of the concept won’t hurt.

Code management

Git is a superb assistant for any software developer. The chances that the candidate has no idea about pull requests or new branches are quite low. However, it is better to check this out.

Deployment

The RoR teams prefer different deployment automation tools, including Heroku, Mina, Capistrano, and others. The broader list the candidate has, the better.

Project management

There are a plethora of PM tools nowadays. There is no guarantee that the candidate is familiar with the tool the company leverages. Nevertheless, his/her knowledge of some most popular tools, like Jira, Github, Trello, and others, should be checked as well.

The checklist is done. Depending on the policies or rules established in the company, it can and should be updated.

Share with me in the comment section what other skill would you add to my checklist. Penny for your thoughts :)

Till next time!