Building a Salesforce Form using Sites that is Time-bombed











up vote
1
down vote

favorite












Project



Build a form off salesforce that can be sent to clients to collect information. Sent by email through salesforce as a button available to sales users off the account record



Requirements




  • Secure

  • Link is time-bombed to 24 hours to prevent re-entry updates

  • Updates account record validates information lightly upfront


What I Currently have Accomplished




  • Built Visualforce form off sites


  • validation rules are written off jQuery



What I could use advice with




  • How to create a time bombed link to send to each customer listed on the record


  • How to send the form to each client with its information feeding back to the sending record.



Any help is appreciated! I'm looking for a discussion on the topic mostly.
If what I ask is impossible feel free to poke holes.






visualforce email account form hyperlink







share|improve this question


























    up vote
    1
    down vote

    favorite












    Project



    Build a form off salesforce that can be sent to clients to collect information. Sent by email through salesforce as a button available to sales users off the account record



    Requirements




    • Secure

    • Link is time-bombed to 24 hours to prevent re-entry updates

    • Updates account record validates information lightly upfront


    What I Currently have Accomplished




    • Built Visualforce form off sites


    • validation rules are written off jQuery



    What I could use advice with




    • How to create a time bombed link to send to each customer listed on the record


    • How to send the form to each client with its information feeding back to the sending record.



    Any help is appreciated! I'm looking for a discussion on the topic mostly.
    If what I ask is impossible feel free to poke holes.






    visualforce email account form hyperlink







    share|improve this question
























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      Project



      Build a form off salesforce that can be sent to clients to collect information. Sent by email through salesforce as a button available to sales users off the account record



      Requirements




      • Secure

      • Link is time-bombed to 24 hours to prevent re-entry updates

      • Updates account record validates information lightly upfront


      What I Currently have Accomplished




      • Built Visualforce form off sites


      • validation rules are written off jQuery



      What I could use advice with




      • How to create a time bombed link to send to each customer listed on the record


      • How to send the form to each client with its information feeding back to the sending record.



      Any help is appreciated! I'm looking for a discussion on the topic mostly.
      If what I ask is impossible feel free to poke holes.






      visualforce email account form hyperlink







      share|improve this question













      Project



      Build a form off salesforce that can be sent to clients to collect information. Sent by email through salesforce as a button available to sales users off the account record



      Requirements




      • Secure

      • Link is time-bombed to 24 hours to prevent re-entry updates

      • Updates account record validates information lightly upfront


      What I Currently have Accomplished




      • Built Visualforce form off sites


      • validation rules are written off jQuery



      What I could use advice with




      • How to create a time bombed link to send to each customer listed on the record


      • How to send the form to each client with its information feeding back to the sending record.



      Any help is appreciated! I'm looking for a discussion on the topic mostly.
      If what I ask is impossible feel free to poke holes.






      visualforce email account form hyperlink




      visualforce email account form hyperlink






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 30 at 20:13









      Ryan Sherry

      83




      83






















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          3
          down vote



          accepted










          You could certainly create an expiring token to "time bomb" your page. The following steps should provide an outline:




          • Add a field named Form_Token__c Text (32)

          • Add a Time Based Workflow Rule to clear the value after 24 hours


          • Update any triggers on your object (or add one if none exist) to set this token value





            • Since I have been looking at how to generate a UUID, the following code springs to mind:



              record.Form_Token__c = EncodingUtil.ConvertTohex(Crypto.GenerateAESKey(128));





          • Add this property to your controller:



            public Boolean getHasValidToken()
            
{
            
    String token = ApexPages.currentPage().getParameters.get('token');
            
    return (token != null && token == record.Form_Token__c);
            
}


          • Merge token={!record.Form_Token__c} into your url


          • Update your markup to key on the hasValidToken value, something like below:



            <apex:page controller="...">
            
    <apex:pageMessage summary="<expiry notice>" rendered="{!NOT(hasValidToken)}" />
            
    <apex:outputPanel layout="none" rendered="{!hasValidToken}"> 
            
        <!-- existing markup -->
            
    </apex:outputPanel>
            
</apex:page>







          share|improve this answer





















          • First of all Adrian, you are the man for answering this so fast! Second, let me dive into this and I'll get back to you. Appreciate this a ton.
            – Ryan Sherry
            Nov 30 at 20:29










          • will that be good to put expiry dateTime in the record? and check if the current date is less than expiry dateTime? wont need workflow then, also in case you wana make that link valid(any reason), you can just extend the expiry date. instead of sending new link again?
            – Pranay Jaiswal
            Nov 30 at 21:01






          • 1




            I thought about adding expiry date on the question, and it was in my initial writeup. But honestly it is way better to manage the interval in configuration if you can.
            – Adrian Larson
            Nov 30 at 21:30


















          up vote
          1
          down vote













          Another thought...



          You could store a secret key in a custom setting or custom metadata. When you generate a link, it will have an expiry timestamp parameter, a customer ID parameter and a hash parameter.



          The hash would be generated in Apex by appending the timestamp and the ID into one string, encrypting it with the secret key, generating a MD5 digest, and then converting to hexadecimal.



          When the page is visited, Apex would validate the hash by attempting to recalculate it from the secret and the other parameters. If the output matches the hash in the URL, it's legit and they're allowed in.



          What's nice about this approach is, the whole request is tamper proof. You can add more parameters and add them to the hash algorithm, and the URL will only be valid for exactly that same combination of parameters it was generated for. Also you don't have to actually store any information about ongoing validity of tokens. You can simply authenticate whether a request was genuine and unexpired on-the-fly.






          share|improve this answer























          • This is great thank you for such a thought out response. I'll look into this further once I am farther along with my project.
            – Ryan Sherry
            Dec 3 at 19:31











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "459"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f241092%2fbuilding-a-salesforce-form-using-sites-that-is-time-bombed%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          3
          down vote



          accepted










          You could certainly create an expiring token to "time bomb" your page. The following steps should provide an outline:




          • Add a field named Form_Token__c Text (32)

          • Add a Time Based Workflow Rule to clear the value after 24 hours


          • Update any triggers on your object (or add one if none exist) to set this token value





            • Since I have been looking at how to generate a UUID, the following code springs to mind:



              record.Form_Token__c = EncodingUtil.ConvertTohex(Crypto.GenerateAESKey(128));





          • Add this property to your controller:



            public Boolean getHasValidToken()
            
{
            
    String token = ApexPages.currentPage().getParameters.get('token');
            
    return (token != null && token == record.Form_Token__c);
            
}


          • Merge token={!record.Form_Token__c} into your url


          • Update your markup to key on the hasValidToken value, something like below:



            <apex:page controller="...">
            
    <apex:pageMessage summary="<expiry notice>" rendered="{!NOT(hasValidToken)}" />
            
    <apex:outputPanel layout="none" rendered="{!hasValidToken}"> 
            
        <!-- existing markup -->
            
    </apex:outputPanel>
            
</apex:page>







          share|improve this answer





















          • First of all Adrian, you are the man for answering this so fast! Second, let me dive into this and I'll get back to you. Appreciate this a ton.
            – Ryan Sherry
            Nov 30 at 20:29










          • will that be good to put expiry dateTime in the record? and check if the current date is less than expiry dateTime? wont need workflow then, also in case you wana make that link valid(any reason), you can just extend the expiry date. instead of sending new link again?
            – Pranay Jaiswal
            Nov 30 at 21:01






          • 1




            I thought about adding expiry date on the question, and it was in my initial writeup. But honestly it is way better to manage the interval in configuration if you can.
            – Adrian Larson
            Nov 30 at 21:30















          up vote
          3
          down vote



          accepted










          You could certainly create an expiring token to "time bomb" your page. The following steps should provide an outline:




          • Add a field named Form_Token__c Text (32)

          • Add a Time Based Workflow Rule to clear the value after 24 hours


          • Update any triggers on your object (or add one if none exist) to set this token value





            • Since I have been looking at how to generate a UUID, the following code springs to mind:



              record.Form_Token__c = EncodingUtil.ConvertTohex(Crypto.GenerateAESKey(128));





          • Add this property to your controller:



            public Boolean getHasValidToken()
            
{
            
    String token = ApexPages.currentPage().getParameters.get('token');
            
    return (token != null && token == record.Form_Token__c);
            
}


          • Merge token={!record.Form_Token__c} into your url


          • Update your markup to key on the hasValidToken value, something like below:



            <apex:page controller="...">
            
    <apex:pageMessage summary="<expiry notice>" rendered="{!NOT(hasValidToken)}" />
            
    <apex:outputPanel layout="none" rendered="{!hasValidToken}"> 
            
        <!-- existing markup -->
            
    </apex:outputPanel>
            
</apex:page>







          share|improve this answer





















          • First of all Adrian, you are the man for answering this so fast! Second, let me dive into this and I'll get back to you. Appreciate this a ton.
            – Ryan Sherry
            Nov 30 at 20:29










          • will that be good to put expiry dateTime in the record? and check if the current date is less than expiry dateTime? wont need workflow then, also in case you wana make that link valid(any reason), you can just extend the expiry date. instead of sending new link again?
            – Pranay Jaiswal
            Nov 30 at 21:01






          • 1




            I thought about adding expiry date on the question, and it was in my initial writeup. But honestly it is way better to manage the interval in configuration if you can.
            – Adrian Larson
            Nov 30 at 21:30













          up vote
          3
          down vote



          accepted







          up vote
          3
          down vote



          accepted






          You could certainly create an expiring token to "time bomb" your page. The following steps should provide an outline:




          • Add a field named Form_Token__c Text (32)

          • Add a Time Based Workflow Rule to clear the value after 24 hours


          • Update any triggers on your object (or add one if none exist) to set this token value





            • Since I have been looking at how to generate a UUID, the following code springs to mind:



              record.Form_Token__c = EncodingUtil.ConvertTohex(Crypto.GenerateAESKey(128));





          • Add this property to your controller:



            public Boolean getHasValidToken()
            
{
            
    String token = ApexPages.currentPage().getParameters.get('token');
            
    return (token != null && token == record.Form_Token__c);
            
}


          • Merge token={!record.Form_Token__c} into your url


          • Update your markup to key on the hasValidToken value, something like below:



            <apex:page controller="...">
            
    <apex:pageMessage summary="<expiry notice>" rendered="{!NOT(hasValidToken)}" />
            
    <apex:outputPanel layout="none" rendered="{!hasValidToken}"> 
            
        <!-- existing markup -->
            
    </apex:outputPanel>
            
</apex:page>







          share|improve this answer












          You could certainly create an expiring token to "time bomb" your page. The following steps should provide an outline:




          • Add a field named Form_Token__c Text (32)

          • Add a Time Based Workflow Rule to clear the value after 24 hours


          • Update any triggers on your object (or add one if none exist) to set this token value





            • Since I have been looking at how to generate a UUID, the following code springs to mind:



              record.Form_Token__c = EncodingUtil.ConvertTohex(Crypto.GenerateAESKey(128));





          • Add this property to your controller:



            public Boolean getHasValidToken()
            
{
            
    String token = ApexPages.currentPage().getParameters.get('token');
            
    return (token != null && token == record.Form_Token__c);
            
}


          • Merge token={!record.Form_Token__c} into your url


          • Update your markup to key on the hasValidToken value, something like below:



            <apex:page controller="...">
            
    <apex:pageMessage summary="<expiry notice>" rendered="{!NOT(hasValidToken)}" />
            
    <apex:outputPanel layout="none" rendered="{!hasValidToken}"> 
            
        <!-- existing markup -->
            
    </apex:outputPanel>
            
</apex:page>








          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 30 at 20:27









          Adrian Larson

          104k19112235




          104k19112235












          • First of all Adrian, you are the man for answering this so fast! Second, let me dive into this and I'll get back to you. Appreciate this a ton.
            – Ryan Sherry
            Nov 30 at 20:29










          • will that be good to put expiry dateTime in the record? and check if the current date is less than expiry dateTime? wont need workflow then, also in case you wana make that link valid(any reason), you can just extend the expiry date. instead of sending new link again?
            – Pranay Jaiswal
            Nov 30 at 21:01






          • 1




            I thought about adding expiry date on the question, and it was in my initial writeup. But honestly it is way better to manage the interval in configuration if you can.
            – Adrian Larson
            Nov 30 at 21:30


















          • First of all Adrian, you are the man for answering this so fast! Second, let me dive into this and I'll get back to you. Appreciate this a ton.
            – Ryan Sherry
            Nov 30 at 20:29










          • will that be good to put expiry dateTime in the record? and check if the current date is less than expiry dateTime? wont need workflow then, also in case you wana make that link valid(any reason), you can just extend the expiry date. instead of sending new link again?
            – Pranay Jaiswal
            Nov 30 at 21:01






          • 1




            I thought about adding expiry date on the question, and it was in my initial writeup. But honestly it is way better to manage the interval in configuration if you can.
            – Adrian Larson
            Nov 30 at 21:30
















          First of all Adrian, you are the man for answering this so fast! Second, let me dive into this and I'll get back to you. Appreciate this a ton.
          – Ryan Sherry
          Nov 30 at 20:29




          First of all Adrian, you are the man for answering this so fast! Second, let me dive into this and I'll get back to you. Appreciate this a ton.
          – Ryan Sherry
          Nov 30 at 20:29












          will that be good to put expiry dateTime in the record? and check if the current date is less than expiry dateTime? wont need workflow then, also in case you wana make that link valid(any reason), you can just extend the expiry date. instead of sending new link again?
          – Pranay Jaiswal
          Nov 30 at 21:01




          will that be good to put expiry dateTime in the record? and check if the current date is less than expiry dateTime? wont need workflow then, also in case you wana make that link valid(any reason), you can just extend the expiry date. instead of sending new link again?
          – Pranay Jaiswal
          Nov 30 at 21:01




          1




          1




          I thought about adding expiry date on the question, and it was in my initial writeup. But honestly it is way better to manage the interval in configuration if you can.
          – Adrian Larson
          Nov 30 at 21:30




          I thought about adding expiry date on the question, and it was in my initial writeup. But honestly it is way better to manage the interval in configuration if you can.
          – Adrian Larson
          Nov 30 at 21:30












          up vote
          1
          down vote













          Another thought...



          You could store a secret key in a custom setting or custom metadata. When you generate a link, it will have an expiry timestamp parameter, a customer ID parameter and a hash parameter.



          The hash would be generated in Apex by appending the timestamp and the ID into one string, encrypting it with the secret key, generating a MD5 digest, and then converting to hexadecimal.



          When the page is visited, Apex would validate the hash by attempting to recalculate it from the secret and the other parameters. If the output matches the hash in the URL, it's legit and they're allowed in.



          What's nice about this approach is, the whole request is tamper proof. You can add more parameters and add them to the hash algorithm, and the URL will only be valid for exactly that same combination of parameters it was generated for. Also you don't have to actually store any information about ongoing validity of tokens. You can simply authenticate whether a request was genuine and unexpired on-the-fly.






          share|improve this answer























          • This is great thank you for such a thought out response. I'll look into this further once I am farther along with my project.
            – Ryan Sherry
            Dec 3 at 19:31















          up vote
          1
          down vote













          Another thought...



          You could store a secret key in a custom setting or custom metadata. When you generate a link, it will have an expiry timestamp parameter, a customer ID parameter and a hash parameter.



          The hash would be generated in Apex by appending the timestamp and the ID into one string, encrypting it with the secret key, generating a MD5 digest, and then converting to hexadecimal.



          When the page is visited, Apex would validate the hash by attempting to recalculate it from the secret and the other parameters. If the output matches the hash in the URL, it's legit and they're allowed in.



          What's nice about this approach is, the whole request is tamper proof. You can add more parameters and add them to the hash algorithm, and the URL will only be valid for exactly that same combination of parameters it was generated for. Also you don't have to actually store any information about ongoing validity of tokens. You can simply authenticate whether a request was genuine and unexpired on-the-fly.






          share|improve this answer























          • This is great thank you for such a thought out response. I'll look into this further once I am farther along with my project.
            – Ryan Sherry
            Dec 3 at 19:31













          up vote
          1
          down vote










          up vote
          1
          down vote









          Another thought...



          You could store a secret key in a custom setting or custom metadata. When you generate a link, it will have an expiry timestamp parameter, a customer ID parameter and a hash parameter.



          The hash would be generated in Apex by appending the timestamp and the ID into one string, encrypting it with the secret key, generating a MD5 digest, and then converting to hexadecimal.



          When the page is visited, Apex would validate the hash by attempting to recalculate it from the secret and the other parameters. If the output matches the hash in the URL, it's legit and they're allowed in.



          What's nice about this approach is, the whole request is tamper proof. You can add more parameters and add them to the hash algorithm, and the URL will only be valid for exactly that same combination of parameters it was generated for. Also you don't have to actually store any information about ongoing validity of tokens. You can simply authenticate whether a request was genuine and unexpired on-the-fly.






          share|improve this answer














          Another thought...



          You could store a secret key in a custom setting or custom metadata. When you generate a link, it will have an expiry timestamp parameter, a customer ID parameter and a hash parameter.



          The hash would be generated in Apex by appending the timestamp and the ID into one string, encrypting it with the secret key, generating a MD5 digest, and then converting to hexadecimal.



          When the page is visited, Apex would validate the hash by attempting to recalculate it from the secret and the other parameters. If the output matches the hash in the URL, it's legit and they're allowed in.



          What's nice about this approach is, the whole request is tamper proof. You can add more parameters and add them to the hash algorithm, and the URL will only be valid for exactly that same combination of parameters it was generated for. Also you don't have to actually store any information about ongoing validity of tokens. You can simply authenticate whether a request was genuine and unexpired on-the-fly.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Dec 1 at 3:22

























          answered Nov 30 at 23:36









          Charles T

          6,1511720




          6,1511720












          • This is great thank you for such a thought out response. I'll look into this further once I am farther along with my project.
            – Ryan Sherry
            Dec 3 at 19:31


















          • This is great thank you for such a thought out response. I'll look into this further once I am farther along with my project.
            – Ryan Sherry
            Dec 3 at 19:31
















          This is great thank you for such a thought out response. I'll look into this further once I am farther along with my project.
          – Ryan Sherry
          Dec 3 at 19:31




          This is great thank you for such a thought out response. I'll look into this further once I am farther along with my project.
          – Ryan Sherry
          Dec 3 at 19:31


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Salesforce Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f241092%2fbuilding-a-salesforce-form-using-sites-that-is-time-bombed%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Quarter-circle Tiles

          Image
          up vote 0 down vote favorite I have $99$ identical square tiles, each with a quarter-circle drawn on it like this: [asy] size(1.5cm); draw(Arc((2,0),1,90,180),red+1); draw((0,0)--(2,0)--(2,2)--(0,2)--(0,0)); [/asy] When I arrange the tiles in a $9times 11$ rectangular grid, each with a random orientation, what is the expected value of the number of full circles I form? I think this problem has to do with finding the chance any given 2x2 square has a circle, but I can't find it. expected-value share | cite | improve this question asked Nov 20 at 15:03 6minecraftninja 1 2
          Read more

          build a pushdown automaton that recognizes the reverse language of a given pushdown automaton?

          Image
          0 I think it's similiar to NFAs. I replace the finite states of the given automaton for start-states for my new automaton. I do it with $epsilon$ -transition from the start state to the actual finite states of the given automaton. The start state of the given automaton will be my accepting(finite) state of my new one. All transitions will be reversed of course to recognize the reversed word. But how do I have to change the stack of the pushdown automaton? That's tricky. formal-languages automata context-free-grammar share | cite | improve this question edited Nov 29 '18 at 14:20 joee
          Read more

          Mont Emei

          Image
          Mont Emei.mw-parser-output .entete.map{background-image:url("//upload.wikimedia.org/wikipedia/commons/7/7a/Picto_infobox_map.png")} Vue du sommet Wanfo du mont Emei Géographie Altitude 3 099  m , Wanfo Coordonnées 29° 31′ 11″ nord, 103° 19′ 57″ est Administration Pays   Chine Province Sichuan Ville-préfecture Leshan Géolocalisation sur la carte : Sichuan Mont Emei Géolocalisation sur la carte : Chine Mont Emei modifier   Paysage panoramique du mont Emei, incluant le paysage panoramique du grand Bouddha de Leshan *   Patrimoine mondial de l'UNESCO Passerelle en bois sur le versant ouest Pays   Chine Subdivision Sichuan Type Mixte Critères (iv) (vi) (x) Superficie 15 400 ha Numéro d’identification 779 Zone géographique Asie et Pacifique  ** Année d’inscription 1996 (20 e session) * Descriptif officiel UNESCO ** Classification géog
          Read more