Change Details

As a user, when I click submit I expect an email containing my report to be sent to foundation email address. [ ] create an API endpoint to handle sending emails [ ] the endpoint should be rate limited

The incident report form is a client-side application. When the user clicks the submit button, we will POST the data to a [REST API endpoint](https://www.mediawiki.org/wiki/API:REST_API) managed by the ReportIncident extension. The API endpoint should: - require the user to be authenticated to submit - validate the POST body for the following: - user ID of submitter - user ID of alleged harasser - revision ID for the page, when the user launched the "report" app - comment ID (optional, used if report button clicked in context of the comment) - topic ID / heading text (used if report button clicked in context of the header, also sent as additional metadata to help locate a comment in a page) - report text - ? (any other fields in the form, each one listed as a parameter) For validated POST body, the endpoint should then: - send an email containing contents (email content to be determined, cc @Madalina to create a separate task to document what the email subject line and contents should look like) to a list of email addresses determined by a configuration variable in extension.json - in the HTTP response, provide a success/failure message and code, so that the client-side app can inform the user in case of failure. The API endpoint should have rate limits (TBD in consultation with @Madalina) in place for authenticated users, as a basic precaution to limit abuse. User story: As a user, when I click submit I expect an email containing my report to be sent to foundation email address. [ ] create an API endpoint to handle sending emails [ ] the endpoint should be rate limited

The incident report form is a client-side application. When the user clicks the submit button, we will POST the data to a [REST API endpoint](https://www.mediawiki.org/wiki/API:REST_API) managed by the ReportIncident extension. The API endpoint should: - require the user to be authenticated to submit - validate the POST body for the following: - user ID of submitter - user ID of alleged harasser - revision ID for the page, when the user launched the "report" app - comment ID (optional, used if report button clicked in context of the comment) - topic ID / heading text (used if report button clicked in context of the header, also sent as additional metadata to help locate a comment in a page) - report text - ? (any other fields in the form, each one listed as a parameter) For validated POST body, the endpoint should then: - send an email containing contents (email content to be determined, cc @Madalina to create a separate task to document what the email subject line and contents should look like) to a list of email addresses determined by a configuration variable in extension.json - in the HTTP response, provide a success/failure message and code, so that the client-side app can inform the user in case of failure. The API endpoint should have rate limits (TBD in consultation with @Madalina) in place for authenticated users, as a basic precaution to limit abuse. User story: As a user, when I click submit I expect an email containing my report to be sent to foundation email address. [ ] create an API endpoint to handle sending emails [ ] the endpoint should be rate limited