harmacist/healthchecks
1
0
Fork 0
forked from GithubBackups/healthchecks
Code Issues Pull Requests Projects Releases Wiki Activity

Remove obsolete signature checking code in accounts.views.unsubscribe_reports

Browse Source
This commit is contained in:
Pēteris Caune 2018-05-25 23:38:02 +03:00
parent bf1af1c0d5
commit 7ced981d45
No known key found for this signature in database
GPG Key ID: E28D7679E9A9EDE2
2 changed files with 9 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
hc/accounts/tests/test_unsubscribe_reports.py
View File

@ -7,14 +7,15 @@ from hc.test import BaseTestCase
class UnsubscribeReportsTestCase(BaseTestCase): class UnsubscribeReportsTestCase(BaseTestCase):
def test_token_works(self): def test_it_unsubscribes(self):
self.profile.next_report_date = now() self.profile.next_report_date = now()
self.profile.nag_period = td(hours=1) self.profile.nag_period = td(hours=1)
self.profile.next_nag_date = now() self.profile.next_nag_date = now()
self.profile.save() self.profile.save()
token = signing.Signer().sign("foo") sig = signing.TimestampSigner(salt="reports").sign("alice")
url = "/accounts/unsubscribe_reports/alice/?token=%s" % token url = "/accounts/unsubscribe_reports/%s/" % sig
r = self.client.get(url) r = self.client.get(url)
self.assertContains(r, "You have been unsubscribed") self.assertContains(r, "You have been unsubscribed")
@ -25,20 +26,6 @@ class UnsubscribeReportsTestCase(BaseTestCase):
self.assertEqual(self.profile.nag_period.total_seconds(), 0) self.assertEqual(self.profile.nag_period.total_seconds(), 0)
self.assertIsNone(self.profile.next_nag_date) self.assertIsNone(self.profile.next_nag_date)
def test_bad_token_gets_rejected(self):
url = "/accounts/unsubscribe_reports/alice/?token=invalid"
r = self.client.get(url)
self.assertContains(r, "Incorrect Link")
def test_signed_username_works(self):
sig = signing.TimestampSigner(salt="reports").sign("alice")
url = "/accounts/unsubscribe_reports/%s/" % sig
r = self.client.get(url)
self.assertContains(r, "You have been unsubscribed")
self.profile.refresh_from_db()
self.assertFalse(self.profile.reports_allowed)
def test_bad_signature_gets_rejected(self): def test_bad_signature_gets_rejected(self):
url = "/accounts/unsubscribe_reports/invalid/" url = "/accounts/unsubscribe_reports/invalid/"
r = self.client.get(url) r = self.client.get(url)

19
hc/accounts/views.py
View File

@ -352,20 +352,11 @@ def change_email_done(request):
def unsubscribe_reports(request, username): def unsubscribe_reports(request, username):
if ":" in username: signer = signing.TimestampSigner(salt="reports")
signer = signing.TimestampSigner(salt="reports") try:
try: username = signer.unsign(username)
username = signer.unsign(username) except signing.BadSignature:
except signing.BadSignature: return render(request, "bad_link.html")
return render(request, "bad_link.html")
else:
# Username is not signed but there should be a ?token=... parameter
# This is here for backwards compatibility and will be removed
# at some point.
try:
signing.Signer().unsign(request.GET.get("token", ""))
except signing.BadSignature:
return render(request, "bad_link.html")
user = User.objects.get(username=username) user = User.objects.get(username=username)
profile = Profile.objects.for_user(user) profile = Profile.objects.for_user(user)