harmacist/healthchecks
1
0
Fork 0
forked from GithubBackups/healthchecks
Code Issues Pull Requests Projects Releases Wiki Activity

Remove unsigned token support in hc.front.views.unsubscribe_email

Browse Source
This commit is contained in:
Pēteris Caune 2021-07-16 12:01:44 +03:00
parent e186d039fc
commit b75b062559
No known key found for this signature in database
GPG Key ID: E28D7679E9A9EDE2
2 changed files with 24 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
hc/front/tests/test_unsubscribe_email.py
View File

@ -13,31 +13,24 @@ class UnsubscribeEmailTestCase(BaseTestCase):
self.channel.value = "alice@example.org" self.channel.value = "alice@example.org"
self.channel.save() self.channel.save()
def test_it_serves_confirmation_form(self): signer = TimestampSigner(salt="alerts")
token = self.channel.make_token() signed_token = signer.sign(self.channel.make_token())
url = "/integrations/%s/unsub/%s/" % (self.channel.code, token) self.url = f"/integrations/{self.channel.code}/unsub/{signed_token}/"
r = self.client.get(url) def test_it_serves_confirmation_form(self):
r = self.client.get(self.url)
self.assertContains(r, "Please press the button below") self.assertContains(r, "Please press the button below")
self.assertNotContains(r, "submit()") self.assertNotContains(r, "submit()")
def test_post_unsubscribes(self): def test_post_unsubscribes(self):
token = self.channel.make_token() r = self.client.post(self.url)
url = "/integrations/%s/unsub/%s/" % (self.channel.code, token)
r = self.client.post(url)
self.assertContains(r, "has been unsubscribed", status_code=200) self.assertContains(r, "has been unsubscribed", status_code=200)
q = Channel.objects.filter(code=self.channel.code) q = Channel.objects.filter(code=self.channel.code)
self.assertEqual(q.count(), 0) self.assertEqual(q.count(), 0)
def test_fresh_signature_does_not_autosubmit(self): def test_fresh_signature_does_not_autosubmit(self):
signer = TimestampSigner(salt="alerts") r = self.client.get(self.url)
signed_token = signer.sign(self.channel.make_token())
url = "/integrations/%s/unsub/%s/" % (self.channel.code, signed_token)
r = self.client.get(url)
self.assertContains( self.assertContains(
r, "Please press the button below to unsubscribe", status_code=200 r, "Please press the button below to unsubscribe", status_code=200
) )
@ -49,7 +42,7 @@ class UnsubscribeEmailTestCase(BaseTestCase):
signer = TimestampSigner(salt="alerts") signer = TimestampSigner(salt="alerts")
signed_token = signer.sign(self.channel.make_token()) signed_token = signer.sign(self.channel.make_token())
url = "/integrations/%s/unsub/%s/" % (self.channel.code, signed_token) url = f"/integrations/{self.channel.code}/unsub/{signed_token}/"
r = self.client.get(url) r = self.client.get(url)
self.assertContains( self.assertContains(
@ -59,13 +52,13 @@ class UnsubscribeEmailTestCase(BaseTestCase):
def test_it_checks_signature(self): def test_it_checks_signature(self):
signed_token = self.channel.make_token() + ":bad:signature" signed_token = self.channel.make_token() + ":bad:signature"
url = "/integrations/%s/unsub/%s/" % (self.channel.code, signed_token) url = f"/integrations/{self.channel.code}/unsub/{signed_token}/"
r = self.client.get(url) r = self.client.get(url)
self.assertContains(r, "link you just used is incorrect", status_code=200) self.assertContains(r, "link you just used is incorrect", status_code=200)
def test_it_checks_token(self): def test_it_checks_token(self):
url = "/integrations/%s/unsub/faketoken/" % self.channel.code url = f"/integrations/{self.channel.code}/unsub/faketoken/"
r = self.client.get(url) r = self.client.get(url)
self.assertContains(r, "link you just used is incorrect", status_code=200) self.assertContains(r, "link you just used is incorrect", status_code=200)
@ -74,8 +67,5 @@ class UnsubscribeEmailTestCase(BaseTestCase):
self.channel.kind = "webhook" self.channel.kind = "webhook"
self.channel.save() self.channel.save()
token = self.channel.make_token() r = self.client.get(self.url)
url = "/integrations/%s/unsub/%s/" % (self.channel.code, token)
r = self.client.get(url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)

28
hc/front/views.py
View File

@ -880,27 +880,25 @@ def verify_email(request, code, token):
@csrf_exempt @csrf_exempt
def unsubscribe_email(request, code, signed_token): def unsubscribe_email(request, code, signed_token):
ctx = {}
# Some email servers open links in emails to check for malicious content. # Some email servers open links in emails to check for malicious content.
# To work around this, on GET requests we serve a confirmation form. # To work around this, on GET requests we serve a confirmation form.
# If the signature is at least 5 minutes old, we also include JS code to # If the signature is at least 5 minutes old, we also include JS code to
# auto-submit the form. # auto-submit the form.
ctx = {} signer = signing.TimestampSigner(salt="alerts")
if ":" in signed_token:
signer = signing.TimestampSigner(salt="alerts")
# First, check the signature without looking at the timestamp:
try:
token = signer.unsign(signed_token)
except signing.BadSignature:
return render(request, "bad_link.html")
# Check if timestamp is older than 5 minutes: # First, check the signature without looking at the timestamp:
try: try:
signer.unsign(signed_token, max_age=300) token = signer.unsign(signed_token)
except signing.SignatureExpired: except signing.BadSignature:
ctx["autosubmit"] = True return render(request, "bad_link.html")
else: # Then, check if timestamp is older than 5 minutes:
token = signed_token try:
signer.unsign(signed_token, max_age=300)
except signing.SignatureExpired:
ctx["autosubmit"] = True
channel = get_object_or_404(Channel, code=code, kind="email") channel = get_object_or_404(Channel, code=code, kind="email")
if channel.make_token() != token: if channel.make_token() != token: