Remove unsigned token support in hc.front.views.unsubscribe_email

2021-07-16 12:01:44 +03:00 · 2021-07-16 12:01:44 +03:00 · b75b062559
commit b75b062559
parent e186d039fc
2 changed files with 24 additions and 36 deletions
--- a/hc/front/tests/test_unsubscribe_email.py
+++ b/hc/front/tests/test_unsubscribe_email.py
@ -13,31 +13,24 @@ class UnsubscribeEmailTestCase(BaseTestCase):
        self.channel.value = "alice@example.org"
        self.channel.save()

-    def test_it_serves_confirmation_form(self):
-        token = self.channel.make_token()
-        url = "/integrations/%s/unsub/%s/" % (self.channel.code, token)
+        signer = TimestampSigner(salt="alerts")
+        signed_token = signer.sign(self.channel.make_token())
+        self.url = f"/integrations/{self.channel.code}/unsub/{signed_token}/"

-        r = self.client.get(url)
+    def test_it_serves_confirmation_form(self):
+        r = self.client.get(self.url)
        self.assertContains(r, "Please press the button below")
        self.assertNotContains(r, "submit()")

    def test_post_unsubscribes(self):
-        token = self.channel.make_token()
-        url = "/integrations/%s/unsub/%s/" % (self.channel.code, token)
-
-        r = self.client.post(url)
+        r = self.client.post(self.url)
        self.assertContains(r, "has been unsubscribed", status_code=200)

        q = Channel.objects.filter(code=self.channel.code)
        self.assertEqual(q.count(), 0)

    def test_fresh_signature_does_not_autosubmit(self):
-        signer = TimestampSigner(salt="alerts")
-        signed_token = signer.sign(self.channel.make_token())
-
-        url = "/integrations/%s/unsub/%s/" % (self.channel.code, signed_token)
-
-        r = self.client.get(url)
+        r = self.client.get(self.url)
        self.assertContains(
            r, "Please press the button below to unsubscribe", status_code=200
        )
@ -49,7 +42,7 @@ class UnsubscribeEmailTestCase(BaseTestCase):
            signer = TimestampSigner(salt="alerts")
            signed_token = signer.sign(self.channel.make_token())

-        url = "/integrations/%s/unsub/%s/" % (self.channel.code, signed_token)
+        url = f"/integrations/{self.channel.code}/unsub/{signed_token}/"

        r = self.client.get(url)
        self.assertContains(
@ -59,13 +52,13 @@ class UnsubscribeEmailTestCase(BaseTestCase):

    def test_it_checks_signature(self):
        signed_token = self.channel.make_token() + ":bad:signature"
-        url = "/integrations/%s/unsub/%s/" % (self.channel.code, signed_token)
+        url = f"/integrations/{self.channel.code}/unsub/{signed_token}/"

        r = self.client.get(url)
        self.assertContains(r, "link you just used is incorrect", status_code=200)

    def test_it_checks_token(self):
-        url = "/integrations/%s/unsub/faketoken/" % self.channel.code
+        url = f"/integrations/{self.channel.code}/unsub/faketoken/"

        r = self.client.get(url)
        self.assertContains(r, "link you just used is incorrect", status_code=200)
@ -74,8 +67,5 @@ class UnsubscribeEmailTestCase(BaseTestCase):
        self.channel.kind = "webhook"
        self.channel.save()

-        token = self.channel.make_token()
-        url = "/integrations/%s/unsub/%s/" % (self.channel.code, token)
-
-        r = self.client.get(url)
+        r = self.client.get(self.url)
        self.assertEqual(r.status_code, 404)
--- a/hc/front/views.py
+++ b/hc/front/views.py
@ -880,27 +880,25 @@ def verify_email(request, code, token):

@csrf_exempt
 def unsubscribe_email(request, code, signed_token):
+    ctx = {}
+
    # Some email servers open links in emails to check for malicious content.
    # To work around this, on GET requests we serve a confirmation form.
    # If the signature is at least 5 minutes old, we also include JS code to
    # auto-submit the form.
-    ctx = {}
-    if ":" in signed_token:
-        signer = signing.TimestampSigner(salt="alerts")
-        # First, check the signature without looking at the timestamp:
-        try:
-            token = signer.unsign(signed_token)
-        except signing.BadSignature:
-            return render(request, "bad_link.html")
+    signer = signing.TimestampSigner(salt="alerts")

-        # Check if timestamp is older than 5 minutes:
-        try:
-            signer.unsign(signed_token, max_age=300)
-        except signing.SignatureExpired:
-            ctx["autosubmit"] = True
+    # First, check the signature without looking at the timestamp:
+    try:
+        token = signer.unsign(signed_token)
+    except signing.BadSignature:
+        return render(request, "bad_link.html")

-    else:
-        token = signed_token
+    # Then, check if timestamp is older than 5 minutes:
+    try:
+        signer.unsign(signed_token, max_age=300)
+    except signing.SignatureExpired:
+        ctx["autosubmit"] = True

    channel = get_object_or_404(Channel, code=code, kind="email")
    if channel.make_token() != token: