harmacist/healthchecks
1
0
Fork 0
forked from GithubBackups/healthchecks
Code Issues Pull Requests Projects Releases Wiki Activity

Fix the unsubscribe_reports view to handle already deleted users

Browse Source
This commit is contained in:
Pēteris Caune 2021-08-02 12:51:05 +03:00
parent 934099510d
commit c3d458f6f0
No known key found for this signature in database
GPG Key ID: E28D7679E9A9EDE2
2 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hc/accounts/tests/test_unsubscribe_reports.py
View File

@ -51,3 +51,12 @@ class UnsubscribeReportsTestCase(BaseTestCase):
r = self.client.get(url) r = self.client.get(url)
self.assertContains(r, "Please press the button below") self.assertContains(r, "Please press the button below")
self.assertContains(r, "submit()") self.assertContains(r, "submit()")
def test_it_handles_missing_user(self):
self.alice.delete()
sig = signing.TimestampSigner(salt="reports").sign("alice")
url = "/accounts/unsubscribe_reports/%s/" % sig
r = self.client.post(url)
self.assertContains(r, "Unsubscribed")

20
hc/accounts/views.py
View File

@ -555,7 +555,6 @@ def unsubscribe_reports(request, signed_username):
# If the signature is more than 5 minutes old, we also include JS code to # If the signature is more than 5 minutes old, we also include JS code to
# auto-submit the form. # auto-submit the form.
ctx = {}
signer = signing.TimestampSigner(salt="reports") signer = signing.TimestampSigner(salt="reports")
# First, check the signature without looking at the timestamp: # First, check the signature without looking at the timestamp:
try: try:
@ -563,16 +562,25 @@ def unsubscribe_reports(request, signed_username):
except signing.BadSignature: except signing.BadSignature:
return render(request, "bad_link.html") return render(request, "bad_link.html")
# Check if timestamp is older than 5 minutes:
try: try:
username = signer.unsign(signed_username, max_age=300) user = User.objects.get(username=username)
except signing.SignatureExpired: except User.DoesNotExist:
ctx["autosubmit"] = True # This is likely an old unsubscribe link, and the user account has already
# been deleted. Show the "Unsubscribed!" page nevertheless.
return render(request, "accounts/unsubscribed.html")
if request.method != "POST": if request.method != "POST":
# Unsign again, now with max_age set,
# to see if the timestamp is older than 5 minutes
try:
autosubmit = False
username = signer.unsign(signed_username, max_age=300)
except signing.SignatureExpired:
autosubmit = True
ctx = {"autosubmit": autosubmit}
return render(request, "accounts/unsubscribe_submit.html", ctx) return render(request, "accounts/unsubscribe_submit.html", ctx)
user = User.objects.get(username=username)
profile = Profile.objects.for_user(user) profile = Profile.objects.for_user(user)
profile.reports = "off" profile.reports = "off"
profile.next_report_date = None profile.next_report_date = None