-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #4663 from codeforamerica/TBE-85-Bugcrowd-Authoriz…
…ation-to-be-added TBE 85 Bugcrowd: Add verification for emails for unsubscribe/subscribe
- Loading branch information
Showing
17 changed files
with
235 additions
and
68 deletions.
There are no files selected for viewing
33 changes: 33 additions & 0 deletions
33
app/controllers/concerns/email_subscription_updater_concern.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
module EmailSubscriptionUpdaterConcern | ||
extend ActiveSupport::Concern | ||
|
||
def update_email_subscription(direction:, column_name:, show_flash_and_render: false) | ||
verifier = ActiveSupport::MessageVerifier.new(Rails.application.secret_key_base) | ||
|
||
if params[:email_address].blank? | ||
flash[:alert] = I18n.t("notifications_settings.no_record") | ||
return | ||
end | ||
|
||
begin | ||
email_address = verifier.verify(params[:email_address]) | ||
matching_intakes = matching_intakes(email_address) | ||
|
||
if matching_intakes.present? | ||
matching_intakes.each do |intake| | ||
intake.update(column_name => direction) | ||
end | ||
|
||
if show_flash_and_render | ||
flash[:notice] = I18n.t("notifications_settings.subscribe_to_emails.flash") | ||
render :unsubscribe_from_emails | ||
end | ||
else | ||
flash[:alert] = I18n.t("notifications_settings.no_record") | ||
end | ||
rescue ActiveSupport::MessageVerifier::InvalidSignature | ||
flash[:alert] = I18n.t("notifications_settings.invalid_link") | ||
end | ||
end | ||
end | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
28 changes: 5 additions & 23 deletions
28
app/controllers/state_file/notifications_settings_controller.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1773,6 +1773,8 @@ en: | |
intake: | ||
your_spouse: Your spouse | ||
notifications_settings: | ||
invalid_link: Invalid subscription link | ||
no_record: No record found | ||
subscribe_to_emails: | ||
flash: You are successfully re-subscribed to email notifications. | ||
unsubscribe_from_emails: | ||
|
@@ -2096,9 +2098,7 @@ en: | |
user_message: | ||
unsubscribe: If you would like to unsubscribe from emails, click <a href="%{unsubscribe_link}">here</a>. | ||
notifications_settings: | ||
subscribe_email: | ||
flash: You are successfully re-subscribed to email notifications. | ||
unsubscribe_email: | ||
unsubscribe_from_emails: | ||
help_text_html: If you change your mind and would like to opt in later, <a class="open-intercom">chat with us</a> or email us at <a href="mailto:[email protected]">[email protected].</a> | ||
link_text: Opt in again. | ||
mistake: Is this a mistake? | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1737,6 +1737,8 @@ es: | |
intake: | ||
your_spouse: Su cónyuge | ||
notifications_settings: | ||
invalid_link: Enlace de suscripción no válido | ||
no_record: Ningún record fue encontrado | ||
subscribe_to_emails: | ||
flash: Te has vuelto a suscribir con éxito a las notificaciones por correo electrónico. | ||
unsubscribe_from_emails: | ||
|
@@ -2060,9 +2062,7 @@ es: | |
user_message: | ||
unsubscribe: Si deseas cancelar la suscripción a los correos electrónicos, haz clic <a href="%{unsubscribe_link}">aquí</a>. | ||
notifications_settings: | ||
subscribe_email: | ||
flash: Has sido exitosamente re-suscrito a las notificaciones por correo electrónico. | ||
unsubscribe_email: | ||
unsubscribe_from_emails: | ||
help_text_html: Si cambias de opinión y deseas suscribirte más tarde, <a class="open-intercom">chatea con nosotros</a> o envíanos un correo electrónico a <a href="mailto:[email protected]">[email protected].</a> | ||
link_text: Vuelve a suscribirte. | ||
mistake: "¿Es un error?" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
87 changes: 87 additions & 0 deletions
87
spec/controllers/notifications_settings_controller_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
require "rails_helper" | ||
|
||
RSpec.describe NotificationsSettingsController do | ||
describe "#unsubscribe_from_emails" do | ||
render_views | ||
|
||
let!(:intake) { create :intake, email_address: "[email protected]", email_notification_opt_in: "yes" } | ||
let(:verifier) { ActiveSupport::MessageVerifier.new(Rails.application.secret_key_base) } | ||
let(:signed_email) { verifier.generate("[email protected]") } | ||
let(:signed_email_without_intake) { verifier.generate("[email protected]") } | ||
|
||
it "unsubscribes the intake from email" do | ||
get :unsubscribe_from_emails, params: { email_address: signed_email } | ||
|
||
expect(intake.reload.email_notification_opt_in).to eq "no" | ||
expect(response.body).to include subscribe_to_emails_path(email_address: signed_email) | ||
end | ||
|
||
context "no matching intakes" do | ||
it "shows a message" do | ||
get :unsubscribe_from_emails, params: { email_address: signed_email_without_intake } | ||
|
||
expect(flash[:alert]).to eq "No record found" | ||
end | ||
end | ||
|
||
context "unsigned email" do | ||
it "shows a message" do | ||
get :unsubscribe_from_emails, params: { email_address: "[email protected]" } | ||
|
||
expect(flash[:alert]).to eq "Invalid subscription link" | ||
end | ||
end | ||
|
||
context "no email address" do | ||
let!(:intake) { create :intake, email_address: nil } | ||
|
||
it "does not match with intakes that have nil email address" do | ||
get :unsubscribe_from_emails | ||
|
||
expect(flash[:alert]).to eq "No record found" | ||
end | ||
end | ||
end | ||
|
||
describe "#subscribe_to_emails" do | ||
let!(:intake) { create :intake, email_address: "[email protected]", email_notification_opt_in: "no" } | ||
let!(:matching_intake) { create :intake, email_address: "[email protected]", email_notification_opt_in: "no" } | ||
let(:verifier) { ActiveSupport::MessageVerifier.new(Rails.application.secret_key_base) } | ||
let(:signed_email) { verifier.generate("[email protected]") } | ||
let(:signed_email_without_intake) { verifier.generate("[email protected]") } | ||
|
||
it "resubscribes all intakes with matching email to email notifications" do | ||
post :subscribe_to_emails, params: { email_address: signed_email } | ||
|
||
expect(intake.reload.email_notification_opt_in).to eq "yes" | ||
expect(matching_intake.reload.email_notification_opt_in).to eq "yes" | ||
expect(flash[:notice]).to eq "You are successfully re-subscribed to email notifications." | ||
end | ||
|
||
context "no matching intakes" do | ||
it "shows a message" do | ||
get :subscribe_to_emails, params: { email_address: signed_email_without_intake } | ||
|
||
expect(flash[:alert]).to eq "No record found" | ||
end | ||
end | ||
|
||
context "unsigned email" do | ||
it "shows a message" do | ||
get :subscribe_to_emails, params: { email_address: "[email protected]" } | ||
|
||
expect(flash[:alert]).to eq "Invalid subscription link" | ||
end | ||
end | ||
|
||
context "no email address" do | ||
let!(:intake) { create :intake, email_address: nil } | ||
|
||
it "does not match with intakes that have nil email address" do | ||
get :subscribe_to_emails | ||
|
||
expect(flash[:alert]).to eq "No record found" | ||
end | ||
end | ||
end | ||
end |
Oops, something went wrong.