mirror of
https://github.com/discourse/discourse.git
synced 2025-01-25 12:23:59 +08:00
9497a6165f
- Make an `includes(:user)` explicit rather than implicit. - Refactor the `unsubscribe` action to bail early when `key` is invalid
58 lines
1.7 KiB
Ruby
58 lines
1.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class EmailController < ApplicationController
|
|
layout "no_ember"
|
|
|
|
skip_before_action :check_xhr,
|
|
:preload_json,
|
|
:redirect_to_login_if_required,
|
|
:redirect_to_profile_if_required
|
|
|
|
def unsubscribe
|
|
key = UnsubscribeKey.includes(:user).find_by(key: params[:key])
|
|
@found = key.present?
|
|
@key_owner_found = key&.user.present?
|
|
|
|
if @found && @key_owner_found
|
|
UnsubscribeKey.get_unsubscribe_strategy_for(key)&.prepare_unsubscribe_options(self)
|
|
|
|
if current_user.present? && (@user != current_user)
|
|
@different_user = @user.name
|
|
@return_url = request.original_url
|
|
end
|
|
end
|
|
end
|
|
|
|
def perform_unsubscribe
|
|
RateLimiter.new(nil, "unsubscribe_#{request.ip}", 10, 1.minute).performed!
|
|
|
|
key = UnsubscribeKey.includes(:user).find_by(key: params[:key])
|
|
raise Discourse::NotFound if key.nil? || key.user.nil?
|
|
user = key.user
|
|
updated = UnsubscribeKey.get_unsubscribe_strategy_for(key)&.unsubscribe(params)
|
|
|
|
if updated
|
|
cache_key = "unsub_#{SecureRandom.hex}"
|
|
Discourse.cache.write cache_key, user.email, expires_in: 1.hour
|
|
|
|
url = path("/email/unsubscribed?key=#{cache_key}")
|
|
url += "&topic_id=#{key.associated_topic.id}" if key.associated_topic
|
|
|
|
redirect_to url
|
|
else
|
|
redirect_back fallback_location: path("/")
|
|
end
|
|
end
|
|
|
|
def unsubscribed
|
|
@email = Discourse.cache.read(params[:key])
|
|
|
|
raise Discourse::NotFound unless User.find_by_email(@email)
|
|
|
|
if @topic_id = params[:topic_id]
|
|
topic = Topic.find_by(id: @topic_id)
|
|
@topic = topic if topic && Guardian.new.can_see?(topic)
|
|
end
|
|
end
|
|
end
|