wrote unsubscribe function, but BE & FE have different secrets

This commit is contained in:
b3yond 2018-08-09 15:01:51 +02:00
parent 57a2e4dcb1
commit 372e0612a6
4 changed files with 26 additions and 6 deletions

View file

@ -7,7 +7,8 @@ import mailbox
import email
import report
from bot import Bot
from config import config
from db import db
logger = logging.getLogger(__name__)
@ -28,8 +29,9 @@ class Mailbot(Bot):
recipients = user.get_mailinglist()
for rec in recipients:
rec = rec[0]
unsubscribe_link = "" # todo: generate unsubscribe link
body = report.text + unsubscribe_link
unsubscribe_text = "\n_______\nYou don't want to receive those messages? Unsubscribe with this link: "
body = report.text + unsubscribe_text + config['web']['host'] + "/city/mail/unsubscribe/" \
+ db.mail_subscription_token(rec, user.get_city())
print(body)
if report.author != rec:
try:

9
db.py
View file

@ -165,12 +165,19 @@ class DB(object):
:param city: string
:return: a token with an encoded json dict { email: x, city: y }
"""
return jwt.encode({
token = jwt.encode({
'email': email,
'city': city
}, self.secret).decode('ascii')
print("mail_subscription_token")
print(token)
print(self.secret)
return token
def confirm_subscription(self, token):
print("confirm_subscription")
print(token)
print(self.secret)
json = jwt.decode(token, self.secret)
return json['email'], json['city']

View file

@ -109,13 +109,20 @@ def subscribe_mail(city):
@view('template/city.tpl')
def confirm_subscribe(token):
email, city = db.confirm_subscription(token)
print(email) # debug
print(city) # debug
user = db.by_city(city)
user.add_subscriber(email)
redirect('/city/' + city)
@get('/city/mail/unsubscribe/<token>')
@view('template/mail.tpl')
def unsubscribe(token):
email, city = db.confirm_subscription(token)
user = db.by_city(city)
user.remove_subscriber(email)
redirect('/city/' + city)
@get('/settings')
@view('template/settings.tpl')
def settings(user):

View file

@ -166,6 +166,10 @@ schlitz
db.execute("INSERT INTO mailinglist(user_id, email, active) VALUES(?, ?, ?);", (self.uid, email, 1))
db.commit()
def remove_subscriber(self, email):
db.execute("UPDATE mailinglist SET active = 0 WHERE email = ? AND user_id = ?;", (email, self.uid))
db.commit()
def set_badwords(self, words):
db.execute("UPDATE badwords SET words = ? WHERE user_id = ?;",
(words, self.uid))