diff --git a/web_server/blueprints/user.py b/web_server/blueprints/user.py index d0fa182..933a968 100644 --- a/web_server/blueprints/user.py +++ b/web_server/blueprints/user.py @@ -204,13 +204,16 @@ def user_reset_password(token, new_password): return jsonify({"message": "Password reset successful"}), 200 return jsonify({"error": "Invalid token"}), 400 -@user_bp.route("/unsubscribe/", methods=["POST"]) +@user_bp.route("/user/unsubscribe/", methods=["POST"]) def unsubscribe(token): salt = r.get(token) if salt: r.delete(token) - email = verify_token(token[:-5], salt) + # Derive the email from the given token + email = verify_token(token[:-6], salt) + + # If email does exist, remove it from the newsletter database if email: remove_from_newsletter(email) return jsonify({"message": "unsubscribed from newsletter"}), 200 diff --git a/web_server/utils/email.py b/web_server/utils/email.py index 79bc644..bbcf653 100644 --- a/web_server/utils/email.py +++ b/web_server/utils/email.py @@ -127,11 +127,17 @@ def confirm_account_creation_body(email) -> str: return content, "Gander - Confirm Account Creation" - def newsletter_conf(email): """ Handles sending a confirmation email that a user has joined a newsletter """ + salt = token_hex(32) + + token = generate_token(email, salt) + token += "DaNeWs" + r.setex(token, 3600, salt) + + full_url = url + "/user/unsubscribe/" + token content = f""" @@ -152,7 +158,7 @@ def newsletter_conf(email):

Welcome to the Official Gander Newsletter!

If you are receiving this email, it means that you have been officially added to the Monthly Gander newsletter.

In this newsletter, you will receive updates about: your favourite streamers; important Gander updates; and more!

- Unsubscribe? + Unsubscribe?