From fd95b1b3bb7a7634abc229de6c690cb0dd104f39 Mon Sep 17 00:00:00 2001
From: white <122345776@umail.ucc.ie>
Date: Mon, 3 Mar 2025 15:30:52 +0000
Subject: [PATCH] FEAT: Improved backend for unsubscribing for newsletter

---
 web_server/blueprints/user.py |  7 +++++--
 web_server/utils/email.py     | 10 ++++++++--
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/web_server/blueprints/user.py b/web_server/blueprints/user.py
index d0fa182..933a968 100644
--- a/web_server/blueprints/user.py
+++ b/web_server/blueprints/user.py
@@ -204,13 +204,16 @@ def user_reset_password(token, new_password):
         return jsonify({"message": "Password reset successful"}), 200
     return jsonify({"error": "Invalid token"}), 400
 
-@user_bp.route("/unsubscribe/<string:token>", methods=["POST"])
+@user_bp.route("/user/unsubscribe/<string:token>", methods=["POST"])
 def unsubscribe(token):
     salt = r.get(token)
     if salt:
         r.delete(token)
 
-    email = verify_token(token[:-5], salt)
+    # Derive the email from the given token
+    email = verify_token(token[:-6], salt)
+
+    # If email does exist, remove it from the newsletter database
     if email:
         remove_from_newsletter(email)
         return jsonify({"message": "unsubscribed from newsletter"}), 200
diff --git a/web_server/utils/email.py b/web_server/utils/email.py
index 79bc644..bbcf653 100644
--- a/web_server/utils/email.py
+++ b/web_server/utils/email.py
@@ -127,11 +127,17 @@ def confirm_account_creation_body(email) -> str:
 
     return content, "Gander - Confirm Account Creation"
 
-
 def newsletter_conf(email):
     """
     Handles sending a confirmation email that a user has joined a newsletter
     """
+    salt = token_hex(32)
+
+    token = generate_token(email, salt)
+    token += "DaNeWs"
+    r.setex(token, 3600, salt)
+
+    full_url = url + "/user/unsubscribe/" + token
 
     content = f"""
     <html>
@@ -152,7 +158,7 @@ def newsletter_conf(email):
             <h2>Welcome to the Official Gander Newsletter!</h2>
             <p>If you are receiving this email, it means that you have been officially added to the Monthly Gander newsletter.</p>
             <p>In this newsletter, you will receive updates about: your favourite streamers; important Gander updates; and more!</p>
-            <small><a href="{url}">Unsubscribe?</a></small>
+            <small><a href="{full_url}">Unsubscribe?</a></small>
         </div>
     </body>
     </html>