From ca342d48389de72e2c299c613a5a0e1deebf0093 Mon Sep 17 00:00:00 2001
From: Christian Schmidt <github@chsc.dk>
Date: Tue, 1 Aug 2023 19:34:40 +0200
Subject: [PATCH] Add List-Unsubscribe email header (#26085)
---
.../mail_subscriptions_controller.rb | 5 +-
app/mailers/notification_mailer.rb | 8 ++
app/views/layouts/mailer.html.haml | 4 +-
spec/mailers/notification_mailer_spec.rb | 43 ++++++--
spec/requests/mail_subscriptions_spec.rb | 103 ++++++++++++++++++
5 files changed, 149 insertions(+), 14 deletions(-)
create mode 100644 spec/requests/mail_subscriptions_spec.rb
diff --git a/app/controllers/mail_subscriptions_controller.rb b/app/controllers/mail_subscriptions_controller.rb
index b071a8060..1caeaaacf 100644
--- a/app/controllers/mail_subscriptions_controller.rb
+++ b/app/controllers/mail_subscriptions_controller.rb
@@ -9,6 +9,8 @@ class MailSubscriptionsController < ApplicationController
before_action :set_user
before_action :set_type
+ protect_from_forgery with: :null_session
+
def show; end
def create
@@ -20,6 +22,7 @@ class MailSubscriptionsController < ApplicationController
def set_user
@user = GlobalID::Locator.locate_signed(params[:token], for: 'unsubscribe')
+ not_found unless @user
end
def set_body_classes
@@ -35,7 +38,7 @@ class MailSubscriptionsController < ApplicationController
when 'follow', 'reblog', 'favourite', 'mention', 'follow_request'
"notification_emails.#{params[:type]}"
else
- raise ArgumentError
+ not_found
end
end
end
diff --git a/app/mailers/notification_mailer.rb b/app/mailers/notification_mailer.rb
index 277612366..5eecfed10 100644
--- a/app/mailers/notification_mailer.rb
+++ b/app/mailers/notification_mailer.rb
@@ -8,6 +8,7 @@ class NotificationMailer < ApplicationMailer
before_action :process_params
before_action :set_status, only: [:mention, :favourite, :reblog]
before_action :set_account, only: [:follow, :favourite, :reblog, :follow_request]
+ after_action :set_list_headers!
default to: -> { email_address_with_name(@user.email, @me.username) }
@@ -61,6 +62,7 @@ class NotificationMailer < ApplicationMailer
@me = params[:recipient]
@user = @me.user
@type = action_name
+ @unsubscribe_url = unsubscribe_url(token: @user.to_sgid(for: 'unsubscribe').to_s, type: @type)
end
def set_status
@@ -71,6 +73,12 @@ class NotificationMailer < ApplicationMailer
@account = @notification.from_account
end
+ def set_list_headers!
+ headers['List-ID'] = "<#{@type}.#{@me.username}.#{Rails.configuration.x.local_domain}>"
+ headers['List-Unsubscribe'] = "<#{@unsubscribe_url}>"
+ headers['List-Unsubscribe-Post'] = 'List-Unsubscribe=One-Click'
+ end
+
def thread_by_conversation(conversation)
return if conversation.nil?
diff --git a/app/views/layouts/mailer.html.haml b/app/views/layouts/mailer.html.haml
index e39a09780..7fa344a9b 100644
--- a/app/views/layouts/mailer.html.haml
+++ b/app/views/layouts/mailer.html.haml
@@ -46,9 +46,9 @@
%p= t 'about.hosted_on', domain: site_hostname
%p
= link_to t('application_mailer.notification_preferences'), settings_preferences_notifications_url
- - if defined?(@type)
+ - if defined?(@unsubscribe_url)
ยท
- = link_to t('application_mailer.unsubscribe'), unsubscribe_url(token: @user.to_sgid(for: 'unsubscribe').to_s, type: @type)
+ = link_to t('application_mailer.unsubscribe'), @unsubscribe_url
%td.column-cell.text-right
= link_to root_url do
= image_tag full_pack_url('media/images/mailer/logo.png'), alt: 'Mastodon', height: 24
diff --git a/spec/mailers/notification_mailer_spec.rb b/spec/mailers/notification_mailer_spec.rb
index 636c2d425..78a497c06 100644
--- a/spec/mailers/notification_mailer_spec.rb
+++ b/spec/mailers/notification_mailer_spec.rb
@@ -3,21 +3,42 @@
require 'rails_helper'
RSpec.describe NotificationMailer do
- let(:receiver) { Fabricate(:user) }
+ let(:receiver) { Fabricate(:user, account_attributes: { username: 'alice' }) }
let(:sender) { Fabricate(:account, username: 'bob') }
let(:foreign_status) { Fabricate(:status, account: sender, text: 'The body of the foreign status') }
let(:own_status) { Fabricate(:status, account: receiver.account, text: 'The body of the own status') }
+ shared_examples 'headers' do |type, thread|
+ it 'renders the to and from headers' do
+ expect(mail[:to].value).to eq "#{receiver.account.username} <#{receiver.email}>"
+ expect(mail.from).to eq ['notifications@localhost']
+ end
+
+ it 'renders the list headers' do
+ expect(mail['List-ID'].value).to eq "<#{type}.alice.cb6e6126.ngrok.io>"
+ expect(mail['List-Unsubscribe'].value).to match(%r{<https://cb6e6126.ngrok.io/unsubscribe\?token=.+>})
+ expect(mail['List-Unsubscribe'].value).to match("&type=#{type}")
+ expect(mail['List-Unsubscribe-Post'].value).to eq 'List-Unsubscribe=One-Click'
+ end
+
+ if thread
+ it 'renders the thread headers' do
+ expect(mail['In-Reply-To'].value).to match(/<conversation-\d+.\d\d\d\d-\d\d-\d\d@cb6e6126.ngrok.io>/)
+ expect(mail['References'].value).to match(/<conversation-\d+.\d\d\d\d-\d\d-\d\d@cb6e6126.ngrok.io>/)
+ end
+ end
+ end
+
describe 'mention' do
let(:mention) { Mention.create!(account: receiver.account, status: foreign_status) }
let(:notification) { Notification.create!(account: receiver.account, activity: mention) }
let(:mail) { prepared_mailer_for(receiver.account).mention }
include_examples 'localized subject', 'notification_mailer.mention.subject', name: 'bob'
+ include_examples 'headers', 'mention', true
- it 'renders the headers' do
+ it 'renders the subject' do
expect(mail.subject).to eq('You were mentioned by bob')
- expect(mail[:to].value).to eq("#{receiver.account.username} <#{receiver.email}>")
end
it 'renders the body' do
@@ -32,10 +53,10 @@ RSpec.describe NotificationMailer do
let(:mail) { prepared_mailer_for(receiver.account).follow }
include_examples 'localized subject', 'notification_mailer.follow.subject', name: 'bob'
+ include_examples 'headers', 'follow', false
- it 'renders the headers' do
+ it 'renders the subject' do
expect(mail.subject).to eq('bob is now following you')
- expect(mail[:to].value).to eq("#{receiver.account.username} <#{receiver.email}>")
end
it 'renders the body' do
@@ -49,10 +70,10 @@ RSpec.describe NotificationMailer do
let(:mail) { prepared_mailer_for(own_status.account).favourite }
include_examples 'localized subject', 'notification_mailer.favourite.subject', name: 'bob'
+ include_examples 'headers', 'favourite', true
- it 'renders the headers' do
+ it 'renders the subject' do
expect(mail.subject).to eq('bob favorited your post')
- expect(mail[:to].value).to eq("#{receiver.account.username} <#{receiver.email}>")
end
it 'renders the body' do
@@ -67,10 +88,10 @@ RSpec.describe NotificationMailer do
let(:mail) { prepared_mailer_for(own_status.account).reblog }
include_examples 'localized subject', 'notification_mailer.reblog.subject', name: 'bob'
+ include_examples 'headers', 'reblog', true
- it 'renders the headers' do
+ it 'renders the subject' do
expect(mail.subject).to eq('bob boosted your post')
- expect(mail[:to].value).to eq("#{receiver.account.username} <#{receiver.email}>")
end
it 'renders the body' do
@@ -85,10 +106,10 @@ RSpec.describe NotificationMailer do
let(:mail) { prepared_mailer_for(receiver.account).follow_request }
include_examples 'localized subject', 'notification_mailer.follow_request.subject', name: 'bob'
+ include_examples 'headers', 'follow_request', false
- it 'renders the headers' do
+ it 'renders the subject' do
expect(mail.subject).to eq('Pending follower: bob')
- expect(mail[:to].value).to eq("#{receiver.account.username} <#{receiver.email}>")
end
it 'renders the body' do
diff --git a/spec/requests/mail_subscriptions_spec.rb b/spec/requests/mail_subscriptions_spec.rb
new file mode 100644
index 000000000..cc6557cab
--- /dev/null
+++ b/spec/requests/mail_subscriptions_spec.rb
@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'MailSubscriptionsController' do
+ let(:user) { Fabricate(:user) }
+ let(:token) { user.to_sgid(for: 'unsubscribe').to_s }
+ let(:type) { 'follow' }
+
+ shared_examples 'not found with invalid token' do
+ context 'with invalid token' do
+ let(:token) { 'invalid-token' }
+
+ it 'returns http not found' do
+ expect(response).to have_http_status(404)
+ end
+ end
+ end
+
+ shared_examples 'not found with invalid type' do
+ context 'with invalid type' do
+ let(:type) { 'invalid_type' }
+
+ it 'returns http not found' do
+ expect(response).to have_http_status(404)
+ end
+ end
+ end
+
+ describe 'on the unsubscribe confirmation page' do
+ before do
+ get unsubscribe_url(token: token, type: type)
+ end
+
+ it_behaves_like 'not found with invalid token'
+ it_behaves_like 'not found with invalid type'
+
+ it 'shows unsubscribe form' do
+ expect(response).to have_http_status(200)
+
+ expect(response.body).to include(
+ I18n.t('mail_subscriptions.unsubscribe.action')
+ )
+ expect(response.body).to include(user.email)
+ end
+ end
+
+ describe 'submitting the unsubscribe confirmation page' do
+ before do
+ user.settings.update('notification_emails.follow': true)
+ user.save!
+
+ post unsubscribe_url, params: { token: token, type: type }
+ end
+
+ it_behaves_like 'not found with invalid token'
+ it_behaves_like 'not found with invalid type'
+
+ it 'shows confirmation page' do
+ expect(response).to have_http_status(200)
+
+ expect(response.body).to include(
+ I18n.t('mail_subscriptions.unsubscribe.complete')
+ )
+ expect(response.body).to include(user.email)
+ end
+
+ it 'updates notification settings' do
+ user.reload
+ expect(user.settings['notification_emails.follow']).to be false
+ end
+ end
+
+ describe 'unsubscribing with List-Unsubscribe-Post' do
+ around do |example|
+ old = ActionController::Base.allow_forgery_protection
+ ActionController::Base.allow_forgery_protection = true
+
+ example.run
+
+ ActionController::Base.allow_forgery_protection = old
+ end
+
+ before do
+ user.settings.update('notification_emails.follow': true)
+ user.save!
+
+ post unsubscribe_url(token: token, type: type), params: { 'List-Unsubscribe' => 'One-Click' }
+ end
+
+ it_behaves_like 'not found with invalid token'
+ it_behaves_like 'not found with invalid type'
+
+ it 'return http success' do
+ expect(response).to have_http_status(200)
+ end
+
+ it 'updates notification settings' do
+ user.reload
+ expect(user.settings['notification_emails.follow']).to be false
+ end
+ end
+end