mirror of https://github.com/MISP/MISP
chg: [internal] Unsubscribe code
parent
5cce0d8c41
commit
21f5f52988
|
@ -118,14 +118,20 @@ class UsersController extends AppController
|
|||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Something went wrong, please try again later.')), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
|
||||
public function unsubscribe()
|
||||
public function unsubscribe($code)
|
||||
{
|
||||
$user = $this->Auth->user();
|
||||
|
||||
if (!hash_equals($this->User->unsubscribeCode($user), rtrim($code, '.'))) {
|
||||
$this->Flash->error(__('Invalid unsubscribe code.'));
|
||||
$this->redirect(['action' => 'view', 'me']);
|
||||
}
|
||||
|
||||
if ($user['autoalert']) {
|
||||
$this->User->updateField($this->Auth->user(), 'autoalert', false);
|
||||
$this->Flash->info('Already unsubscribed from event alert.');
|
||||
$this->Flash->success(__('Successfully unsubscribed from event alert.'));
|
||||
} else {
|
||||
$this->Flash->info('Successfully unsubscribed from event alert.');
|
||||
$this->Flash->info(__('Already unsubscribed from event alert.'));
|
||||
}
|
||||
$this->redirect(['action' => 'view', 'me']);
|
||||
}
|
||||
|
|
|
@ -3159,8 +3159,10 @@ class Event extends AppModel
|
|||
$template->set('tlp', $subjMarkingString);
|
||||
$template->subject($subject);
|
||||
$template->referenceId("event-alert|{$event['Event']['id']}");
|
||||
$template->set('unsubscribe', $this->__getAnnounceBaseurl() . '/users/unsubscribe');
|
||||
$template->listUnsubscribe($this->__getAnnounceBaseurl() . '/users/unsubscribe');
|
||||
|
||||
$unsubscribeLink = $this->__getAnnounceBaseurl() . '/users/unsubscribe/' . $this->User->unsubscribeCode($user);
|
||||
$template->set('unsubscribe', $unsubscribeLink);
|
||||
$template->listUnsubscribe($unsubscribeLink);
|
||||
return $template;
|
||||
}
|
||||
|
||||
|
|
|
@ -1581,4 +1581,14 @@ class User extends AppModel
|
|||
'conditions' => array('EventDelegation.org_id' => $user['org_id'])
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate code that is used in event alert unsubscribe link.
|
||||
* @return string
|
||||
*/
|
||||
public function unsubscribeCode(array $user)
|
||||
{
|
||||
$salt = Configure::read('Security.salt');
|
||||
return substr(hash('sha256', "{$user['id']}|$salt"), 0, 8);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ if (!isset($contactAlert)) {
|
|||
if ($hideDetails) { // Used when GnuPG.bodyonlyencrypted is enabled and e-mail cannot be send in encrypted form
|
||||
$eventUrl = $baseurl . "/events/view/" . $event['Event']['id'];
|
||||
echo __("A new or modified event was just published on %s", $eventUrl) . PHP_EOL . PHP_EOL;
|
||||
echo __("If you would like to unsubscribe from receiving such alert e-mails, simply\ndisable publish alerts via %s", $baseurl . '/users/edit');
|
||||
echo __("If you would like to unsubscribe from receiving such alert e-mails, simply\ndisable publish alerts via %s", $unsubscribe);
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -112,5 +112,5 @@ You receive this e-mail because the e-mail address <?= $user['email'] ?> is set
|
|||
to receive <?= $contactAlert ? 'contact' : 'publish' ?> alerts on the MISP instance at <?= $baseurl ?>.
|
||||
|
||||
If you would like to unsubscribe from receiving such alert e-mails, simply
|
||||
disable <?= $contactAlert ? 'contact' : 'publish' ?> alerts via <?= $baseurl ?>/users/edit
|
||||
disable <?= $contactAlert ? 'contact' : 'publish' ?> alerts via <?= $unsubscribe ?>.
|
||||
==============================================
|
||||
|
|
Loading…
Reference in New Issue