def private_hash(self): """ A URL-safe string that is unique to the user's email address which will allow them to access the app without logging in """ # Generate a hex version of our app's secret key and user's email return generate_nologin_hash(self.email.lower())
def unsubscribe_url(email): """Unsubscribe URL to unsubscribe from all mailings""" origin = settings.ORIGIN unsub_url = reverse('unsubscribe') code = generate_nologin_hash(email.lower()) return "{origin}{path}?email={email}&code={code}".format( origin=origin, path=unsub_url, email=email, code=code)
def unsubscribe_url(email): """Unsubscribe URL to unsubscribe from all mailings""" origin = settings.ORIGIN unsub_url = reverse('unsubscribe') code = generate_nologin_hash(email.lower()) return "{origin}{path}?email={email}&code={code}".format(origin=origin, path=unsub_url, email=email, code=code)
def test_unsubscribe_url(self): """Test that all the required components are in the URL""" result = utils.unsubscribe_url('*****@*****.**') unsub_url = reverse('unsubscribe') code = generate_nologin_hash('*****@*****.**') self.assertIn(unsub_url, result) self.assertIn('code=%s' % code, result) self.assertIn('[email protected]', result) self.assertIn('http://connect.local', result)
def test_hash_gen(self): """Test the hash gen""" response = utils.generate_nologin_hash('teststring') # Assert that we got a string that contains something self.assertEqual(type(response), str) self.assertTrue(response) # A SHA256 hash is 64 characters long. Since we convert # it to base64, it should always be lower self.assertTrue(len(response) < 64) # The raw base64 representation includes a trailing equals sign # ensure that was removed self.assertNotIn('=', response)
def dispatch(self, request, *args, **kwargs): """Dispatch method which verifies approprate GET variables exist""" # pylint: disable=attribute-defined-outside-init # Confirm that both 'email' and 'code' are in request.GET if not all(key in request.GET for key in ('email', 'code')): raise Http404 # Validate that the email is a valid email self.email = request.GET['email'] try: validate_email(self.email) except ValidationError: raise Http404 # Validate that the secret code is legitimate if request.GET['code'] != generate_nologin_hash(self.email.lower()): raise Http404 return super(UnsubscribeView, self).dispatch(request, *args, **kwargs)