Skip to content

Commit

Permalink
Merge pull request #17 from fiveai/9-invalid-manage-subscription-url
Browse files Browse the repository at this point in the history 
Ensure link to manage notification subscriptions are signed #9
  • Loading branch information
@sedan07
sedan07 authored Jan 28, 2021
2 parents 219f016 + 4b6559e commit 8bc8cc1
Show file tree
Hide file tree
Showing 5 changed files with 134 additions and 11 deletions.
7 changes: 5 additions & 2 deletions app/Notifications/Component/ComponentStatusChangedNotification.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
use Illuminate\Notifications\Messages\NexmoMessage;
use Illuminate\Notifications\Messages\SlackMessage;
use Illuminate\Notifications\Notification;
use Illuminate\Support\Facades\URL;
use McCool\LaravelAutoPresenter\Facades\AutoPresenter;

/**
Expand Down Expand Up @@ -77,6 +78,8 @@ public function via($notifiable)
*/
public function toMail($notifiable)
{
$manageUrl = URL::signedRoute(cachet_route_generator('subscribe.manage'), ['code' => $notifiable->verify_code]);

$content = trans('notifications.component.status_update.mail.content', [
'name' => $this->component->name,
'old_status' => $this->component->human_status,
Expand All @@ -89,9 +92,9 @@ public function toMail($notifiable)
'componentName' => $this->component->name,
'content' => $content,
'unsubscribeText' => trans('cachet.subscriber.unsubscribe'),
'unsubscribeUrl' => cachet_route('subscribe.unsubscribe', $notifiable->verify_code),
'unsubscribeUrl' => cachet_route('subscribe.unsubscribe', $manageUrl),
'manageSubscriptionText' => trans('cachet.subscriber.manage_subscription'),
'manageSubscriptionUrl' => cachet_route('subscribe.manage', $notifiable->verify_code),
'manageSubscriptionUrl' => cachet_route('subscribe.manage', $manageUrl),
]);
}

Expand Down
7 changes: 5 additions & 2 deletions app/Notifications/Incident/NewIncidentNotification.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
use Illuminate\Notifications\Messages\SlackMessage;
use Illuminate\Notifications\Notification;
use Illuminate\Support\Facades\Config;
use Illuminate\Support\Facades\URL;
use McCool\LaravelAutoPresenter\Facades\AutoPresenter;

/**
Expand Down Expand Up @@ -69,6 +70,8 @@ public function via($notifiable)
*/
public function toMail($notifiable)
{
$manageUrl = URL::signedRoute(cachet_route_generator('subscribe.manage'), ['code' => $notifiable->verify_code]);

$content = trans('notifications.incident.new.mail.content', [
'name' => $this->incident->name,
]);
Expand All @@ -81,9 +84,9 @@ public function toMail($notifiable)
'actionText' => trans('notifications.incident.new.mail.action'),
'actionUrl' => cachet_route('incident', [$this->incident]),
'unsubscribeText' => trans('cachet.subscriber.unsubscribe'),
'unsubscribeUrl' => cachet_route('subscribe.unsubscribe', $notifiable->verify_code),
'unsubscribeUrl' => cachet_route('subscribe.unsubscribe', $manageUrl),
'manageSubscriptionText' => trans('cachet.subscriber.manage_subscription'),
'manageSubscriptionUrl' => cachet_route('subscribe.manage', $notifiable->verify_code),
'manageSubscriptionUrl' => cachet_route('subscribe.manage', $manageUrl),
]);
}

Expand Down
7 changes: 5 additions & 2 deletions app/Notifications/IncidentUpdate/IncidentUpdatedNotification.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
use Illuminate\Notifications\Messages\NexmoMessage;
use Illuminate\Notifications\Messages\SlackMessage;
use Illuminate\Notifications\Notification;
use Illuminate\Support\Facades\URL;
use McCool\LaravelAutoPresenter\Facades\AutoPresenter;

/**
Expand Down Expand Up @@ -69,6 +70,8 @@ public function via($notifiable)
*/
public function toMail($notifiable)
{
$manageUrl = URL::signedRoute(cachet_route_generator('subscribe.manage'), ['code' => $notifiable->verify_code]);

$content = trans('notifications.incident.update.mail.content', [
'name' => $this->update->incident->name,
'time' => $this->update->created_at_diff,
Expand All @@ -85,9 +88,9 @@ public function toMail($notifiable)
'incidentName' => $this->update->incident->name,
'newStatus' => $this->update->human_status,
'unsubscribeText' => trans('cachet.subscriber.unsubscribe'),
'unsubscribeUrl' => cachet_route('subscribe.unsubscribe', $notifiable->verify_code),
'unsubscribeUrl' => cachet_route('subscribe.unsubscribe', $manageUrl),
'manageSubscriptionText' => trans('cachet.subscriber.manage_subscription'),
'manageSubscriptionUrl' => cachet_route('subscribe.manage', $notifiable->verify_code),
'manageSubscriptionUrl' => cachet_route('subscribe.manage', $manageUrl),
]);
}

Expand Down
7 changes: 5 additions & 2 deletions app/Notifications/Schedule/NewScheduleNotification.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
use Illuminate\Notifications\Messages\NexmoMessage;
use Illuminate\Notifications\Messages\SlackMessage;
use Illuminate\Notifications\Notification;
use Illuminate\Support\Facades\URL;
use McCool\LaravelAutoPresenter\Facades\AutoPresenter;

/**
Expand Down Expand Up @@ -69,6 +70,8 @@ public function via($notifiable)
*/
public function toMail($notifiable)
{
$manageUrl = URL::signedRoute(cachet_route_generator('subscribe.manage'), ['code' => $notifiable->verify_code]);

$content = trans('notifications.schedule.new.mail.content', [
'name' => $this->schedule->name,
'date' => $this->schedule->scheduled_at_formatted,
Expand All @@ -79,9 +82,9 @@ public function toMail($notifiable)
->markdown('notifications.schedule.new', [
'content' => $content,
'unsubscribeText' => trans('cachet.subscriber.unsubscribe'),
'unsubscribeUrl' => cachet_route('subscribe.unsubscribe', $notifiable->verify_code),
'unsubscribeUrl' => cachet_route('subscribe.unsubscribe', $manageUrl),
'manageSubscriptionText' => trans('cachet.subscriber.manage_subscription'),
'manageSubscriptionUrl' => cachet_route('subscribe.manage', $notifiable->verify_code),
'manageSubscriptionUrl' => cachet_route('subscribe.manage', $manageUrl),
]);
}

Expand Down
117 changes: 114 additions & 3 deletions tests/Functional/Notifications/MailTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,16 @@
namespace CachetHQ\Tests\Cachet\Functional\Notifications;

use CachetHQ\Cachet\Bus\Commands\Incident\CreateIncidentCommand;
use CachetHQ\Cachet\Bus\Commands\Component\CreateComponentCommand;
use CachetHQ\Cachet\Bus\Commands\Subscriber\SubscribeSubscriberCommand;
use CachetHQ\Cachet\Models\Incident;
use CachetHQ\Cachet\Models\Component;
use CachetHQ\Cachet\Models\Subscriber;
use CachetHQ\Cachet\Models\Subscription;
use CachetHQ\Cachet\Notifications\Incident\NewIncidentNotification;
use CachetHQ\Cachet\Notifications\IncidentUpdate\IncidentUpdatedNotification;
use CachetHQ\Cachet\Notifications\Component\ComponentStatusChangedNotification;
use CachetHQ\Cachet\Notifications\Schedule\NewScheduleNotification;
use CachetHQ\Cachet\Settings\Repository as SettingsRepository;
use CachetHQ\Tests\Cachet\AbstractTestCase;
use Illuminate\Foundation\Testing\DatabaseMigrations;
Expand Down Expand Up @@ -116,9 +121,21 @@ protected function createIncident(array $incident)
return Incident::where('name', '=', $name)->where('message', '=', $message)->firstOrFail();
}

/**
* @return Component
*/
protected function createComponent()
{
$component = factory(Component::class)->create([
'status' => 1
]);

return $component;
}

/**
* Send an email notification to subscribers when a new incident
* is added.
* is added. Ensure the manage subscription link is signed.
*/
public function testEmailNotificationSentForNewIncident()
{
Expand All @@ -138,7 +155,53 @@ public function testEmailNotificationSentForNewIncident()

Notification::assertSentTo(
[$subscriber],
NewIncidentNotification::class
NewIncidentNotification::class,
function ($notification, $channels) use ($subscriber) {

$mail = $notification->toMail($subscriber)->toArray();
$this->assertEquals('New Incident Reported', $mail['subject']);

//@todo Check the rendered content of the email rather than the raw data passed to the MD
$bodyData = $notification->toMail($subscriber)->data();
$this->assertContains('?signature=', $bodyData['manageSubscriptionUrl']);
return true;
}
);
}

/**
* Send an email notification to subscribers when a new schedule
* is added. Ensure the manage subscription link is signed.
*/
public function testEmailNotificationSentForNewSchedule()
{
Notification::fake();

$this->signIn();

$subscriber = $this->createSubscriber($this->fakerFactory->safeEmail);

$response = $this->post('dashboard/schedule/create', [
'name' => $this->fakerFactory->word,
'status' => 0,
'message' => $this->fakerFactory->paragraph,
'scheduled_at'=> $this->fakerFactory->date('Y-m-d H:i'),
'notify' => 1,
]);

Notification::assertSentTo(
[$subscriber],
NewScheduleNotification::class,
function ($notification, $channels) use ($subscriber) {

$mail = $notification->toMail($subscriber)->toArray();
$this->assertEquals('New Schedule Created', $mail['subject']);

//@todo Check the rendered content of the email rather than the raw data passed to the MD
$bodyData = $notification->toMail($subscriber)->data();
$this->assertContains('?signature=', $bodyData['manageSubscriptionUrl']);
return true;
}
);
}

Expand Down Expand Up @@ -187,7 +250,55 @@ public function testEmailNotificationSentForIncidentUpdate()

Notification::assertSentTo(
[$subscriber],
IncidentUpdatedNotification::class
IncidentUpdatedNotification::class,
function ($notification, $channels) use ($subscriber) {

$mail = $notification->toMail($subscriber)->toArray();
$this->assertEquals('Incident Updated', $mail['subject']);

//@todo Check the rendered content of the email rather than the raw data passed to the MD
$bodyData = $notification->toMail($subscriber)->data();
$this->assertContains('?signature=', $bodyData['manageSubscriptionUrl']);
return true;
}
);
}

/**
* Send an email notification to subscribers when a components
* status is updated.
*/
public function testEmailNotificationSentForComponentStatusUpdate()
{
Notification::fake();

$this->signIn();

$component = $this->createComponent();
$subscriber = $this->createSubscriber($this->fakerFactory->safeEmail);
factory(Subscription::class)->create([
'subscriber_id' => $subscriber->id,
'component_id' => $component->id,
]);

$response = $this->post('dashboard/api/components/'.$component->id, [
'status' => 2,
'component_id' => $component->id
]);

Notification::assertSentTo(
[$subscriber],
ComponentStatusChangedNotification::class,
function ($notification, $channels) use ($subscriber) {

$mail = $notification->toMail($subscriber)->toArray();
$this->assertEquals('Component Status Updated', $mail['subject']);

//@todo Check the rendered content of the email rather than the raw data passed to the MD
$bodyData = $notification->toMail($subscriber)->data();
$this->assertContains('?signature=', $bodyData['manageSubscriptionUrl']);
return true;
}
);
}
}

0 comments on commit 8bc8cc1

Please sign in to comment.