Fix salt in pulse unsub hash (#37817)

* Fix salt in pulse unsub hash * Workaround for read-only settings not supporting temp overrides yet

Fix salt in pulse unsub hash (#37817)
9184ddaa · Chris Truter · GitHub · af800eba · 9184ddaa · 9184ddaa
Unverified Commit 9184ddaa authored 1 year ago by Chris Truter Committed by GitHub 1 year ago
--- a/src/metabase/email/messages.clj
+++ b/src/metabase/email/messages.clj
@@ -308,8 +308,8 @@
  [pulse-id email]
  (codecs/bytes->hex
   (encryption/validate-and-hash-secret-key
-    (json/generate-string {:salt public-settings/site-uuid-for-unsubscribing-url
-                           :email email
+    (json/generate-string {:salt     (public-settings/site-uuid-for-unsubscribing-url)
+                           :email    email
                           :pulse-id pulse-id}))))

 (defn- pulse-context [pulse dashboard non-user-email]

--- a/test/metabase/api/session_test.clj
+++ b/test/metabase/api/session_test.clj
@@ -569,6 +569,22 @@

 ;;; ------------------------------------------- TESTS FOR UNSUBSCRIBING NONUSERS STUFF --------------------------------------------

+(deftest unsubscribe-hash-test
+  (mt/with-temporary-setting-values [site-uuid-for-unsubscribing-url "08534993-94c6-4bac-a1ad-86c9668ee8f5"]
+    (let [email         "rasta@pasta.com"
+          pulse-id      12345678
+          expected-hash "37bc76b4a24279eb90a71c129a629fb8626ad0089f119d6d095bc5135377f2e2884ad80b037495f1962a283cf57cdbad031fd1f06a21d86a40bba7fe674802dd"]
+      (testing "We generate a cryptographic hash to validate unsubscribe URLs"
+        (is (= expected-hash (messages/generate-pulse-unsubscribe-hash pulse-id email))))
+
+      (testing "The hash value depends on the pulse-id, email, and site-uuid"
+        (let [alternate-site-uuid "aa147515-ade9-4298-ac5f-c7e42b69286d"
+              alternate-hashes    [(messages/generate-pulse-unsubscribe-hash 87654321 email)
+                                   (messages/generate-pulse-unsubscribe-hash pulse-id "hasta@lavista.com")
+                                   (mt/with-temporary-setting-values [site-uuid-for-unsubscribing-url alternate-site-uuid]
+                                     (messages/generate-pulse-unsubscribe-hash pulse-id email))]]
+          (is (= 3 (count (distinct (remove #{expected-hash} alternate-hashes))))))))))
+
 (deftest unsubscribe-test
  (reset-throttlers!)
  (testing "POST /pulse/unsubscribe"