Refactored signature encryption in unsubscribe and stub the encryption in tests to return a simple valid value

just3ws · just3ws · commit 5f2ddfc977d2 · 2014-05-12T19:59:57.000-05:00
diff --git a/app/controllers/emails_controller.rb b/app/controllers/emails_controller.rb
@@ -1,6 +1,6 @@
 class EmailsController < ApplicationController
   def unsubscribe
-    Rails.logger.info("Mailgun Unsubscribe: #{params.inspect}")
+    puts("Mailgun Unsubscribe: #{params.inspect}")
     if mailgun?(ENV['MAILGUN_API_KEY'], params['token'], params['timestamp'], params['signature'])
       if params[:email_type] == Notifier::WELCOME_EVENT
         user = User.where(email: params[:recipient]).first
@@ -30,9 +30,12 @@ def delivered
   protected
 
   def mailgun?(api_key, token, timestamp, signature)
-    return signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'),
-                                                api_key,
-                                                '%s%s' % [timestamp, token])
+    encrypted = encrypt_signature(api_key, timestamp, token)
+    return signature == encrypted
+  end
+
+  def encrypt_signature(api_key, timestamp, token)
+    OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), api_key, '%s%s' % [timestamp, token])
   end
 
 end
diff --git a/spec/controllers/emails_controller_spec.rb b/spec/controllers/emails_controller_spec.rb
@@ -1,19 +1,21 @@
 describe EmailsController do
   let(:mailgun_params) { {
-      "domain" => ENV['MAILGUN_DOMAIN'],
-      "tag" => "*",
-      "recipient" => "someone@example.com",
-      "event" => "unsubscribed",
-      "email_type" => Notifier::ACTIVITY_EVENT,
-      "timestamp" => "1327043027",
-      "token" => ENV['MAILGUN_TOKEN'],
-      "signature" => ENV['MAILGUN_SIGNATURE'],
-      "controller" => "emails",
-      "action" => "unsubscribe"} }
+    'domain'     => ENV['MAILGUN_DOMAIN'],
+    'tag'        => '*',
+    'recipient'  => 'someone@example.com',
+    'event'      => 'unsubscribed',
+    'email_type' => Notifier::ACTIVITY_EVENT,
+    'timestamp'  => '1327043027',
+    'token'      => ENV['MAILGUN_TOKEN'],
+    'signature'  => ENV['MAILGUN_SIGNATURE'],
+    'controller' => 'emails',
+    'action'     => 'unsubscribe'}
+  }
 
   it 'unsubscribes member from notifications when they unsubscribe from a notification email on mailgun' do
     user = Fabricate(:user, email: 'someone@example.com')
     user.notify_on_award.should == true
+    EmailsController.any_instance.should_receive(:encrypt_signature).and_return(ENV['MAILGUN_SIGNATURE'])
     post :unsubscribe, mailgun_params
     user.reload
     user.notify_on_award.should == false
@@ -24,6 +26,7 @@
     user = Fabricate(:user, email: 'someone@example.com')
     new_params = mailgun_params
     new_params["email_type"] = Notifier::WELCOME_EVENT
+    EmailsController.any_instance.should_receive(:encrypt_signature).and_return(ENV['MAILGUN_SIGNATURE'])
     post :unsubscribe, mailgun_params
     user.reload
     user.notify_on_award.should == true
