-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mailchimp unsubscribe webhook #5804
Changes from 2 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
class Webhooks::MailchimpUnsubscribesController < ApplicationController | ||
class InvalidListID < StandardError; end | ||
|
||
LIST_MAPPINGS = { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is there a better way to do this lookup/is this mapping defined somewhere already? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is the first of it's kind 😄 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, good to know. Can you please sanity check the mapping? |
||
mailchimp_newsletter_id: :email_newsletter, | ||
mailchimp_sustaining_members_id: :email_membership_newsletter, | ||
mailchimp_tag_moderators_id: :email_tag_mod_newsletter, | ||
mailchimp_community_moderators_id: :email_community_mod_newsletter | ||
}.freeze | ||
|
||
def create | ||
not_authorized unless valid_secret? | ||
user = User.find_by!(email: params.dig(:data, :email)) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I decided to raise in case we can't find the user, but I'm open to other approaches (log to DataDog and no-op for example). There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This should be fine for the time being. It should be caught by honeybadger. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I wonder if we should not raise while still testing this out/debugging, because if my assumption about the webhook payload are wrong we'll raise for no good reason. |
||
user.update(email_type => false) | ||
end | ||
|
||
private | ||
|
||
def valid_secret? | ||
params[:secret] == SiteConfig.mailchimp_webhook_secret | ||
end | ||
|
||
def email_type | ||
list_id = params.dig(:data, :list_id) | ||
key = LIST_MAPPINGS.keys.detect { |k| SiteConfig.public_send(k) == list_id } | ||
raise InvalidListID unless key | ||
|
||
LIST_MAPPINGS[key] | ||
end | ||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -154,11 +154,15 @@ | |
resources :reads, only: [:create] | ||
end | ||
|
||
namespace :webhooks do | ||
post "/mailchimp/:secret/unsubscribe", to: "mailchimp_unsubscribes#create", as: :mailchimp_unsubscribe | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We can probably change this at one point and use routing DSL trickery, but for now this seems good enough. |
||
end | ||
|
||
resources :messages, only: [:create] | ||
resources :chat_channels, only: %i[index show create update] | ||
resources :chat_channel_memberships, only: %i[create update destroy] | ||
resources :articles, only: %i[update create destroy] | ||
resources :article_mutes, only: %i[update] | ||
resources :article_mutes, only: %i[update] | ||
maestromac marked this conversation as resolved.
Show resolved
Hide resolved
|
||
resources :comments, only: %i[create update destroy] do | ||
patch "/hide", to: "comments#hide" | ||
patch "/unhide", to: "comments#unhide" | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
require "rails_helper" | ||
|
||
RSpec.describe "Webhooks::MailchimpUnsubscribesController", type: :request do | ||
let(:user) { create(:user, email_digest_periodic: true) } | ||
|
||
describe "POST /webhooks/mailchimp/:secret/unsubscribe" do | ||
let(:secret) { "secret" } | ||
let(:list_id) { "1234" } | ||
let(:params) { { data: { email: user.email, list_id: list_id } } } | ||
|
||
before do | ||
allow(SiteConfig).to receive(:mailchimp_webhook_secret).and_return(secret) | ||
end | ||
|
||
it "return not authorized if the secret is incorrect" do | ||
expect do | ||
post "/webhooks/mailchimp/wrong_secret/unsubscribe", params: params | ||
end.to raise_error(Pundit::NotAuthorizedError) | ||
end | ||
|
||
it "unsubscribes the user if the secret is correct" do | ||
SiteConfig.mailchimp_newsletter_id = list_id | ||
|
||
expect do | ||
post "/webhooks/mailchimp/#{secret}/unsubscribe", params: params | ||
end.to change { user.reload.email_newsletter }.from(true).to(false) | ||
end | ||
end | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should all this logic (the mappings and the
email_type
) be in the controller?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this is a POC, I opted for "easy to remove again" as my optimization target. If this sticks around, we can always move it out later. But if you prefer I can also move it out now, but since this mapping isn't used elsewhere yet, I don't have a problem with it being in this controller for the time being.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no, it makes sense, let's leave it as is