Only require token when unsubscribing #5019
Conversation
Since the user is not logged in, there is no extra information given by passing in the email address, but it does add PII to our request logs. Hence, just accepting the unsubscribe token might be enough.
|
Preview URL 🚀 : https://blurts-server-pr-5019-mgjlpikfea-uk.a.run.app |
| async function getEmailPreferenceForPrimaryEmail(email: string) { | ||
| logger.info("get_email_preference_for_primary_email", { | ||
| email, | ||
| async function getEmailPreferenceForUnsubscribeToken(unsubscribeToken: string) { |
There was a problem hiding this comment.
Since we are just matching tokens, it doesn't have to use join anymore
| getEmailPreferenceForPrimaryEmail, | ||
| unsubscribeMonthlyMonitorReportForEmail, | ||
| getEmailPreferenceForUnsubscribeToken, | ||
| unsubscribeMonthlyMonitorReportForUnsubscribeToken, | ||
| }; |
There was a problem hiding this comment.
Added unique index to the unsub token in the first PR. The index is not necessary anymore
There was a problem hiding this comment.
Could we add comments to each of these funcs describing what they're for/what they are returning?
There was a problem hiding this comment.
Also, what did we change getEmailPreferenceForPrimaryEmail into? It was being used previously to determine if the monthly report checkbox in the settings page should be selected for the user.
|
I'll modify this PR and merge it in |
|
Cleanup completed - database 'blurts-server-pr-5019' destroyed, cloud run service 'blurts-server-pr-5019' destroyed |
Since the user is not logged in, there is no extra information given by passing in the email address, but it does add PII to our request logs. Hence, just accepting the unsubscribe token might be enough.
Merges into #4988. /cc @codemist