Unsubscribe from email #337
Comments
|
I Will do it !!!
|
|
Hahahaha thanks! DO IT!! |
|
@tonylampada Finally manage to run the application, the postgres was malconfigured on Fedora. CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.db.DatabaseCache',
'LOCATION': 'my_cache_table',
}
}Is this ok? Or do you have another solution? |
from django.core.cache import cache
user_id = cache.get("hash") |
|
@IuryAlves Do not trust the cache. :) Maybe the user will click on this "Unsubscribe" link after this cache record is invalidated or someone will just flush the cache. If you send lots of emails, it consumes all the cache memory. You must persist a token associated to the user in your database and send this token and the username (encrypted), maybe HMAC in "Unsubscribe" link. This token must give access only to this "email preferences" page, don't use Django auth system to persist user session. Some useful links: http://lea.verou.me/2010/08/automatic-login-via-notification-emails/ (This is obviously not @tonylampada answer, it is just how I'd do it.) |
|
@iurisilvio Yep, @tonylampada answer the same thing. Thanks for the links = ) In Django there is a module called signing to encrypt data as HMAC |
Emails sent from freedomsponsors should have an "unsubscribe" link.
Clicking on this link should take the user directly to email preferences, on edit profile page.
The tricky part is adding a security token that will allow the user to see that page without asking for login/password.
The text was updated successfully, but these errors were encountered: