From 3e70453e75788dc01d308e77d5bf4ff273baf02c Mon Sep 17 00:00:00 2001
From: Serghei Mihai <smihai@entrouvert.com>
Date: Tue, 12 Jul 2016 15:42:51 +0200
Subject: [PATCH] remove scheme identifier from unsubscription page (#12544)

---
 corbo/views.py         |  8 +++++++-
 tests/test_emailing.py | 10 +++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/corbo/views.py b/corbo/views.py
index ffaf67b..44e0af7 100644
--- a/corbo/views.py
+++ b/corbo/views.py
@@ -117,8 +117,14 @@ class UnsubscribeView(DeleteView):
     def get_object(self, queryset=None):
         data = signing.loads(self.kwargs['unsubscription_token'])
         try:
-            return models.Subscription.objects.get(category__pk=data['category'],
+            s = models.Subscription.objects.get(category__pk=data['category'],
                                 identifier=data['identifier'])
+            try:
+                # remove schema from identifier
+                scheme, s.identifier = s.identifier.split(':')
+            except ValueError:
+                pass
+            return s
         except models.Subscription.DoesNotExist:
             raise Http404
 
diff --git a/tests/test_emailing.py b/tests/test_emailing.py
index 42ca111..ba8944b 100644
--- a/tests/test_emailing.py
+++ b/tests/test_emailing.py
@@ -96,9 +96,10 @@ def test_check_inline_images(app, categories, announces):
 def test_unsubscription_link(app, categories, announces):
     for category in categories:
         uuid = uuid4()
-        email = '%s@example.net' % uuid
+        scheme = 'mailto:'
+        uri = scheme + '%s@example.net' % uuid
         s = Subscription.objects.create(category=category,
-                                identifier=email,
+                                identifier=uri,
                                 uuid=str(uuid))
         for announce in announces:
             if announce.category != category:
@@ -108,9 +109,12 @@ def test_unsubscription_link(app, categories, announces):
             assert broadcast.result
             assert mail.outbox
             signature = signing.dumps({'category': announce.category.pk,
-                                       'identifier': email})
+                                       'identifier': uri})
             unsubscription_link = reverse('unsubscribe', kwargs={'unsubscription_token': signature})
             assert mail.outbox[0].subject == announce.title
             assert unsubscription_link in mail.outbox[0].html
             assert unsubscription_link in mail.outbox[0].text
             mail.outbox = []
+            # make sure the uri schema is not in the page
+            resp = app.get(unsubscription_link)
+            assert scheme not in resp.content
-- 
2.8.1