]> git.openstreetmap.org Git - rails.git/blobdiff - script/deliver-message
Really remove login.live.com from CSP allow list
[rails.git] / script / deliver-message
index 15a9fbdc7f613f7d14cb9b6119a6dc7719d39afc..81de3ef587402b35eeff71727e49b85da903da81 100755 (executable)
@@ -1,17 +1,17 @@
 #!/usr/bin/env ruby
 
 #!/usr/bin/env ruby
 
-require File.dirname(__FILE__) + "/../config/environment"
+require File.join(File.dirname(__FILE__), "..", "config", "environment")
 
 if recipient = ARGV[0].match(/^c-(\d+)-(\d+)-(.*)$/)
   comment = DiaryComment.find(recipient[1])
 
 if recipient = ARGV[0].match(/^c-(\d+)-(\d+)-(.*)$/)
   comment = DiaryComment.find(recipient[1])
-  digest = comment.digest
+  expected_token = comment.notification_token(recipient[2])
   date = comment.created_at
   date = comment.created_at
-  from = User.find(recipient[2])
+  from = comment.diary_entry.subscribers.find(recipient[2])
   to = comment.user
   token = recipient[3]
 elsif recipient = ARGV[0].match(/^m-(\d+)-(.*)$/)
   message = Message.find(recipient[1])
   to = comment.user
   token = recipient[3]
 elsif recipient = ARGV[0].match(/^m-(\d+)-(.*)$/)
   message = Message.find(recipient[1])
-  digest = message.digest
+  expected_token = message.notification_token
   date = message.sent_on
   from = message.recipient
   to = message.sender
   date = message.sent_on
   from = message.recipient
   to = message.sender
@@ -20,18 +20,19 @@ else
   exit 0
 end
 
   exit 0
 end
 
-exit 0 unless token == digest[0, 6]
+exit 0 unless ActiveSupport::SecurityUtils.secure_compare(token, expected_token)
+exit 0 unless from.active?
 exit 0 if date < 1.month.ago
 
 exit 0 if date < 1.month.ago
 
-message.update(:message_read => true) if message
+message&.update(:message_read => true)
 
 
-mail = Mail.new(STDIN.read
+mail = Mail.new($stdin.read
                      .encode(:universal_newline => true)
                      .encode(:crlf_newline => true))
 
 message = Message.from_mail(mail, from, to)
 message.save!
 
                      .encode(:universal_newline => true)
                      .encode(:crlf_newline => true))
 
 message = Message.from_mail(mail, from, to)
 message.save!
 
-Notifier.message_notification(message).deliver
+UserMailer.message_notification(message).deliver if message.notify_recipient?
 
 exit 0
 
 exit 0