]> git.openstreetmap.org Git - rails.git/blobdiff - script/deliver-message
Re-introduce additional round trip for verifying auth_provider
[rails.git] / script / deliver-message
index 04dcb881bc0699b3b948a9119b53d567565ecd6a..81de3ef587402b35eeff71727e49b85da903da81 100755 (executable)
@@ -1,33 +1,38 @@
 #!/usr/bin/env ruby
 
-require File.dirname(__FILE__) + "/../config/environment"
+require File.join(File.dirname(__FILE__), "..", "config", "environment")
 
-exit 0 unless recipient = ARGV[0].match(/^([cm])-(\d+)-(.*)$/)
-
-if recipient[1] == "c"
-  comment = DiaryComment.find(recipient[2])
-  digest = comment.digest
-  date = diary_comment.created_at
-  from = comment.diary_entry.user
+if recipient = ARGV[0].match(/^c-(\d+)-(\d+)-(.*)$/)
+  comment = DiaryComment.find(recipient[1])
+  expected_token = comment.notification_token(recipient[2])
+  date = comment.created_at
+  from = comment.diary_entry.subscribers.find(recipient[2])
   to = comment.user
-else
-  message = Message.find(recipient[2])
-  digest = message.digest
+  token = recipient[3]
+elsif recipient = ARGV[0].match(/^m-(\d+)-(.*)$/)
+  message = Message.find(recipient[1])
+  expected_token = message.notification_token
   date = message.sent_on
   from = message.recipient
   to = message.sender
+  token = recipient[2]
+else
+  exit 0
 end
 
-exit 0 unless recipient[3] == digest[0, 6]
+exit 0 unless ActiveSupport::SecurityUtils.secure_compare(token, expected_token)
+exit 0 unless from.active?
 exit 0 if date < 1.month.ago
 
-message.update_attribute(:message_read, true) if message
+message&.update(:message_read => true)
 
-mail = Mail.new(STDIN.readlines.join)
+mail = Mail.new($stdin.read
+                     .encode(:universal_newline => true)
+                     .encode(:crlf_newline => true))
 
 message = Message.from_mail(mail, from, to)
 message.save!
 
-Notifier.message_notification(message).deliver
+UserMailer.message_notification(message).deliver if message.notify_recipient?
 
 exit 0