search

Wunderbyte-GmbH / moodle-mod_newsletter

Native Moodle newsletter module
6 stars 6 forks source link

Implement encrypted unsubscription link #30

Closed dasistwas closed 6 years ago

dasistwas commented 6 years ago

The unsubscription link has to be encrypted in order to not be able to guess the link or to transfer user data with the link. Possible workflow for implementing this feature:

  1. In the newsletter subscriptions table generate a salt in for each subscription. So each subscriber has its own salt.
    • autogenerate
    • a salt with a randomizer
    • add the salt field to the table newsletter_subscriptions
    • in the upgrade.php file: add the salt for all existing subscriptions
  2. Encrypt and decrypt the link using the subscription salt
  3. Make it possible to unsubscribe without logging in (strong encryption necessary)
  4. When somebody did unsubscribe: Send a confirmation e-mail, "You just unsusbscribed successfully from ... if it was not you, then click on the link below to resubscribe (cancel the unsubsctiption....)
michaelpollak commented 6 years ago

Implemented this without adding fields to the table and the added complexity. Every user has something that can (basically) not be guessed, we use the timestamp of the first moodle access. Combined this with a known, the userid, and calculated a hash, this is the key to allow unsubscription.

If 4 occurs I would ask the user to contact an admin, this would be highly suspicious. 2 and 3 is implemented, will be testing on monday.

michaelpollak commented 6 years ago

The only missing part now is to send users that have unsubscribed a mail, do you have a mailtext in mind that we should use? Functionality is implemented and ready.

dasistwas commented 6 years ago

You were successfully unsubscribed from the newsletter $a->nameofnewsletter. If you did this on purpose, there is nothing more to do. If you did accidentally unsubscribe, you can resubscribe now under the following link: $a->subscriptionlink

Sie wurden erfolgreich vom Newsletter "newslettername" abgemeldet. Sollten Sie das auch wirklich gewollt haben, müssen Sie nichts weiter zu machen. Sollten Sie sich unabsichtlich abgemeldet haben, können Sie sich unter folgendem Link wieder für den Newsletter anmelden: $a->subscriptionlink.

dasistwas commented 6 years ago

Auch noch Anrede: Hallo Vorname Nachname, Hello Firstname Lastname.

dasistwas commented 6 years ago

OK finished this one. Works fine.