Url link is not consistent with hash signature

[william-eth]

Hi,

I used this gem for some days and notice some email link didn't redirect to the correct address.

For example, here is my url link in the email :

https://creativestore.kdanmobile.com/?utm_source=Afjfyfggfe%26utm_medium=email%26utm_campaign=Zfzcfe_Fhcfdevcgvba

When sending, I traced the log from datadog, which is a monitoring service, and found that many users were redirect to our mail server home page. Then I found the url link like:

https://mail-center.kdanmobile.com/ahoy/messages/nAkQREDrUmDUFhQQhekSwIgotInBhdwD/click?id=nAkQREDrUmDUFhQQhekSwIgotInBhdwD&signature=3d6181dccff66b49cc14f7c84505ad767548ad70&url=https://creativestore.kdanmobile.com/?utm_source=Afjfyfggfe%26utm_medium=email%26utm_campaign=Zfzcfe_Fhcfdevcgvba

I tried using gem source way, "OpenSSL::HMAC.hexdigest", to encrypted the signature at the url link, noticed that the hash was totally different.

digest = "SHA1"
signature = OpenSSL::HMAC.hexdigest(digest, AhoyEmail.secret_token, url)

email link signature: 3d6181dccff66b49cc14f7c84505ad767548ad70
manually created signature: 0abe78cf668587edafd77b5627644d7b7ce7b6c2

But it is not make sense for happening at same way encrypted but different hash output..

Is there any information I need to provide for more detail ?

[ankane]

Hey @yaohsien, it looks like the URL-encoding on the link is off. Are you able to reproduce the issue in your app in development? If so, can you try adding a failing test case (like this one) or reproducing with a fresh Rails app?

[ankane]

Cleaning up issues