From 7ced981d45ed01de773ac6298875809f612258e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C4=93teris=20Caune?= <cuu508@gmail.com>
Date: Fri, 25 May 2018 23:38:02 +0300
Subject: [PATCH] Remove obsolete signature checking code in
 accounts.views.unsubscribe_reports

---
 hc/accounts/tests/test_unsubscribe_reports.py | 21 ++++---------------
 hc/accounts/views.py                          | 19 +++++------------
 2 files changed, 9 insertions(+), 31 deletions(-)

diff --git a/hc/accounts/tests/test_unsubscribe_reports.py b/hc/accounts/tests/test_unsubscribe_reports.py
index 6464bea3..8d4eddbb 100644
--- a/hc/accounts/tests/test_unsubscribe_reports.py
+++ b/hc/accounts/tests/test_unsubscribe_reports.py
@@ -7,14 +7,15 @@ from hc.test import BaseTestCase
 
 class UnsubscribeReportsTestCase(BaseTestCase):
 
-    def test_token_works(self):
+    def test_it_unsubscribes(self):
         self.profile.next_report_date = now()
         self.profile.nag_period = td(hours=1)
         self.profile.next_nag_date = now()
         self.profile.save()
 
-        token = signing.Signer().sign("foo")
-        url = "/accounts/unsubscribe_reports/alice/?token=%s" % token
+        sig = signing.TimestampSigner(salt="reports").sign("alice")
+        url = "/accounts/unsubscribe_reports/%s/" % sig
+
         r = self.client.get(url)
         self.assertContains(r, "You have been unsubscribed")
 
@@ -25,20 +26,6 @@ class UnsubscribeReportsTestCase(BaseTestCase):
         self.assertEqual(self.profile.nag_period.total_seconds(), 0)
         self.assertIsNone(self.profile.next_nag_date)
 
-    def test_bad_token_gets_rejected(self):
-        url = "/accounts/unsubscribe_reports/alice/?token=invalid"
-        r = self.client.get(url)
-        self.assertContains(r, "Incorrect Link")
-
-    def test_signed_username_works(self):
-        sig = signing.TimestampSigner(salt="reports").sign("alice")
-        url = "/accounts/unsubscribe_reports/%s/" % sig
-        r = self.client.get(url)
-        self.assertContains(r, "You have been unsubscribed")
-
-        self.profile.refresh_from_db()
-        self.assertFalse(self.profile.reports_allowed)
-
     def test_bad_signature_gets_rejected(self):
         url = "/accounts/unsubscribe_reports/invalid/"
         r = self.client.get(url)
diff --git a/hc/accounts/views.py b/hc/accounts/views.py
index 40e0fa4d..bf661a33 100644
--- a/hc/accounts/views.py
+++ b/hc/accounts/views.py
@@ -352,20 +352,11 @@ def change_email_done(request):
 
 
 def unsubscribe_reports(request, username):
-    if ":" in username:
-        signer = signing.TimestampSigner(salt="reports")
-        try:
-            username = signer.unsign(username)
-        except signing.BadSignature:
-            return render(request, "bad_link.html")
-    else:
-        # Username is not signed but there should be a ?token=... parameter
-        # This is here for backwards compatibility and will be removed
-        # at some point.
-        try:
-            signing.Signer().unsign(request.GET.get("token", ""))
-        except signing.BadSignature:
-            return render(request, "bad_link.html")
+    signer = signing.TimestampSigner(salt="reports")
+    try:
+        username = signer.unsign(username)
+    except signing.BadSignature:
+        return render(request, "bad_link.html")
 
     user = User.objects.get(username=username)
     profile = Profile.objects.for_user(user)