Skip to content

Check for returned user object in unsubscribe logic #7686

Open
BerkeleyTrue opened this Issue · 6 comments

4 participants

@BerkeleyTrue

https://github.com/FreeCodeCamp/FreeCodeCamp/blob/staging/server/boot/randomAPIs.js#L295 and https://github.com/FreeCodeCamp/FreeCodeCamp/blob/staging/server/boot/randomAPIs.js#L309 does not verify whether the query actually returns a user instance, causing the server to crash hard and reboot.

Anyone up to adding a check for the user object on these?

@BKinahan

I'd like to attempt a fix but I'm having trouble replicating the crash locally using the subscribe/unsubscribe buttons. Are there any additional steps or conditions required?

@BerkeleyTrue

@BKinahan You'd need to navigate directly to the associated URLs using an email that does not exist in the database

@BKinahan

@BerkeleyTrue Have been able to replicate this via the two lines mentioned in the initial issue writeup, and also with https://github.com/FreeCodeCamp/FreeCodeCamp/blob/staging/server/boot/randomAPIs.js#L319

I have a working solution that redirects to the /map page and issues the following flash info text:

Email address not found. Please update your Email preferences from your profile.

I believe this would be the expected behavior and follows the style of the other text alerts, but would would be open to suggestions for the wording and/or functionality.

@SaintPeter
Free Code Camp member

Verbiage looks fine to me.

Should we/can we include a URL that links directly to the settings page?

@BKinahan

@SaintPeter I did think of that first, but if the issue is arising from a user visiting the /unsubscribe/[not-found-emailaddress] URL, they may not be signed in, in which case they are redirected to /map anyway and there is an additional text popup about needing to sign in to access /settings.

Edit: If you mean adding a link within the text popup, that could be effective, if it is possible. Would need a hint on the syntax for that to make sure I have it right :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.