cachet icon indicating copy to clipboard operation
cachet copied to clipboard

Published 20 hours ago • verified publisher icon cachethq

403 when trying to edit subscriptions

Open gcommit opened this issue 6 years ago • 5 comments
trafficstars

Hello,

when i subscribe to my cachet, i receive the expected mails. But when i try to verify my mail and edit my subscriptions, i just receive the "403 - forbidden". But the verification and the edit works, i can see this in the database!

This also appears when i try to edit a subscription entry as a admin - but here i can't edit anything.

Can you fix this ? :)

Bildschirmfoto 2019-11-15 um 13 51 19

gcommit avatar Nov 15 '19 12:11 gcommit

We get the same error performing the same action. Running 2.4.0-dev on PHP 7.2 with a MariaDB 10.3 database. Would be great to see this resolved.

bhillebrand-enee avatar Nov 16 '19 14:11 bhillebrand-enee

HUHU, any updates??

gcommit avatar Dec 02 '19 14:12 gcommit

Same error with: Cachet 2.4.0-dev MariaDB 10.4 PHP 7.3

Is there any update on this issue?

AhmetBas avatar Jan 21 '20 10:01 AhmetBas

Hell, can anyone say something when this will be fixed? Almost 2 years on something critical like this and NO REPLY?

gcommit avatar Apr 12 '21 09:04 gcommit

Hi, it seems that the problem occurs due to an invalid url signature in the verification link. I found this stackoverflow thread which provides some additional information about this problem.

I tried to reproduce this problem, but I used the mail driver log (testing) and the problem did not occur. Can you also try this so we can check if the problem is caused by the mail driver?

pavog avatar Apr 12 '21 12:04 pavog

Thank you for your input on Cachet 2.x. We are shifting our attention and resources to Cachet 3.x and will no longer be supporting the 2.x version. If your feedback or issue is relevant to the 3.x series, we encourage you to engage with the new branch.

For more information on the Cachet rebuild and our plans for 3.x, you can read the announcement here.

We appreciate your understanding and look forward to your contributions to the new version.

jbrooksuk avatar Aug 12 '23 19:08 jbrooksuk

Here’s a patch to make "manage subscription" links in notification emails working:

diff --git a/app/Notifications/Incident/NewIncidentNotification.php b/app/Notifications/Incident/NewIncidentNotification.php
index ac56c9de..335e982b 100644
--- a/app/Notifications/Incident/NewIncidentNotification.php
+++ b/app/Notifications/Incident/NewIncidentNotification.php
@@ -18,6 +18,7 @@ use Illuminate\Notifications\Messages\NexmoMessage;
 use Illuminate\Notifications\Messages\SlackMessage;
 use Illuminate\Notifications\Notification;
 use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\URL;
 use McCool\LaravelAutoPresenter\Facades\AutoPresenter;
 
 /**
@@ -83,7 +84,7 @@ class NewIncidentNotification extends Notification
                         'unsubscribeText'        => trans('cachet.subscriber.unsubscribe'),
                         'unsubscribeUrl'         => cachet_route('subscribe.unsubscribe', $notifiable->verify_code),
                         'manageSubscriptionText' => trans('cachet.subscriber.manage_subscription'),
-                        'manageSubscriptionUrl'  => cachet_route('subscribe.manage', $notifiable->verify_code),
+                        'manageSubscriptionUrl'  => URL::signedRoute(cachet_route_generator('subscribe.manage'), ['code' => $notifiable->verify_code]),
                     ]);
     }
 
diff --git a/app/Notifications/IncidentUpdate/IncidentUpdatedNotification.php b/app/Notifications/IncidentUpdate/IncidentUpdatedNotification.php
index 6c88b403..6fade3d6 100644
--- a/app/Notifications/IncidentUpdate/IncidentUpdatedNotification.php
+++ b/app/Notifications/IncidentUpdate/IncidentUpdatedNotification.php
@@ -18,6 +18,7 @@ use Illuminate\Notifications\Messages\MailMessage;
 use Illuminate\Notifications\Messages\NexmoMessage;
 use Illuminate\Notifications\Messages\SlackMessage;
 use Illuminate\Notifications\Notification;
+use Illuminate\Support\Facades\URL;
 use McCool\LaravelAutoPresenter\Facades\AutoPresenter;
 
 /**
@@ -87,7 +88,7 @@ class IncidentUpdatedNotification extends Notification
                 'unsubscribeText'        => trans('cachet.subscriber.unsubscribe'),
                 'unsubscribeUrl'         => cachet_route('subscribe.unsubscribe', $notifiable->verify_code),
                 'manageSubscriptionText' => trans('cachet.subscriber.manage_subscription'),
-                'manageSubscriptionUrl'  => cachet_route('subscribe.manage', $notifiable->verify_code),
+                'manageSubscriptionUrl'  => URL::signedRoute(cachet_route_generator('subscribe.manage'), ['code' => $notifiable->verify_code]),
             ]);
     }
 
diff --git a/app/Notifications/Schedule/NewScheduleNotification.php b/app/Notifications/Schedule/NewScheduleNotification.php
index 3b04bc67..bd1568ff 100644
--- a/app/Notifications/Schedule/NewScheduleNotification.php
+++ b/app/Notifications/Schedule/NewScheduleNotification.php
@@ -18,6 +18,7 @@ use Illuminate\Notifications\Messages\MailMessage;
 use Illuminate\Notifications\Messages\NexmoMessage;
 use Illuminate\Notifications\Messages\SlackMessage;
 use Illuminate\Notifications\Notification;
+use Illuminate\Support\Facades\URL;
 use McCool\LaravelAutoPresenter\Facades\AutoPresenter;
 
 /**
@@ -81,7 +82,7 @@ class NewScheduleNotification extends Notification implements ShouldQueue
                 'unsubscribeText'        => trans('cachet.subscriber.unsubscribe'),
                 'unsubscribeUrl'         => cachet_route('subscribe.unsubscribe', $notifiable->verify_code),
                 'manageSubscriptionText' => trans('cachet.subscriber.manage_subscription'),
-                'manageSubscriptionUrl'  => cachet_route('subscribe.manage', $notifiable->verify_code),
+                'manageSubscriptionUrl'  => URL::signedRoute(cachet_route_generator('subscribe.manage'), ['code' => $notifiable->verify_code]),
             ]);
     }

ldidry avatar Nov 07 '23 13:11 ldidry