Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: One-click unsubscribe #8438

Merged
merged 1 commit into from
May 5, 2023
Merged

feat: One-click unsubscribe #8438

merged 1 commit into from
May 5, 2023
+452 −15

Conversation

ChristophWurst
Copy link
Member

@ChristophWurst ChristophWurst commented May 2, 2023
edited
Loading

Fixes #5387
Close #5387

Refinement of #8395 for services that support one-click unsubscribe.

https://datatracker.ietf.org/doc/html/rfc8058

How to test

  1. Set up an account in Mail
  2. Open a message from a mailing list (it has to have List-Unsubscribe: <http…> and List-Unsubscribe-Post=List-Unsubscribe=One-Click headers)
  3. See the Unsubscribe button
  4. Click the Unsubscribe button and see a confirmation

@ChristophWurst ChristophWurst self-assigned this May 2, 2023
@ChristophWurst ChristophWurst marked this pull request as draft May 2, 2023 18:09
@ChristophWurst ChristophWurst mentioned this pull request May 2, 2023
Closed
4 tasks
@ChristophWurst ChristophWurst marked this pull request as ready for review May 2, 2023 18:44
JohannesGGE
JohannesGGE reviewed May 3, 2023
View reviewed changes
src/components/ThreadEnvelope.vue Outdated

await unsubscribe(this.envelope.databaseId)
} catch (error) {
logger.error('Could one-click unsubscribe', { error })
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could not one-click unsubscribe ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah 🙈

JohannesGGE
JohannesGGE approved these changes May 3, 2023
View reviewed changes
Copy link
Contributor

@JohannesGGE JohannesGGE left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works as expected (I think).
The unsubscribe landing page is not shown (4. wrong in the test desc?) and the list is unsubscribed.
Personally, I would appreciate a little feedback, the unsubscribe was send.

@ChristophWurst
Copy link
Member Author

The unsubscribe landing page is not shown

My bad. Copied over the test steps from #8395.

Will add a confirmation toast. Good idea!

@miaulalala
Copy link
Contributor

miaulalala commented May 3, 2023
edited
Loading

Tested, worked fine, cool stuff!

Two nitpicks and a bug:

  1. Location of the unsubscribe button. The current location crowds the lefthand side and doesn't really fit with the styling of the current header. I would prefer something like this:
    image
    cc @jancborchardt

Alternatively add a few pixels of margin to the button:

Before After
image image
  1. The toast for the unsubscribe stays visible for a long time compared to other toasts.
  2. the button is visible on mobile but messes up the header:

image

I'd hide it for now and fix it at a later date.

@ChristophWurst
Copy link
Member Author

ChristophWurst commented May 3, 2023
edited
Loading

Location of the unsubscribe button. The current location crowds the lefthand side and doesn't really fit with the styling of the current header. I would prefer something like this:

See #5387 and #5387 (comment) (bottom). The button was placed there intentionally.

The toast for the unsubscribe stays visible for a long time compared to other toasts.

It uses the default for success toasts: https://github.com/nextcloud/nextcloud-dialogs/blob/c16397fe19f43a4def95ba1dcab13ebf8929232c/lib/toast.ts#L45-L48

the button is visible on mobile but messes up the header

Tracked in #8191

@kesselb
Copy link
Contributor

kesselb commented May 3, 2023

Cool 👍

A mail receiver can do a one-click unsubscription by performing an
HTTPS POST to the HTTPS URI in the List-Unsubscribe header. It sends
the key/value pair in the List-Unsubscribe-Post header as the request
body.

The POST content SHOULD be sent as 'multipart/form-data' [RFC7578] or
MAY be sent as 'application/x-www-form-urlencoded'. These encodings
are the ones used by web browsers when sending forms. The target of
the POST action is the same as the one in the GET action for a manual
unsubscription, so this is intended to allow the same server code to
handle both

To comply with the RFC, we need to send the List-Unsubscribe-Post key/value pair to the unsubscribe url.

@ChristophWurst
Copy link
Member Author

Thanks @kesselb. Didn't see any header values in the messages I tested with.

@ChristophWurst ChristophWurst marked this pull request as draft May 3, 2023 12:34
@kesselb
Copy link
Contributor

kesselb commented May 3, 2023

To add more fun:

As described below, the
message MUST have a valid DomainKeys Identified Mail (DKIM) signature
that covers at least the List-Unsubscribe and List-Unsubscribe-Post
headers.

The message needs at least one valid authentication identifier. In
this version of the specification, the only supported identifier type
is DKIM [RFC6376]. Hence, senders MUST apply at least one valid DKIM
signature to the message.

The List-Unsubscribe and List-Unsubscribe-Post headers MUST be
covered by the signature and included in the "h=" tag of a valid
DKIM-Signature header field.

If the message does not have the required DKIM signature, the mail
receiver SHOULD NOT offer a one-click unsubscribe for that message.

Possible library to validate DKIM: https://github.com/pimlie/php-dkim (horde already has a couple of methods to fetch and normalize headers, maybe we don't need an additional lib).

Plugin for Roundcube: https://github.com/pimlie/authres_status (very helpful readme with lots of information).

@kesselb kesselb force-pushed the feat/one-click-unsubscribe branch from efebc54 to 3289839 Compare May 4, 2023 18:33
@ChristophWurst
Copy link
Member Author

@kesselb does your rebase mean this is done and ready to review? :)

@kesselb kesselb marked this pull request as ready for review May 5, 2023 09:36
@kesselb kesselb force-pushed the feat/one-click-unsubscribe branch from 3289839 to e44f17c Compare May 5, 2023 09:39
miaulalala
miaulalala approved these changes May 5, 2023
View reviewed changes
lib/IMAP/ImapMessageFetcher.php
if (str_starts_with($header->url, 'mailto')) {
$this->unsubscribeMailto = $header->url;
break;
$dkimSignatureHeader = $parsedHeaders->getHeader('dkim-signature');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: early return would lead to better readability here and save about 3 brackets 😉

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I will take that into account for the follow-up to add the DKIM signature validation.

@kesselb
Copy link
Contributor

kesselb commented May 5, 2023

@ChristophWurst ready to review.

ChristophWurst
ChristophWurst commented May 5, 2023
View reviewed changes
Copy link
Member Author

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 latest additions look good!

@ChristophWurst @kesselb
feat: One-click unsubscribe
f2b61b3 
Co-Authored-By: Daniel Kesselberg <[email protected]>
Signed-off-by: Christoph Wurst <[email protected]>
@ChristophWurst ChristophWurst merged commit b0095a2 into main May 5, 2023
@ChristophWurst ChristophWurst deleted the feat/one-click-unsubscribe branch May 5, 2023 10:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JohannesGGE JohannesGGE JohannesGGE approved these changes

@miaulalala miaulalala miaulalala approved these changes

@kesselb kesselb Awaiting requested review from kesselb kesselb is a code owner

@GretaD GretaD Awaiting requested review from GretaD GretaD is a code owner

Assignees

@ChristophWurst ChristophWurst

Labels
4. to release enhancement feature parity
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

One Click Suggested Unsubscribe
4 participants
@ChristophWurst @miaulalala @kesselb @JohannesGGE