The mailing list for listmasters using Sympa

["Goltz, Immo" <address@concealed>]

Hi Soji,

well, whats the difference between /signoff/ and /auto_signoff/ endpoints 
then?
According to the documentation in the code
https://github.com/sympa-community/sympa/blob/sympa-6.2/src/cgi/wwsympa.fcgi.in#L5585
"# Unsubcribes a user from a list, without authentication."
that would be the action we searched for.
Maybe we misunderstood this feature completely and Sympa does not have the 
option to unsubscribe without authentication.
Thank you for pointing out the problems with forwarded mails, automatic 
link-checking etc. That risk is accepted in favor of users convenience. 


I could place Sympa::Template::Plugin::CheckUUID on github. But the plugin is 
not involved in the problem yet.
The thing we have problems with is with template snippet 
[% wwsympa_url %][% 'auto_signoff' | url_abs([list.name], {email => 
user.email, uuid => user.optout_uuid}) %]
which is parsed correctly in footer/header but not in tt2 templates like 
welcome.tt2. The links created from tt2 files have empty uuid paramter, 
user.optout_uuid is not resolved.



________________________________________
Von: Hatuka*nezumi - IKEDA Soji <address@concealed>
Gesendet: Mittwoch, 5. Oktober 2022 10:18
An: Goltz, Immo
Cc: address@concealed
Betreff: [EXTERN] Re: [en@sympa] problems with auto_signoff behaviour and 
with accessing db_additional_subscriber_fields fields in templates

Hi,

On 2022/10/04 23:57, Goltz, Immo wrote:
> Hello,
>
> we are running Sympa 6.2.68.
>
> Currently we try to tweak unsubscribing a bit. It should be easy for
> subscribers to leave but also safe from abuse.
>
> Step one, we use auto_signoff instead of signoff.
>
> We understood the documentation that auto_signoff unsubcribes a user
> from a list without authentication.
>
> But no matter if we use signoff or auto_signoff authentication is
> needed. Subscriber clicks on link in mailing, Sympa GUI opens. Press
> "confirm" leaving list. This generates an auth mail which has to be
> clicked and confirmed as well. With auto_signoff this auth should not
> happen we think (problem 1).

I couldn't find that the documantation states that auto_signoff
unsubcribes a user from a list "without authentication".

The description of this feature as it first appeared in the manual
is as follows:

| Note: It is essential that the list messages don't contain a link that
| actually unsubscribe users, because list messages are forwarded,
| replied to, and therefore the unsubscription URL would be forwarded to
| potentially a lot of people. Consequently, we put only an URL which
| will trigger an unsubscription confirmation. This way, if somebody
| else clicks on this URL with your mail address in it, you will just
| receive a message (containing this person's email IP) requesting
| confirmation.
---
https://web.archive.org/web/20101115113815/www.sympa.org/manual/message-handling

Briefly: Simply clicking on the auto_signoff link does not unsubscribe
the user, but **requires confirmation** by the user themselves.


> Step two, guard auto_signoff.
>
> We think auto_signoff is intended to signoff without auth (which does
> currently not work in our installation, see above). But to have some
> safety net against malicious attempts to unsubscribe someone else we
> implemented a personal token.
>
> We added optout_uuid to db_additional_subscriber_fields parameter in
> sympa.conf and introduced a Sympa::Template::Plugin::CheckUUID plugin
> which is called from a modified confirm_action.tt2 (to be honest we had
> significant help doing so).
>
> Then message_footer with
>
> [% wwsympa_url %][% 'auto_signoff' | url_abs([listname], {email =>
> user.email, uuid => user.optout_uuid}) %]
>
> creates the new unsubscribe links. Which works fine.
>
> But having the same unsubscribe link in welcome.tt2 the uuid paramter is
> empty. So problem 2 is user.optout_uuid seems not to work in welcome.tt2
> (maybe other templates too) however it works in message_footer.

I don't know how your Sympa::Template::Plugin::CheckUUID plugin works.

Can you give us the link to the documentation or source code for that
plugin?

Regards,
-- Soji


> Roundup
>
> 1. According to doumentation does auto_signoff unsubcribes a user from a
> list without authentication. In our installation we don't see a
> difference to signoff, auth is needed in both cases.
>
> Do wee need special list configuration to achieve the auto_signoff
> without authentication?
>
> 2. We want to place the unsubscribe link in the welcome.tt2 and in the
> message_footer.
>
> In both cases we use the URL:
>
> [% wwsympa_url %][% 'auto_signoff' | url_abs([list.name], {email =>
> user.email, uuid => user.optout_uuid}) %]
>
> In the processed welcome.tt2 the UUID is not set, in messge_footer the
> UUID is set.
>
> How to access optout_uuid, a db_additional_subscriber_fields field, from
> all the templates (tt2 files) and message parts (header/footer or body
> using personalization_feature)
>
> Thank you in advance
>
>
> ​Immo Goltz
>
Achtung! Externe E-Mail. Bitte keine Links oder Anhänge anklicken, außer 
Absender*in ist bekannt und der Inhalt sicher.

[Caution! External email. Do not open attachments or click links, unless this 
email was received from a known source/Sender and you know the content is 
safe.]