From b1fc015c873215ef9aecf3ddceee3853f653831d Mon Sep 17 00:00:00 2001 From: Bell Isabell Date: Tue, 3 Mar 2026 18:52:58 -0800 Subject: [PATCH] Fix nil crash on unsubscribe page with invalid token Add require_email_message before_action to check if the unsubscribe token is valid. When an invalid token is provided, render a friendly error page instead of crashing with a nil reference. Closes #27 --- app/controllers/unsubscription_controller.rb | 9 +++++++++ app/views/unsubscription/invalid_token.html.erb | 14 ++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 app/views/unsubscription/invalid_token.html.erb diff --git a/app/controllers/unsubscription_controller.rb b/app/controllers/unsubscription_controller.rb index 014ce94..cc9560f 100644 --- a/app/controllers/unsubscription_controller.rb +++ b/app/controllers/unsubscription_controller.rb @@ -2,9 +2,12 @@ class UnsubscriptionController < ApplicationController before_action :set_email_message, :set_account + before_action :require_email_message def show; end + def invalid_token; end + def destroy raise 'cannot find subscription for unsubscription' if @email_message.subscription.blank? @@ -19,4 +22,10 @@ def destroy def set_email_message @email_message = EmailMessage.find_by(unsubscribe_token: params[:token]) end + + def require_email_message + return if @email_message.present? + + render :invalid_token, status: :not_found + end end diff --git a/app/views/unsubscription/invalid_token.html.erb b/app/views/unsubscription/invalid_token.html.erb new file mode 100644 index 0000000..51be733 --- /dev/null +++ b/app/views/unsubscription/invalid_token.html.erb @@ -0,0 +1,14 @@ +<% title 'Invalid Link' %> + +
+
+

+ This unsubscribe link is invalid +

+

+ The link you followed may have expired or already been used. + If you're still receiving unwanted emails, please use the unsubscribe link + from your most recent message. +

+
+