email: tighten unsubscribe — test isolation, accurate comments, tighter assertion

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 23:10:29 +02:00 · 2026-05-25 23:10:29 +02:00 · 0a476bed22
commit 0a476bed22
parent a292289dc6
2 changed files with 13 additions and 13 deletions
--- a/app/routers/email.py
+++ b/app/routers/email.py
@ -15,6 +15,7 @@ from fastapi.responses import HTMLResponse
 from itsdangerous import BadSignature, URLSafeSerializer
 from sqlalchemy.ext.asyncio import AsyncSession

+from app import branding
 from app.config import get_settings
 from app.db import get_session
 from app.logging import get_logger
@ -30,8 +31,9 @@ _SALT = "digest-unsubscribe-v1"
 def _serializer() -> URLSafeSerializer:
    s = get_settings()
    if not s.CASSANDRA_SESSION_SECRET:
-        # In tests with no secret configured, fall back to a constant —
-        # NEVER reach production; settings validation should catch this.
+        # In tests with no secret configured, fall back to a constant.
+        # An empty CASSANDRA_SESSION_SECRET in prod would also break login,
+        # so this branch is "best-effort dev fallback", not a real prod path.
        return URLSafeSerializer("dev-only-empty-secret", salt=_SALT)
    return URLSafeSerializer(s.CASSANDRA_SESSION_SECRET, salt=_SALT)

@ -84,7 +86,6 @@ async def unsubscribe(
    token: str = Query(...),
    session: AsyncSession = Depends(get_session),
 ):
-    from app import branding
    uid = verify_unsubscribe_token(token)
    if uid is not None:
        user = await session.get(User, uid)