Class: Spree::Api::V3::Store::NewsletterSubscribersController

Inherits:
Store::BaseController
  • Object
show all
Defined in:
app/controllers/spree/api/v3/store/newsletter_subscribers_controller.rb

Instance Method Summary collapse

Instance Method Details

#createObject

POST /api/v3/store/newsletter_subscribers



14
15
16
17
18
19
20
21
22
23
24
25
26
27
# File 'app/controllers/spree/api/v3/store/newsletter_subscribers_controller.rb', line 14

def create
  subscriber = Spree::NewsletterSubscriber.subscribe(
    email: params[:email],
    user: current_user,
    store: current_store,
    redirect_url: validated_redirect_url
  )

  if subscriber.errors.any?
    render_errors(subscriber.errors)
  else
    render json: serialize_resource(subscriber), status: :created
  end
end

#destroyObject

DELETE /api/v3/store/newsletter_subscribers/:id Accepts either of:

- Authorization: Bearer <jwt> — logged-in customer destroying their own subscription
- ?token=<unsubscribe-token>  — bearer from `subscriber.generate_token_for(:unsubscribe)`,
                              typically clicked from an unsubscribe email


61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# File 'app/controllers/spree/api/v3/store/newsletter_subscribers_controller.rb', line 61

def destroy
  subscriber = find_owned_subscriber || find_subscriber_by_unsubscribe_token

  if subscriber.blank?
    return render_error(
      code: ERROR_CODES[:invalid_token],
      message: Spree.t(:newsletter_unsubscribe_token_invalid, scope: :api),
      status: :unprocessable_content
    )
  end

  linked_user = subscriber.user
  subscriber.destroy!

  # Keep accepts_email_marketing in sync, but only when no subscriptions remain.
  if linked_user&.accepts_email_marketing? && Spree::NewsletterSubscriber.where(user_id: linked_user.id).none?
    linked_user.update(accepts_email_marketing: false)
  end

  head :no_content
end

#request_unsubscribeObject

POST /api/v3/store/newsletter_subscribers/request_unsubscribe Publishes a newsletter_subscriber.unsubscribe_requested event carrying the unsubscribe token. Always returns 202 to prevent email enumeration.



86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# File 'app/controllers/spree/api/v3/store/newsletter_subscribers_controller.rb', line 86

def request_unsubscribe
  subscriber = Spree::NewsletterSubscriber.for_store(current_store).find_by(email: params[:email])

  if subscriber
    payload = {
      id: subscriber.prefixed_id,
      email: subscriber.email,
      unsubscribe_token: subscriber.generate_token_for(:unsubscribe),
      store_id: current_store.prefixed_id,
      customer_id: subscriber.user&.prefixed_id
    }

    redirect_url = validated_redirect_url
    payload[:redirect_url] = redirect_url if redirect_url.present?

    subscriber.publish_event('newsletter_subscriber.unsubscribe_requested', payload)
  end

  head :accepted
end

#verifyObject

POST /api/v3/store/newsletter_subscribers/verify



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'app/controllers/spree/api/v3/store/newsletter_subscribers_controller.rb', line 30

def verify
  token = params[:token]

  if token.blank?
    return render_error(
      code: ERROR_CODES[:parameter_missing],
      message: 'token is required',
      status: :unprocessable_content
    )
  end

  subscriber = Spree::NewsletterSubscriber.for_store(current_store).unverified.find_by(verification_token: token)

  unless subscriber
    return render_error(
      code: ERROR_CODES[:invalid_token],
      message: Spree.t(:newsletter_verification_token_invalid, scope: :api),
      status: :unprocessable_content
    )
  end

  Spree::Newsletter::Verify.new(subscriber: subscriber).call

  render json: serialize_resource(subscriber)
end