diff --git a/mailpoet/lib/API/JSON/v1/Newsletters.php b/mailpoet/lib/API/JSON/v1/Newsletters.php index 03e3b63ae9..f4e084da2e 100644 --- a/mailpoet/lib/API/JSON/v1/Newsletters.php +++ b/mailpoet/lib/API/JSON/v1/Newsletters.php @@ -23,6 +23,7 @@ use MailPoet\Newsletter\Preview\SendPreviewException; use MailPoet\Newsletter\Scheduler\PostNotificationScheduler; use MailPoet\Newsletter\Scheduler\Scheduler; use MailPoet\Newsletter\Url as NewsletterUrl; +use MailPoet\Services\AuthorizedEmailsController; use MailPoet\Settings\SettingsController; use MailPoet\UnexpectedValueException; use MailPoet\Util\License\Features\Subscribers as SubscribersFeature; @@ -81,6 +82,9 @@ class Newsletters extends APIEndpoint { /** @var Scheduler */ private $scheduler; + /** @var AuthorizedEmailsController */ + private $authorizedEmailsController; + public function __construct( Listing\Handler $listingHandler, WPFunctions $wp, @@ -96,7 +100,8 @@ class Newsletters extends APIEndpoint { NewsletterSaveController $newsletterSaveController, NewsletterUrl $newsletterUrl, Scheduler $scheduler, - NewsletterValidator $newsletterValidator + NewsletterValidator $newsletterValidator, + AuthorizedEmailsController $authorizedEmailsController ) { $this->listingHandler = $listingHandler; $this->wp = $wp; @@ -113,6 +118,7 @@ class Newsletters extends APIEndpoint { $this->newsletterUrl = $newsletterUrl; $this->scheduler = $scheduler; $this->newsletterValidator = $newsletterValidator; + $this->authorizedEmailsController = $authorizedEmailsController; } public function get($data = []) { @@ -185,6 +191,12 @@ class Newsletters extends APIEndpoint { ]); } + if ($status === NewsletterEntity::STATUS_ACTIVE && !$this->authorizedEmailsController->isSenderAddressValidForActivation($newsletter)) { + return $this->errorResponse([ + APIError::FORBIDDEN => __('The sender address is not an authorized sender domain.', 'mailpoet'), + ], [], Response::STATUS_FORBIDDEN); + } + if ($status === NewsletterEntity::STATUS_ACTIVE) { $validationError = $this->newsletterValidator->validate($newsletter); if ($validationError !== null) { diff --git a/mailpoet/tests/integration/API/JSON/v1/NewslettersTest.php b/mailpoet/tests/integration/API/JSON/v1/NewslettersTest.php index a75be2c8ed..a76b7cfe22 100644 --- a/mailpoet/tests/integration/API/JSON/v1/NewslettersTest.php +++ b/mailpoet/tests/integration/API/JSON/v1/NewslettersTest.php @@ -27,6 +27,7 @@ use MailPoet\Newsletter\Statistics\NewsletterStatisticsRepository; use MailPoet\Newsletter\Url; use MailPoet\Router\Router; use MailPoet\Segments\SegmentsRepository; +use MailPoet\Services\AuthorizedEmailsController; use MailPoet\Settings\SettingsController; use MailPoet\Tasks\Sending as SendingTask; use MailPoet\Test\DataFactories\Newsletter; @@ -224,6 +225,21 @@ class NewslettersTest extends \MailPoetTest { verify($res->status)->equals(APIResponse::STATUS_FORBIDDEN); } + public function testItReturnsErrorIfSenderAddressNotValidForActivation() { + $endpoint = $this->getServiceWithOverrides(Newsletters::class, [ + 'cronHelper' => $this->cronHelper, + 'subscribersFeature' => Stub::make(Subscribers::class, ['check' => true]), + 'authorizedEmailsController' => Stub::make(AuthorizedEmailsController::class, [ + 'isSenderAddressValidForActivation' => Expected::once(false), + ]), + ]); + $res = $endpoint->setStatus([ + 'id' => $this->postNotification->getId(), + 'status' => NewsletterEntity::STATUS_ACTIVE, + ]); + verify($res->status)->equals(APIResponse::STATUS_FORBIDDEN); + } + public function testItCanSetANewsletterStatus() { // set status to sending $response = $this->endpoint->setStatus