Cavemanon/piratepoet
8
Fork 0
Code Pull Requests Actions Releases 16 Activity

Verify sender Address on newsletter activation

Browse Source 
[MAILPOET-5786]
This commit is contained in:
Brezo Cordero
2024-01-13 01:07:08 -06:00
committed by Aschepikov
parent f3693f4afd
commit 1162b5aca1
2 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
mailpoet/lib/API/JSON/v1/Newsletters.php
View File

@@ -23,6 +23,7 @@ use MailPoet\Newsletter\Preview\SendPreviewException;
use MailPoet\Newsletter\Scheduler\PostNotificationScheduler; use MailPoet\Newsletter\Scheduler\PostNotificationScheduler;
use MailPoet\Newsletter\Scheduler\Scheduler; use MailPoet\Newsletter\Scheduler\Scheduler;
use MailPoet\Newsletter\Url as NewsletterUrl; use MailPoet\Newsletter\Url as NewsletterUrl;
use MailPoet\Services\AuthorizedEmailsController;
use MailPoet\Settings\SettingsController; use MailPoet\Settings\SettingsController;
use MailPoet\UnexpectedValueException; use MailPoet\UnexpectedValueException;
use MailPoet\Util\License\Features\Subscribers as SubscribersFeature; use MailPoet\Util\License\Features\Subscribers as SubscribersFeature;
@@ -81,6 +82,9 @@ class Newsletters extends APIEndpoint {
/** @var Scheduler */ /** @var Scheduler */
private $scheduler; private $scheduler;
/** @var AuthorizedEmailsController */
private $authorizedEmailsController;
public function __construct( public function __construct(
Listing\Handler $listingHandler, Listing\Handler $listingHandler,
WPFunctions $wp, WPFunctions $wp,
@@ -96,7 +100,8 @@ class Newsletters extends APIEndpoint {
NewsletterSaveController $newsletterSaveController, NewsletterSaveController $newsletterSaveController,
NewsletterUrl $newsletterUrl, NewsletterUrl $newsletterUrl,
Scheduler $scheduler, Scheduler $scheduler,
NewsletterValidator $newsletterValidator NewsletterValidator $newsletterValidator,
AuthorizedEmailsController $authorizedEmailsController
) { ) {
$this->listingHandler = $listingHandler; $this->listingHandler = $listingHandler;
$this->wp = $wp; $this->wp = $wp;
@@ -113,6 +118,7 @@ class Newsletters extends APIEndpoint {
$this->newsletterUrl = $newsletterUrl; $this->newsletterUrl = $newsletterUrl;
$this->scheduler = $scheduler; $this->scheduler = $scheduler;
$this->newsletterValidator = $newsletterValidator; $this->newsletterValidator = $newsletterValidator;
$this->authorizedEmailsController = $authorizedEmailsController;
} }
public function get($data = []) { public function get($data = []) {
@@ -185,6 +191,12 @@ class Newsletters extends APIEndpoint {
]); ]);
} }
if ($status === NewsletterEntity::STATUS_ACTIVE && !$this->authorizedEmailsController->isSenderAddressValidForActivation($newsletter)) {
return $this->errorResponse([
APIError::FORBIDDEN => __('The sender address is not an authorized sender domain.', 'mailpoet'),
], [], Response::STATUS_FORBIDDEN);
}
if ($status === NewsletterEntity::STATUS_ACTIVE) { if ($status === NewsletterEntity::STATUS_ACTIVE) {
$validationError = $this->newsletterValidator->validate($newsletter); $validationError = $this->newsletterValidator->validate($newsletter);
if ($validationError !== null) { if ($validationError !== null) {

16
mailpoet/tests/integration/API/JSON/v1/NewslettersTest.php
View File

@@ -27,6 +27,7 @@ use MailPoet\Newsletter\Statistics\NewsletterStatisticsRepository;
use MailPoet\Newsletter\Url; use MailPoet\Newsletter\Url;
use MailPoet\Router\Router; use MailPoet\Router\Router;
use MailPoet\Segments\SegmentsRepository; use MailPoet\Segments\SegmentsRepository;
use MailPoet\Services\AuthorizedEmailsController;
use MailPoet\Settings\SettingsController; use MailPoet\Settings\SettingsController;
use MailPoet\Tasks\Sending as SendingTask; use MailPoet\Tasks\Sending as SendingTask;
use MailPoet\Test\DataFactories\Newsletter; use MailPoet\Test\DataFactories\Newsletter;
@@ -224,6 +225,21 @@ class NewslettersTest extends \MailPoetTest {
verify($res->status)->equals(APIResponse::STATUS_FORBIDDEN); verify($res->status)->equals(APIResponse::STATUS_FORBIDDEN);
} }
public function testItReturnsErrorIfSenderAddressNotValidForActivation() {
$endpoint = $this->getServiceWithOverrides(Newsletters::class, [
'cronHelper' => $this->cronHelper,
'subscribersFeature' => Stub::make(Subscribers::class, ['check' => true]),
'authorizedEmailsController' => Stub::make(AuthorizedEmailsController::class, [
'isSenderAddressValidForActivation' => Expected::once(false),
]),
]);
$res = $endpoint->setStatus([
'id' => $this->postNotification->getId(),
'status' => NewsletterEntity::STATUS_ACTIVE,
]);
verify($res->status)->equals(APIResponse::STATUS_FORBIDDEN);
}
public function testItCanSetANewsletterStatus() { public function testItCanSetANewsletterStatus() {
// set status to sending // set status to sending
$response = $this->endpoint->setStatus $response = $this->endpoint->setStatus