Verify sender Address on newsletter activation

[MAILPOET-5786]

mailpoet/lib/API/JSON/v1/Newsletters.php

@@ -23,6 +23,7 @@ use MailPoet\Newsletter\Preview\SendPreviewException;
 use MailPoet\Newsletter\Scheduler\PostNotificationScheduler;
 use MailPoet\Newsletter\Scheduler\Scheduler;
 use MailPoet\Newsletter\Url as NewsletterUrl;
+use MailPoet\Services\AuthorizedEmailsController;
 use MailPoet\Settings\SettingsController;
 use MailPoet\UnexpectedValueException;
 use MailPoet\Util\License\Features\Subscribers as SubscribersFeature;
@@ -81,6 +82,9 @@ class Newsletters extends APIEndpoint {
   /** @var Scheduler */
   private $scheduler;
 
+  /** @var AuthorizedEmailsController */
+  private $authorizedEmailsController;
+
   public function __construct(
     Listing\Handler $listingHandler,
     WPFunctions $wp,
@@ -96,7 +100,8 @@ class Newsletters extends APIEndpoint {
     NewsletterSaveController $newsletterSaveController,
     NewsletterUrl $newsletterUrl,
     Scheduler $scheduler,
-    NewsletterValidator $newsletterValidator
+    NewsletterValidator $newsletterValidator,
+    AuthorizedEmailsController $authorizedEmailsController
   ) {
     $this->listingHandler = $listingHandler;
     $this->wp = $wp;
@@ -113,6 +118,7 @@ class Newsletters extends APIEndpoint {
     $this->newsletterUrl = $newsletterUrl;
     $this->scheduler = $scheduler;
     $this->newsletterValidator = $newsletterValidator;
+    $this->authorizedEmailsController = $authorizedEmailsController;
   }
 
   public function get($data = []) {
@@ -185,6 +191,12 @@ class Newsletters extends APIEndpoint {
       ]);
     }
 
+    if ($status === NewsletterEntity::STATUS_ACTIVE && !$this->authorizedEmailsController->isSenderAddressValidForActivation($newsletter)) {
+          return $this->errorResponse([
+            APIError::FORBIDDEN => __('The sender address is not an authorized sender domain.', 'mailpoet'),
+          ], [], Response::STATUS_FORBIDDEN);
+    }
+
     if ($status === NewsletterEntity::STATUS_ACTIVE) {
       $validationError = $this->newsletterValidator->validate($newsletter);
       if ($validationError !== null) {

mailpoet/tests/integration/API/JSON/v1/NewslettersTest.php

@@ -27,6 +27,7 @@ use MailPoet\Newsletter\Statistics\NewsletterStatisticsRepository;
 use MailPoet\Newsletter\Url;
 use MailPoet\Router\Router;
 use MailPoet\Segments\SegmentsRepository;
+use MailPoet\Services\AuthorizedEmailsController;
 use MailPoet\Settings\SettingsController;
 use MailPoet\Tasks\Sending as SendingTask;
 use MailPoet\Test\DataFactories\Newsletter;
@@ -224,6 +225,21 @@ class NewslettersTest extends \MailPoetTest {
     verify($res->status)->equals(APIResponse::STATUS_FORBIDDEN);
   }
 
+  public function testItReturnsErrorIfSenderAddressNotValidForActivation() {
+    $endpoint = $this->getServiceWithOverrides(Newsletters::class, [
+      'cronHelper' => $this->cronHelper,
+      'subscribersFeature' => Stub::make(Subscribers::class, ['check' => true]),
+      'authorizedEmailsController' => Stub::make(AuthorizedEmailsController::class, [
+        'isSenderAddressValidForActivation' => Expected::once(false),
+      ]),
+    ]);
+    $res = $endpoint->setStatus([
+      'id' => $this->postNotification->getId(),
+      'status' => NewsletterEntity::STATUS_ACTIVE,
+    ]);
+    verify($res->status)->equals(APIResponse::STATUS_FORBIDDEN);
+  }
+
   public function testItCanSetANewsletterStatus() {
     // set status to sending
     $response = $this->endpoint->setStatus