Add validation for sender_addresses within scheduled and automatic emails
[MAILPOET-2022]
This commit is contained in:
Rostislav Wolny
committed by
M. Shull
M. Shull
parent
f86c0c9612
commit
70f897e61e
@@ -19,6 +19,7 @@ if (!defined('ABSPATH')) exit;
|
||||
* @property string $type
|
||||
* @property object|boolean $queue
|
||||
* @property string $hash
|
||||
* @property string $sender_address
|
||||
* @property string $status
|
||||
* @property string|object $meta
|
||||
* @property array $options
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
namespace MailPoet\Services;
|
||||
|
||||
use Carbon\Carbon;
|
||||
use MailPoet\Models\Newsletter;
|
||||
use MailPoet\Settings\SettingsController;
|
||||
|
||||
if (!defined('ABSPATH')) exit;
|
||||
@@ -34,8 +35,11 @@ class AuthorizedEmailsController {
|
||||
if ($authorized_emails === false) {
|
||||
return;
|
||||
}
|
||||
$authorized_emails = array_map('strtolower', $authorized_emails);
|
||||
|
||||
$result = $this->validateAddressesInSettings($authorized_emails);
|
||||
$result = [];
|
||||
$result = $this->validateAddressesInSettings($authorized_emails, $result);
|
||||
$result = $this->validateAddressesInScheduledAndAutomaticEmails($authorized_emails, $result);
|
||||
$this->settings->set(self::AUTHORIZED_EMAIL_ADDRESSES_ERROR_SETTING, $result ?: null);
|
||||
}
|
||||
|
||||
@@ -50,15 +54,49 @@ class AuthorizedEmailsController {
|
||||
private function validateAddressesInSettings($authorized_emails, $result = []) {
|
||||
$default_sender_address = $this->settings->get('sender.address');
|
||||
$signup_confirmation_address = $this->settings->get('signup_confirmation.from.address');
|
||||
$authorized_emails = array_map('strtolower', $authorized_emails);
|
||||
|
||||
if (!in_array(strtolower($default_sender_address), $authorized_emails, true)) {
|
||||
if (!$this->validateAuthorizedEmail($authorized_emails, $default_sender_address)) {
|
||||
$result['invalid_sender_address'] = $default_sender_address;
|
||||
}
|
||||
if (!in_array(strtolower($signup_confirmation_address), $authorized_emails, true)) {
|
||||
if (!$this->validateAuthorizedEmail($authorized_emails, $signup_confirmation_address)) {
|
||||
$result['invalid_confirmation_address'] = $signup_confirmation_address;
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
private function validateAddressesInScheduledAndAutomaticEmails($authorized_emails, $result = []) {
|
||||
$condittion = sprintf(
|
||||
"(`type` = '%s' AND `status` = '%s') OR (`type` IN ('%s') AND `status` = '%s')",
|
||||
Newsletter::TYPE_STANDARD,
|
||||
Newsletter::STATUS_SCHEDULED,
|
||||
implode("', '", [ Newsletter::TYPE_WELCOME, Newsletter::TYPE_NOTIFICATION, Newsletter::TYPE_AUTOMATIC ]),
|
||||
Newsletter::STATUS_ACTIVE
|
||||
);
|
||||
|
||||
$newsletters = Newsletter::whereRaw($condittion)->findMany();
|
||||
|
||||
$invalid_senders_in_newsletters = [];
|
||||
foreach ($newsletters as $newsletter) {
|
||||
if ($this->validateAuthorizedEmail($authorized_emails, $newsletter->sender_address)) {
|
||||
continue;
|
||||
}
|
||||
$invalid_senders_in_newsletters[] = [
|
||||
'newsletter_id' => $newsletter->id,
|
||||
'subject' => $newsletter->subject,
|
||||
'sender_address' => $newsletter->sender_address,
|
||||
];
|
||||
}
|
||||
|
||||
if (!count($invalid_senders_in_newsletters)) {
|
||||
return $result;
|
||||
}
|
||||
|
||||
$result['invalid_senders_in_newsletters'] = $invalid_senders_in_newsletters;
|
||||
return $result;
|
||||
}
|
||||
|
||||
private function validateAuthorizedEmail($authorized_emails, $email) {
|
||||
return in_array(strtolower($email), $authorized_emails, true);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ namespace MailPoet\Test\Services;
|
||||
use Carbon\Carbon;
|
||||
use Codeception\Stub\Expected;
|
||||
use MailPoet\Mailer\Mailer;
|
||||
use MailPoet\Models\Newsletter;
|
||||
use MailPoet\Models\Setting;
|
||||
use MailPoet\Services\AuthorizedEmailsController;
|
||||
use MailPoet\Services\Bridge;
|
||||
@@ -76,6 +77,68 @@ class AuthorizedEmailsControllerTest extends \MailPoetTest {
|
||||
expect($this->settings->get(AuthorizedEmailsController::AUTHORIZED_EMAIL_ADDRESSES_ERROR_SETTING))->null();
|
||||
}
|
||||
|
||||
function testItSetErrorForScheduledNewsletterWithUnauthorizedSender() {
|
||||
$this->checkUnauthorizedInNewsletter(Newsletter::TYPE_STANDARD, Newsletter::STATUS_SCHEDULED);
|
||||
}
|
||||
|
||||
function testItSetErrorForActiveWelcomeEmailUnauthorizedSender() {
|
||||
$this->checkUnauthorizedInNewsletter(Newsletter::TYPE_WELCOME, Newsletter::STATUS_ACTIVE);
|
||||
}
|
||||
|
||||
function testItSetErrorForPostNotificationUnauthorizedSender() {
|
||||
$this->checkUnauthorizedInNewsletter(Newsletter::TYPE_NOTIFICATION, Newsletter::STATUS_ACTIVE);
|
||||
}
|
||||
|
||||
function testItSetErrorForAutomaticEmailUnauthorizedSender() {
|
||||
$this->checkUnauthorizedInNewsletter(Newsletter::TYPE_AUTOMATIC, Newsletter::STATUS_ACTIVE);
|
||||
}
|
||||
|
||||
function testItResetErrorWhenAllSendersAreCorrect() {
|
||||
$newsletter = Newsletter::createOrUpdate([
|
||||
'subject' => 'Subject',
|
||||
'status' => Newsletter::STATUS_ACTIVE,
|
||||
'type' => Newsletter::TYPE_AUTOMATIC,
|
||||
]);
|
||||
$newsletter->sender_address = 'auth@email.com';
|
||||
$newsletter->save();
|
||||
$newsletter2 = Newsletter::createOrUpdate([
|
||||
'subject' => 'Subject2',
|
||||
'status' => Newsletter::STATUS_SCHEDULED,
|
||||
'type' => Newsletter::TYPE_STANDARD,
|
||||
]);
|
||||
$newsletter2->sender_address = 'auth@email.com';
|
||||
$newsletter2->save();
|
||||
$this->settings->set('installed_at', new Carbon());
|
||||
$this->settings->set('sender.address', 'auth@email.com');
|
||||
$this->settings->set('signup_confirmation.from.address', 'auth@email.com');
|
||||
$this->setMailPoetSendingMethod();
|
||||
$controller = $this->getController($authorized_emails_from_api = ['auth@email.com']);
|
||||
$controller->checkAuthorizedEmailAddresses();
|
||||
$error = $this->settings->get(AuthorizedEmailsController::AUTHORIZED_EMAIL_ADDRESSES_ERROR_SETTING);
|
||||
expect($error)->null();
|
||||
}
|
||||
|
||||
private function checkUnauthorizedInNewsletter($type, $status) {
|
||||
$newsletter = Newsletter::createOrUpdate([
|
||||
'subject' => 'Subject',
|
||||
'status' => $status,
|
||||
'type' => $type,
|
||||
]);
|
||||
$newsletter->sender_address = 'invalid@email.com';
|
||||
$newsletter->save();
|
||||
$this->settings->set('installed_at', new Carbon());
|
||||
$this->settings->set('sender.address', 'auth@email.com');
|
||||
$this->settings->set('signup_confirmation.from.address', 'auth@email.com');
|
||||
$this->setMailPoetSendingMethod();
|
||||
$controller = $this->getController($authorized_emails_from_api = ['auth@email.com']);
|
||||
$controller->checkAuthorizedEmailAddresses();
|
||||
$error = $this->settings->get(AuthorizedEmailsController::AUTHORIZED_EMAIL_ADDRESSES_ERROR_SETTING);
|
||||
expect(count($error['invalid_senders_in_newsletters']))->equals(1);
|
||||
expect($error['invalid_senders_in_newsletters'][0]['newsletter_id'])->equals($newsletter->id);
|
||||
expect($error['invalid_senders_in_newsletters'][0]['sender_address'])->equals('invalid@email.com');
|
||||
expect($error['invalid_senders_in_newsletters'][0]['subject'])->equals('Subject');
|
||||
}
|
||||
|
||||
private function setMailPoetSendingMethod() {
|
||||
$this->settings->set(
|
||||
Mailer::MAILER_CONFIG_SETTING_NAME,
|
||||
@@ -98,5 +161,6 @@ class AuthorizedEmailsControllerTest extends \MailPoetTest {
|
||||
|
||||
function _after() {
|
||||
\ORM::raw_execute('TRUNCATE ' . Setting::$_table);
|
||||
\ORM::raw_execute('TRUNCATE ' . Newsletter::$_table);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user