Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Fix the possibility of repeatedly submitting a form with an existing e-mail address [MAILPOET-1115]

Browse Source
This commit is contained in:
stoletniy
2017-09-28 12:38:37 +03:00
committed by pavel-mailpoet
parent e4ab928e82
commit 8a91eb46e6
2 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/Models/Subscriber.php
View File

@ -184,8 +184,8 @@ class Subscriber extends Model {
'subscribed_ip',
$subscriber_data['subscribed_ip']
)->whereRaw(
'TIME_TO_SEC(TIMEDIFF(NOW(), created_at)) < ?',
self::SUBSCRIPTION_LIMIT_COOLDOWN
'(TIME_TO_SEC(TIMEDIFF(NOW(), created_at)) < ? OR TIME_TO_SEC(TIMEDIFF(NOW(), updated_at)) < ?)',
array(self::SUBSCRIPTION_LIMIT_COOLDOWN, self::SUBSCRIPTION_LIMIT_COOLDOWN)
)->count();
if($subscription_count > 0) {
@ -205,6 +205,7 @@ class Subscriber extends Model {
} else {
// store subscriber data to be updated after confirmation
$subscriber->setUnconfirmedData($subscriber_data);
$subscriber->setExpr('updated_at', 'NOW()');
}
// restore trashed subscriber

29
tests/unit/API/JSON/v1/SubscribersTest.php
View File

@ -1,6 +1,7 @@
<?php
namespace MailPoet\Test\API\JSON\v1;
use Carbon\Carbon;
use Codeception\Util\Fixtures;
use MailPoet\API\JSON\v1\Subscribers;
use MailPoet\API\JSON\Response as APIResponse;
@ -519,6 +520,34 @@ class SubscribersTest extends \MailPoetTest {
}
}
function testItCannotMassResubscribe() {
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$router = new Subscribers();
$response = $router->subscribe(array(
$this->obfuscatedEmail => 'toto@mailpoet.com',
'form_id' => $this->form->id,
$this->obfuscatedSegments => array($this->segment_1->id, $this->segment_2->id)
));
// Try to resubscribe an existing subscriber that was updated just now
$subscriber = Subscriber::findOne($response->data['id']);
$subscriber->created_at = Carbon::yesterday();
$subscriber->updated_at = Carbon::now();
$subscriber->save();
try {
$response = $router->subscribe(array(
$this->obfuscatedEmail => $subscriber->email,
'form_id' => $this->form->id,
$this->obfuscatedSegments => array($this->segment_1->id, $this->segment_2->id)
));
$this->fail('It should not be possible to resubscribe a second time so soon');
} catch(\Exception $e) {
expect($e->getMessage())->equals('You need to wait before subscribing again.');
}
}
function _after() {
Segment::deleteMany();
Subscriber::deleteMany();