From b7e492e20e6a0359c6f2be1776febea4f43e17f9 Mon Sep 17 00:00:00 2001 From: Rostislav Wolny Date: Sat, 3 Mar 2018 11:39:41 +0100 Subject: [PATCH] endpoints/track: Exit with 403 code and eventually display 403 page when subscriber token doesn't match [MAILPOET-782] --- lib/Router/Endpoints/Track.php | 10 +++++++++- tests/unit/Router/Endpoints/TrackTest.php | 5 ++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/Router/Endpoints/Track.php b/lib/Router/Endpoints/Track.php index fe998c97f8..721ebd2d6c 100644 --- a/lib/Router/Endpoints/Track.php +++ b/lib/Router/Endpoints/Track.php @@ -65,7 +65,9 @@ class Track { if(!$data->subscriber || !$data->queue || !$data->newsletter) return false; $subscriber_token_match = Subscriber::verifyToken($data->subscriber->email, $data->subscriber_token); - if(!$subscriber_token_match) return false; + if(!$subscriber_token_match) { + $this->terminate(403); + } // return if this is a WP user previewing the newsletter if($data->subscriber->isWPUser() && $data->preview) { return $data; @@ -75,4 +77,10 @@ class Track { $data : false; } + + private function terminate($code) { + status_header($code); + get_template_part((string)$code); + exit; + } } \ No newline at end of file diff --git a/tests/unit/Router/Endpoints/TrackTest.php b/tests/unit/Router/Endpoints/TrackTest.php index 8382048a19..fd4079f0fa 100644 --- a/tests/unit/Router/Endpoints/TrackTest.php +++ b/tests/unit/Router/Endpoints/TrackTest.php @@ -1,6 +1,7 @@ subscriber->email = 'random@email.com'; - expect($this->track->_validateTrackData($data))->false(); + $track = Mock::double($this->track, array('terminate' => null)); + $track->_validateTrackData($data); + $track->verifyInvokedOnce('terminate', array(403)); } function testItFailsWhenSubscriberIsNotOnProcessedList() {