diff --git a/lib/API/API.php b/lib/API/API.php index 8142efefb8..906733ec2e 100644 --- a/lib/API/API.php +++ b/lib/API/API.php @@ -33,7 +33,18 @@ class API { function setupAjax() { $this->getRequestData(); - $this->checkToken(); + + if($this->checkToken() === false) { + $error_response = new ErrorResponse( + array( + Error::UNAUTHORIZED => __('Invalid request.', 'mailpoet') + ), + array(), + Response::STATUS_UNAUTHORIZED + ); + $error_response->send(); + } + $this->processRoute(); } @@ -96,7 +107,19 @@ class API { || $permissions[$this->_method] !== Access::ALL ) { - $this->checkPermissions(); + if($this->checkPermissions() === false) { + $error_response = new ErrorResponse( + array( + Error::FORBIDDEN => __( + 'You do not have the required permissions.', + 'mailpoet' + ) + ), + array(), + Response::STATUS_FORBIDDEN + ); + $error_response->send(); + } } $response = $endpoint->{$this->_method}($this->_data); @@ -110,36 +133,11 @@ class API { } function checkPermissions() { - $has_permission = current_user_can('manage_options'); - - if($has_permission === false) { - $error_response = new ErrorResponse( - array( - Error::FORBIDDEN => __( - 'You do not have the required permissions.', - 'mailpoet' - ) - ), - array(), - Response::STATUS_FORBIDDEN - ); - $error_response->send(); - } + return current_user_can('manage_options'); } function checkToken() { - $is_valid_token = wp_verify_nonce($this->_token, 'mailpoet_token'); - - if($is_valid_token === false) { - $error_response = new ErrorResponse( - array( - Error::UNAUTHORIZED => __('Invalid request.', 'mailpoet') - ), - array(), - Response::STATUS_UNAUTHORIZED - ); - $error_response->send(); - } + return wp_verify_nonce($this->_token, 'mailpoet_token'); } function setToken() { diff --git a/tests/unit/API/CustomFieldsTest.php b/tests/unit/API/Endpoints/CustomFieldsTest.php similarity index 100% rename from tests/unit/API/CustomFieldsTest.php rename to tests/unit/API/Endpoints/CustomFieldsTest.php diff --git a/tests/unit/API/FormsTest.php b/tests/unit/API/Endpoints/FormsTest.php similarity index 100% rename from tests/unit/API/FormsTest.php rename to tests/unit/API/Endpoints/FormsTest.php diff --git a/tests/unit/API/NewsletterTemplatesTest.php b/tests/unit/API/Endpoints/NewsletterTemplatesTest.php similarity index 100% rename from tests/unit/API/NewsletterTemplatesTest.php rename to tests/unit/API/Endpoints/NewsletterTemplatesTest.php diff --git a/tests/unit/API/NewslettersTest.php b/tests/unit/API/Endpoints/NewslettersTest.php similarity index 100% rename from tests/unit/API/NewslettersTest.php rename to tests/unit/API/Endpoints/NewslettersTest.php diff --git a/tests/unit/API/SegmentsTest.php b/tests/unit/API/Endpoints/SegmentsTest.php similarity index 100% rename from tests/unit/API/SegmentsTest.php rename to tests/unit/API/Endpoints/SegmentsTest.php diff --git a/tests/unit/API/SettingsTest.php b/tests/unit/API/Endpoints/SettingsTest.php similarity index 100% rename from tests/unit/API/SettingsTest.php rename to tests/unit/API/Endpoints/SettingsTest.php diff --git a/tests/unit/API/SetupTest.php b/tests/unit/API/Endpoints/SetupTest.php similarity index 100% rename from tests/unit/API/SetupTest.php rename to tests/unit/API/Endpoints/SetupTest.php diff --git a/tests/unit/API/SubscribersTest.php b/tests/unit/API/Endpoints/SubscribersTest.php similarity index 100% rename from tests/unit/API/SubscribersTest.php rename to tests/unit/API/Endpoints/SubscribersTest.php