Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
61.11% |
11 / 18 |
|
0.00% |
0 / 3 |
CRAP | n/a |
0 / 0 |
|
| wpcom_write_launch_blocked_for_unverified_email | |
80.00% |
4 / 5 |
|
0.00% |
0 / 1 |
3.07 | |||
| wpcom_write_ajax_resend_verification_email | |
80.00% |
4 / 5 |
|
0.00% |
0 / 1 |
2.03 | |||
| wpcom_write_ajax_check_email_verification | |
75.00% |
3 / 4 |
|
0.00% |
0 / 1 |
2.06 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * Write — email-verification launch gate. |
| 4 | * |
| 5 | * Backs the post-publish checklist's inline "confirm your email to launch" step. |
| 6 | * The blocked state is computed here and passed into the overlay at render time |
| 7 | * (see post-publish-checklist.php) rather than fetched over REST, because a wpcom |
| 8 | * Simple site serves no REST API at its own hostname — a same-origin status fetch |
| 9 | * would 404 and silently fail open. |
| 10 | * |
| 11 | * @package automattic/jetpack-mu-wpcom |
| 12 | */ |
| 13 | |
| 14 | if ( ! defined( 'ABSPATH' ) ) { |
| 15 | exit; |
| 16 | } |
| 17 | |
| 18 | /** |
| 19 | * Whether the current user's site launch must be blocked pending email verification. |
| 20 | * |
| 21 | * Mirrors wpcom's launch_blocked_for_unverified_email() so the overlay can't |
| 22 | * disagree with the back-end launch gate: only Write On sites |
| 23 | * (`site_creation_flow = 'write-on'`) are gated, and only when the launching |
| 24 | * user's email is unverified. Email_Verification is a WordPress.com-side class; |
| 25 | * when it's absent (non-wpcom context) nothing is blocked, so the overlay fails |
| 26 | * open to the plain launch redirect. |
| 27 | * |
| 28 | * @return bool True when launch should be blocked. |
| 29 | */ |
| 30 | function wpcom_write_launch_blocked_for_unverified_email() { |
| 31 | if ( ! class_exists( 'Email_Verification' ) ) { |
| 32 | return false; |
| 33 | } |
| 34 | |
| 35 | // Exact match: `site_creation_flow` is reused by many flows. |
| 36 | if ( 'write-on' !== get_option( 'site_creation_flow' ) ) { |
| 37 | return false; |
| 38 | } |
| 39 | |
| 40 | return Email_Verification::is_email_unverified(); |
| 41 | } |
| 42 | |
| 43 | /** |
| 44 | * Nonce action shared by the checklist's resend and re-check ajax endpoints. |
| 45 | */ |
| 46 | const WPCOM_WRITE_EMAIL_VERIFICATION_NONCE = 'wpcom_write_email_verification'; |
| 47 | |
| 48 | /** |
| 49 | * Admin-ajax: resend the current user's email-verification message. |
| 50 | * |
| 51 | * The post-publish checklist's "confirm your email" step calls this so the author |
| 52 | * can re-request the verification email without leaving the page. admin-ajax is the |
| 53 | * transport because a wpcom Simple site serves no REST API at its own hostname. |
| 54 | * |
| 55 | * Logged-in only (registered on `wp_ajax_`, not `wp_ajax_nopriv_`); Email_Verification |
| 56 | * is a WordPress.com-side class, so off-wpcom this fails closed rather than fatally. |
| 57 | * |
| 58 | * @return void |
| 59 | */ |
| 60 | function wpcom_write_ajax_resend_verification_email() { |
| 61 | check_ajax_referer( WPCOM_WRITE_EMAIL_VERIFICATION_NONCE, 'nonce' ); |
| 62 | |
| 63 | if ( ! class_exists( 'Email_Verification' ) ) { |
| 64 | wp_send_json_error( array( 'message' => 'unavailable' ), 400, JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT ); |
| 65 | } |
| 66 | |
| 67 | // @phan-suppress-next-line PhanUndeclaredStaticMethod -- class_exists guarded above; resend_verification_email() isn't in the generated wpcom stub, unlike is_email_unverified(). |
| 68 | Email_Verification::resend_verification_email(); |
| 69 | |
| 70 | wp_send_json_success( null, 200, JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT ); |
| 71 | } |
| 72 | add_action( 'wp_ajax_wpcom_write_resend_verification_email', 'wpcom_write_ajax_resend_verification_email' ); |
| 73 | |
| 74 | /** |
| 75 | * Admin-ajax: report whether the current user's email is now verified. |
| 76 | * |
| 77 | * Lets the "confirm your email" step re-check status after the author clicks the |
| 78 | * verification link out-of-band, so a user who has verified isn't trapped and one |
| 79 | * who hasn't can't slip past to the launch flow. wpcom's verify_email() clears the |
| 80 | * cached user attribute when the link is clicked, so a fresh request reads current |
| 81 | * state without this endpoint reaching into that cache. |
| 82 | * |
| 83 | * @return void |
| 84 | */ |
| 85 | function wpcom_write_ajax_check_email_verification() { |
| 86 | check_ajax_referer( WPCOM_WRITE_EMAIL_VERIFICATION_NONCE, 'nonce' ); |
| 87 | |
| 88 | if ( ! class_exists( 'Email_Verification' ) ) { |
| 89 | wp_send_json_error( array( 'message' => 'unavailable' ), 400, JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT ); |
| 90 | } |
| 91 | |
| 92 | wp_send_json_success( array( 'verified' => ! Email_Verification::is_email_unverified() ), 200, JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT ); |
| 93 | } |
| 94 | add_action( 'wp_ajax_wpcom_write_check_email_verification', 'wpcom_write_ajax_check_email_verification' ); |