Make WordPress Core

Changeset 44641


Ignore:
Timestamp:
01/17/2019 09:24:47 PM (6 years ago)
Author:
desrosj
Message:

REST API: Allow a user to change the letter casing of their email.

When a PUT request is performed to update a user, a rest_user_invalid_email error is incorrectly being returned when the email exists with different letter casing, even if it belongs to the user being updated. email_exists() performs a case insensitive lookup, but the conditional statement following that lookup was performing a strict comparison between the new email and the user’s current email.

This changes that comparison to instead compare the user ID returned by email_exists() with the user ID being updated. This more closely matches the logic used in edit_user() and allows a user to change the letter casing of their email.

Props fuchsws, rachelbaker, desrosj.
Fixes #44672.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

    r43987 r44641  
    642642        }
    643643
    644         if ( email_exists( $request['email'] ) && $request['email'] !== $user->user_email ) {
     644        $owner_id = email_exists( $request['email'] );
     645
     646        if ( $owner_id && $owner_id !== $id ) {
    645647            return new WP_Error( 'rest_user_invalid_email', __( 'Invalid email address.' ), array( 'status' => 400 ) );
    646648        }
  • trunk/tests/phpunit/tests/rest-api/rest-users-controller.php

    r44584 r44641  
    14921492        $this->assertInstanceOf( 'WP_Error', $response->as_error() );
    14931493        $this->assertEquals( 'rest_user_invalid_email', $response->as_error()->get_error_code() );
     1494    }
     1495
     1496    /**
     1497     * @ticket 44672
     1498     */
     1499    public function test_update_item_existing_email_case() {
     1500        wp_set_current_user( self::$editor );
     1501
     1502        $user = get_userdata( self::$editor );
     1503
     1504        $updated_email_with_case_change = ucwords( $user->user_email, '@' );
     1505
     1506        $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', self::$editor ) );
     1507        $request->set_param( 'email', $updated_email_with_case_change );
     1508        $response = rest_get_server()->dispatch( $request );
     1509        $data     = $response->get_data();
     1510
     1511        $this->assertEquals( 200, $response->get_status() );
     1512        $this->assertEquals( $updated_email_with_case_change, $data['email'] );
     1513    }
     1514
     1515    /**
     1516     * @ticket 44672
     1517     */
     1518    public function test_update_item_existing_email_case_not_own() {
     1519        wp_set_current_user( self::$editor );
     1520
     1521        $user       = get_userdata( self::$editor );
     1522        $subscriber = get_userdata( self::$subscriber );
     1523
     1524        $updated_email_with_case_change = ucwords( $subscriber->user_email, '@' );
     1525
     1526        $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', self::$editor ) );
     1527        $request->set_param( 'email', $updated_email_with_case_change );
     1528        $response = rest_get_server()->dispatch( $request );
     1529        $data     = $response->get_data();
     1530
     1531        $this->assertEquals( 400, $response->get_status() );
     1532        $this->assertSame( 'rest_user_invalid_email', $data['code'] );
    14941533    }
    14951534
Note: See TracChangeset for help on using the changeset viewer.