Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Flip user parameters check for insert/update #289

Merged
merged 4 commits into from

2 participants

@rmccue
Owner

Fixes #221.

@rmccue
Owner

Had to change how we gather some of the data to work around https://core.trac.wordpress.org/ticket/28435

@rachelbaker #reviewmerge

@rmccue rmccue added this to the 1.1 milestone
@rachelbaker rachelbaker was assigned by rmccue
@rachelbaker rachelbaker merged commit bf95fb2 into master

1 check passed

Details continuous-integration/travis-ci The Travis CI build passed
@rachelbaker rachelbaker deleted the flip-user-params-check branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jun 3, 2014
  1. @rmccue

    Test for missing parameters

    rmccue authored
    These currently fail, but shouldn't. Huzzah!
  2. @rmccue

    Check parameters in the correct place

    rmccue authored
    Update doesn't require the user data, creation does.
  3. @rmccue
  4. @rmccue
This page is out of date. Refresh to see the latest.
Showing with 48 additions and 13 deletions.
  1. +11 −13 lib/class-wp-json-users.php
  2. +37 −0 tests/test_json_users.php
View
24 lib/class-wp-json-users.php
@@ -223,10 +223,12 @@ public function add_comment_author_data( $data, $comment, $context ) {
}
protected function insert_user( $data ) {
+ $user = new stdClass;
+
if ( ! empty( $data['ID'] ) ) {
- $user = get_userdata( $data['ID'] );
+ $existing = get_userdata( $data['ID'] );
- if ( ! $user ) {
+ if ( ! $existing ) {
return new WP_Error( 'json_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
}
@@ -234,6 +236,13 @@ protected function insert_user( $data ) {
return new WP_Error( 'json_user_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => 403 ) );
}
+ $user->ID = $existing->ID;
+ $update = true;
+ } else {
+ if ( ! current_user_can( 'create_users' ) ) {
+ return new WP_Error( 'json_cannot_create', __( 'Sorry, you are not allowed to create users.' ), array( 'status' => 403 ) );
+ }
+
$required = array( 'username', 'password', 'email' );
foreach ( $required as $arg ) {
@@ -242,17 +251,6 @@ protected function insert_user( $data ) {
}
}
- $update = true;
- } else {
- $user = new WP_User();
-
- // Workaround for https://core.trac.wordpress.org/ticket/28019
- $user->data = new stdClass;
-
- if ( ! current_user_can( 'create_users' ) ) {
- return new WP_Error( 'json_cannot_create', __( 'Sorry, you are not allowed to create users.' ), array( 'status' => 403 ) );
- }
-
$update = false;
}
View
37 tests/test_json_users.php
@@ -91,6 +91,15 @@ public function test_create_user() {
$this->assertTrue( wp_check_password( $data['password'], $new_user->user_pass ), 'Password check failed' );
}
+ public function test_create_user_missing_params() {
+ $this->user_obj->set_role( 'administrator' );
+ $data = array(
+ 'username' => 'test_user',
+ );
+ $response = $this->endpoint->new_user( $data );
+ $this->assertInstanceOf( 'WP_Error', $response );
+ }
+
public function test_delete_user() {
$this->user_obj->set_role( 'administrator' );
@@ -140,4 +149,32 @@ public function test_delete_user_reassign() {
$post = get_post( $test_post );
$this->assertEquals( $test_new_author, $post->post_author );
}
+
+ public function test_update_user() {
+ $pw_before = $this->user_obj->user_pass;
+
+ $data = array(
+ 'first_name' => 'New Name',
+ );
+ $response = $this->endpoint->edit_user( $this->user, $data );
+ $this->assertNotInstanceOf( 'WP_Error', $response );
+
+ if ( ! $response instanceof WP_JSON_ResponseInterface ) {
+ $response = new WP_JSON_Response( $response );
+ }
+
+ // Check that we succeeded
+ $this->assertEquals( 200, $response->get_status() );
+
+ // Check that the name has been updated correctly
+ $new_data = $response->get_data();
+ $this->assertEquals( $data['first_name'], $new_data['first_name'] );
+
+ $user = get_userdata( $this->user );
+ $this->assertEquals( $user->first_name, $data['first_name'] );
+
+ // Check that we haven't inadvertently changed the user's password,
+ // as per https://core.trac.wordpress.org/ticket/21429
+ $this->assertEquals( $pw_before, $user->user_pass );
+ }
}
Something went wrong with that request. Please try again.