Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 34 |
|
0.00% |
0 / 3 |
CRAP | |
0.00% |
0 / 1 |
MailPoet | |
0.00% |
0 / 34 |
|
0.00% |
0 / 3 |
110 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
is_querystring_valid | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
6 | |||
get_wp_user_array | |
0.00% |
0 / 32 |
|
0.00% |
0 / 1 |
56 |
1 | <?php |
2 | /** |
3 | * Autologin integration for MailPoet. |
4 | * |
5 | * If a request has `mailpoet_router` and `data` in the URL, check against MailPoet and try to find the user |
6 | * account or user data. |
7 | * |
8 | * @package brianhenryie/bh-wp-autologin-urls |
9 | */ |
10 | |
11 | namespace BrianHenryIE\WP_Autologin_URLs\API\Integrations; |
12 | |
13 | use BrianHenryIE\WP_Autologin_URLs\API\User_Finder_Interface; |
14 | use MailPoet\Models\Subscriber; |
15 | use MailPoet\Router\Router; |
16 | use Psr\Log\LoggerAwareInterface; |
17 | use Psr\Log\LoggerAwareTrait; |
18 | use Psr\Log\LoggerInterface; |
19 | use WP_User; |
20 | |
21 | /** |
22 | * |
23 | * Since all querystring parameters are coming from links in emails, they will never have nonces. |
24 | * |
25 | * phpcs:disable WordPress.Security.NonceVerification.Recommended |
26 | */ |
27 | class MailPoet implements User_Finder_Interface, LoggerAwareInterface { |
28 | use LoggerAwareTrait; |
29 | |
30 | /** |
31 | * Constructor. |
32 | * |
33 | * @param LoggerInterface $logger A PSR logger. |
34 | */ |
35 | public function __construct( LoggerInterface $logger ) { |
36 | $this->setLogger( $logger ); |
37 | } |
38 | |
39 | /** |
40 | * Determine is the querystring needed for this integration present. |
41 | */ |
42 | public function is_querystring_valid(): bool { |
43 | return isset( $_GET['mailpoet_router'] ) && isset( $_GET['data'] ); |
44 | } |
45 | |
46 | /** |
47 | * Check is the URL a tracking URL for MailPoet plugin and if so, log in the user being tracked. |
48 | * |
49 | * Uses MailPoet's verification process as the autologin code. |
50 | * |
51 | * @see LinkTokens::verifyToken() |
52 | * |
53 | * TODO: The time since the newsletter was sent should be respected for the expiry time. |
54 | * |
55 | * @hooked plugins_loaded |
56 | * |
57 | * @see https://wordpress.org/plugins/mailpoet/ |
58 | * |
59 | * @return array{source:string, wp_user:\WP_User|null, user_data?:array<string,string>} |
60 | */ |
61 | public function get_wp_user_array(): array { |
62 | |
63 | $result = array(); |
64 | $result['source'] = 'MailPoet'; |
65 | $result['wp_user'] = null; |
66 | $result['user_data'] = array(); |
67 | |
68 | if ( ! isset( $_GET['mailpoet_router'] ) ) { |
69 | return $result; |
70 | } |
71 | |
72 | if ( ! isset( $_GET['data'] ) ) { |
73 | return $result; |
74 | } |
75 | |
76 | if ( ! class_exists( Router::class ) ) { |
77 | return $result; |
78 | } |
79 | |
80 | // phpcs:disable WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode |
81 | $data = Router::decodeRequestData( filter_var( wp_unslash( $_GET['data'] ), FILTER_SANITIZE_STRIPPED ) ); |
82 | |
83 | /** |
84 | * The required data from the MailPoet querystring. |
85 | * |
86 | * @see Links::transformUrlDataObject() |
87 | */ |
88 | $subscriber_id = $data[0]; |
89 | $request_token = $data[1]; |
90 | |
91 | /** |
92 | * The MailPoet subscriber object, false if none found. |
93 | * |
94 | * @var \MailPoet\Models\Subscriber $subscriber |
95 | */ |
96 | $subscriber = Subscriber::where( 'id', $subscriber_id )->findOne(); |
97 | |
98 | // @phpstan-ignore-next-line |
99 | if ( empty( $subscriber ) ) { |
100 | return $result; |
101 | } |
102 | |
103 | // phpcs:ignore WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase |
104 | $database_token = $subscriber->linkToken; |
105 | $request_token = substr( $request_token, 0, strlen( $database_token ) ); |
106 | $valid = hash_equals( $database_token, $request_token ); |
107 | |
108 | if ( ! $valid ) { |
109 | return $result; |
110 | } |
111 | |
112 | $user_email_address = $subscriber->email; |
113 | |
114 | $wp_user = get_user_by( 'email', $user_email_address ); |
115 | |
116 | if ( $wp_user instanceof WP_User ) { |
117 | |
118 | $this->logger->info( "User wp_user:{$wp_user->ID} found via mailpoet_user:{$subscriber_id} from MailPoet URL." ); |
119 | |
120 | $result['wp_user'] = $wp_user; |
121 | |
122 | } else { |
123 | |
124 | // We have their email address but they have no account, |
125 | // if WooCommerce is installed, record the email address for |
126 | // UX and abandoned cart. |
127 | // phpcs:disable WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase |
128 | $user_info = array( |
129 | 'first_name' => $subscriber->firstName, |
130 | 'last_name' => $subscriber->lastName, |
131 | ); |
132 | |
133 | $result['user_data'] = $user_info; |
134 | |
135 | } |
136 | |
137 | return $result; |
138 | } |
139 | } |