Code Coverage for /home/runner/work/bh-wp-autologin-urls/bh-wp-autologin-urls/src/wp-includes/class-rest-api.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 92	0.00% covered (danger)	0.00%	0 / 7	CRAP	0.00% covered (danger)	0.00%	0 / 1
REST_API	0.00% covered (danger)	0.00%	0 / 92	0.00% covered (danger)	0.00%	0 / 7	272	0.00% covered (danger)	0.00%	0 / 1
__construct	0.00% covered (danger)	0.00%	0 / 3	0.00% covered (danger)	0.00%	0 / 1	2
register_routes	0.00% covered (danger)	0.00%	0 / 12	0.00% covered (danger)	0.00%	0 / 1	2
create_item	0.00% covered (danger)	0.00%	0 / 16	0.00% covered (danger)	0.00%	0 / 1	30
create_item_permissions_check	0.00% covered (danger)	0.00%	0 / 9	0.00% covered (danger)	0.00%	0 / 1	30
prepare_item_for_response	0.00% covered (danger)	0.00%	0 / 9	0.00% covered (danger)	0.00%	0 / 1	6
get_item_schema	0.00% covered (danger)	0.00%	0 / 12	0.00% covered (danger)	0.00%	0 / 1	2
get_args_schema	0.00% covered (danger)	0.00%	0 / 31	0.00% covered (danger)	0.00%	0 / 1	2

1	<?php
2	/**
3	* Expose the create autologin url function via the REST API.
4	*
5	* @package brianhenryie/bh-wp-autologin-urls
6	*/
7
8	namespace BrianHenryIE\WP_Autologin_URLs\WP_Includes;
9
10	use BrianHenryIE\WP_Autologin_URLs\API_Interface;
11	use WP_Http;
12	use WP_REST_Controller;
13	use WP_REST_Response;
14	use WP_REST_Server;
15	use WP_User;
16
17	class REST_API extends WP_REST_Controller {
18
19	protected API_Interface $api;
20
21	public function __construct( API_Interface $api ) {
22	$this->api = $api;
23	$this->namespace = 'bh-wp-autologin-urls/v1';
24	$this->rest_base = 'autologin-codes';
25	}
26
27	/**
28	* @see WP_REST_Controller::register_routes()
29	*/
30	public function register_routes() {
31	register_rest_route(
32	$this->namespace,
33	$this->rest_base,
34	array(
35	array(
36	'methods' => WP_REST_Server::CREATABLE,
37	'callback' => array( $this, 'create_item' ),
38	'permission_callback' => array( $this, 'create_item_permissions_check' ),
39	'args' => $this->get_args_schema(),
40	),
41	)
42	);
43	}
44
45	/**
46	*
47	* @see WP_REST_Controller::create_item()
48	*
49	* @param \WP_REST_Request $request
50	* @return \WP_Error\|\WP_HTTP_Response\|WP_REST_Response
51	*/
52	public function create_item( $request ) {
53	$user = $request->get_param( 'user' );
54	if ( empty( $user ) ) {
55	$user = wp_get_current_user();
56	}
57
58	$url = $request->get_param( 'url' );
59	if ( ! stristr( $url, get_site_url() ) ) {
60	$url = get_site_url( $url );
61	}
62
63	$expires_in = $request->get_param( 'expires_in' );
64	if ( ! is_numeric( $expires_in ) \|\| intval( $expires_in ) === 0 ) {
65	$expires_in = null;
66	} else {
67	$expires_in = absint( $expires_in );
68	}
69
70	$url = $this->api->add_autologin_to_url(
71	$url,
72	$user,
73	$expires_in
74	);
75
76	// Check was the URL modified at all.
77
78	return $this->prepare_item_for_response( $url, $request );
79	}
80
81	/**
82	* Allow admins and the user themselves to create autologin codes.
83	*
84	* @see WP_REST_Controller::create_item_permissions_check()
85	*/
86	public function create_item_permissions_check( $request ) {
87
88	$user_param = $request->get_param( 'user' );
89
90	// If the user is not set, `wp_get_current_user()` will be used.
91	if ( empty( $user_param ) ) {
92	return true;
93	}
94
95	$user = $this->api->get_wp_user( $user_param );
96
97	// If the current user is creating a link for themselves.
98	if ( $user instanceof WP_User
99	&& wp_get_current_user() instanceof WP_User
100	&& $user->ID === wp_get_current_user()->ID ) {
101	return true;
102	}
103
104	// Admins can create links for anyone.
105	return current_user_can( 'manage_options' );
106	}
107
108	/**
109	* @see WP_REST_Controller::prepare_item_for_response()
110	*
111	* @param $item
112	* @param $request
113	* @return \WP_Error\|\WP_HTTP_Response\|WP_REST_Response
114	*/
115	public function prepare_item_for_response( $item, $request ) {
116
117	$data = array(
118	'autologin_url' => $item,
119	);
120
121	$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
122	$data = $this->add_additional_fields_to_object( $data, $request );
123	$data = $this->filter_response_by_context( $data, $context );
124
125	$response = rest_ensure_response( $data );
126
127	$response->set_status( WP_Http::CREATED );
128
129	return $response;
130	}
131
132	/**
133	* @see WP_REST_Controller::get_item_schema()
134	*/
135	public function get_item_schema() {
136	return array(
137	'$schema' => 'http://json-schema.org/draft-04/schema#',
138	'title' => 'bh-wp-autologin-codes-autologin-code',
139	'type' => 'object',
140	'properties' => array(
141	'autologin_url' => array(
142	'type' => 'string',
143	'format' => 'url',
144	'context' => array( 'view' ),
145	),
146	),
147	);
148	}
149
150	public function get_args_schema() {
151	$args = array();
152
153	$args['user'] = array(
154	'description' => esc_html__( 'The user to create the code for.', 'bh-wp-autologin-urls' ),
155	'required' => true,
156	'context' => array( 'edit' ),
157	'oneOf' => array( // TODO: Is this doing anything?!
158	// array(
159	// 'description' => esc_html__( 'User id.', 'bh-wp-autologin-urls' ),
160	// 'type' => 'integer',
161	// ),
162	array(
163	'description' => esc_html__( 'Username.', 'bh-wp-autologin-urls' ),
164	'type' => 'string',
165	),
166	array(
167	'description' => esc_html__( 'Email.', 'bh-wp-autologin-urls' ),
168	'type' => 'string',
169	'format' => 'email',
170	),
171	),
172	);
173
174	$args['url'] = array(
175	'description' => 'The URL to add the login code to.',
176	'type' => 'string',
177	'format' => 'url',
178	'context' => array( 'edit' ),
179	'required' => false,
180	);
181
182	$args['expires_in'] = array(
183	'type' => 'int',
184	'format' => 'url',
185	'context' => array( 'edit' ),
186	'required' => false,
187	);
188
189	return $args;
190	}
191	}