REST API: Allow a user to change the letter casing of their email.

When a `PUT` request is performed to update a user, a `rest_user_invalid_email` error is incorrectly being returned when the email exists with different letter casing, even if it belongs to the user being updated. `email_exists()` performs a case insensitive lookup, but the conditional statement following that lookup was performing a strict comparison between the new email and the user’s current email. This changes that comparison to instead compare the user ID returned by `email_exists()` with the user ID being updated. This more closely matches the logic used in `edit_user()` and allows a user to change the letter casing of their email. Props fuchsws, rachelbaker, desrosj. Fixes #44672. git-svn-id: https://develop.svn.wordpress.org/trunk@44641 602fd350-edb4-49c9-b593-d223f7449a82
2019-01-17 21:24:47 +00:00 · 2019-01-17 21:24:47 +00:00 · 83cfc77500
parent a0978e8222
commit 83cfc77500
2 changed files with 42 additions and 1 deletions
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
@ -641,7 +641,9 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
 			return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
 		}

-		if ( email_exists( $request['email'] ) && $request['email'] !== $user->user_email ) {
+		$owner_id = email_exists( $request['email'] );
+
+		if ( $owner_id && $owner_id !== $id ) {
 			return new WP_Error( 'rest_user_invalid_email', __( 'Invalid email address.' ), array( 'status' => 400 ) );
 		}

--- a/tests/phpunit/tests/rest-api/rest-users-controller.php
+++ b/tests/phpunit/tests/rest-api/rest-users-controller.php
@ -1493,6 +1493,45 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
 		$this->assertEquals( 'rest_user_invalid_email', $response->as_error()->get_error_code() );
 	}

+	/**
+	 * @ticket 44672
+	 */
+	public function test_update_item_existing_email_case() {
+		wp_set_current_user( self::$editor );
+
+		$user = get_userdata( self::$editor );
+
+		$updated_email_with_case_change = ucwords( $user->user_email, '@' );
+
+		$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', self::$editor ) );
+		$request->set_param( 'email', $updated_email_with_case_change );
+		$response = rest_get_server()->dispatch( $request );
+		$data     = $response->get_data();
+
+		$this->assertEquals( 200, $response->get_status() );
+		$this->assertEquals( $updated_email_with_case_change, $data['email'] );
+	}
+
+	/**
+	 * @ticket 44672
+	 */
+	public function test_update_item_existing_email_case_not_own() {
+		wp_set_current_user( self::$editor );
+
+		$user       = get_userdata( self::$editor );
+		$subscriber = get_userdata( self::$subscriber );
+
+		$updated_email_with_case_change = ucwords( $subscriber->user_email, '@' );
+
+		$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', self::$editor ) );
+		$request->set_param( 'email', $updated_email_with_case_change );
+		$response = rest_get_server()->dispatch( $request );
+		$data     = $response->get_data();
+
+		$this->assertEquals( 400, $response->get_status() );
+		$this->assertSame( 'rest_user_invalid_email', $data['code'] );
+	}
+
 	public function test_update_item_invalid_locale() {
 		$user1 = $this->factory->user->create(
 			array(