From 83cfc77500c1c0d6ad5f86b70e6178b719c61a0e Mon Sep 17 00:00:00 2001 From: Jonathan Desrosiers Date: Thu, 17 Jan 2019 21:24:47 +0000 Subject: [PATCH] REST API: Allow a user to change the letter casing of their email. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When a `PUT` request is performed to update a user, a `rest_user_invalid_email` error is incorrectly being returned when the email exists with different letter casing, even if it belongs to the user being updated. `email_exists()` performs a case insensitive lookup, but the conditional statement following that lookup was performing a strict comparison between the new email and the user’s current email. This changes that comparison to instead compare the user ID returned by `email_exists()` with the user ID being updated. This more closely matches the logic used in `edit_user()` and allows a user to change the letter casing of their email. Props fuchsws, rachelbaker, desrosj. Fixes #44672. git-svn-id: https://develop.svn.wordpress.org/trunk@44641 602fd350-edb4-49c9-b593-d223f7449a82 --- .../class-wp-rest-users-controller.php | 4 +- .../tests/rest-api/rest-users-controller.php | 39 +++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php index 6c9611c87b..207198e54c 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php @@ -641,7 +641,9 @@ class WP_REST_Users_Controller extends WP_REST_Controller { return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); } - if ( email_exists( $request['email'] ) && $request['email'] !== $user->user_email ) { + $owner_id = email_exists( $request['email'] ); + + if ( $owner_id && $owner_id !== $id ) { return new WP_Error( 'rest_user_invalid_email', __( 'Invalid email address.' ), array( 'status' => 400 ) ); } diff --git a/tests/phpunit/tests/rest-api/rest-users-controller.php b/tests/phpunit/tests/rest-api/rest-users-controller.php index 2addffd07d..12aea644ce 100644 --- a/tests/phpunit/tests/rest-api/rest-users-controller.php +++ b/tests/phpunit/tests/rest-api/rest-users-controller.php @@ -1493,6 +1493,45 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase { $this->assertEquals( 'rest_user_invalid_email', $response->as_error()->get_error_code() ); } + /** + * @ticket 44672 + */ + public function test_update_item_existing_email_case() { + wp_set_current_user( self::$editor ); + + $user = get_userdata( self::$editor ); + + $updated_email_with_case_change = ucwords( $user->user_email, '@' ); + + $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', self::$editor ) ); + $request->set_param( 'email', $updated_email_with_case_change ); + $response = rest_get_server()->dispatch( $request ); + $data = $response->get_data(); + + $this->assertEquals( 200, $response->get_status() ); + $this->assertEquals( $updated_email_with_case_change, $data['email'] ); + } + + /** + * @ticket 44672 + */ + public function test_update_item_existing_email_case_not_own() { + wp_set_current_user( self::$editor ); + + $user = get_userdata( self::$editor ); + $subscriber = get_userdata( self::$subscriber ); + + $updated_email_with_case_change = ucwords( $subscriber->user_email, '@' ); + + $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', self::$editor ) ); + $request->set_param( 'email', $updated_email_with_case_change ); + $response = rest_get_server()->dispatch( $request ); + $data = $response->get_data(); + + $this->assertEquals( 400, $response->get_status() ); + $this->assertSame( 'rest_user_invalid_email', $data['code'] ); + } + public function test_update_item_invalid_locale() { $user1 = $this->factory->user->create( array(