REST_Connector::jetpack_disconnect_permission_check() - Code Metrics - Inspection of "Reconnect Notice: `connection/reconnection` endpoi..." - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — add/reconnect-in-place ( 63ace6...912fd7 )

unknown

created 2020-07-27 19:37 UTC

jetpack_disconnect_permission_check() A

↳ Parent: REST_Connector

Complexity

Conditions	2
Paths	2

Size

Total Lines

Duplication

Lines	7
Ratio	100 %

Importance

Changes

Metric	Value
cc	2
nc	2
nop	0
dl	7
loc	7
rs	10
c	0
b	0
f	0

<?php
/**
 * Sets up the Connection REST API endpoints.
 *
 * @package automattic/jetpack-connection
 */

namespace Automattic\Jetpack\Connection;

use Automattic\Jetpack\Status;
use Jetpack_XMLRPC_Server;
use WP_Error;
use WP_REST_Request;
use WP_REST_Response;
use WP_REST_Server;

/**
 * Registers the REST routes for Connections.
 */
class REST_Connector {
	/**
	 * The Connection Manager.
	 *
	 * @var Manager
	 */
	private $connection;

	/**
	 * This property stores the localized "Insufficient Permissions" error message.
	 *
	 * @var string Generic error message when user is not allowed to perform an action.
	 */
	private static $user_permissions_error_msg;

	/**
	 * Constructor.
	 *
	 * @param Manager $connection The Connection Manager.
	 */
	public function __construct( Manager $connection ) {
		$this->connection = $connection;

		self::$user_permissions_error_msg = esc_html__(
			'You do not have the correct user permissions to perform this action.
			Please contact your site admin if you think this is a mistake.',
			'jetpack'
		);

		if ( ! $this->connection->is_active() ) {
			// Register a site.
			register_rest_route(
				'jetpack/v4',
				'/verify_registration',
				array(
					'methods'             => WP_REST_Server::EDITABLE,
					'callback'            => array( $this, 'verify_registration' ),
					'permission_callback' => '__return_true',
				)
			);
		}

		// Authorize a remote user.
		register_rest_route(
			'jetpack/v4',
			'/remote_authorize',
			array(
				'methods'             => WP_REST_Server::EDITABLE,
				'callback'            => __CLASS__ . '::remote_authorize',
				'permission_callback' => '__return_true',
			)
		);

		// Get current connection status of Jetpack.
		register_rest_route(
			'jetpack/v4',
			'/connection',
			array(
				'methods'             => WP_REST_Server::READABLE,
				'callback'            => __CLASS__ . '::connection_status',
				'permission_callback' => '__return_true',
			)
		);

		// Get list of plugins that use the Jetpack connection.
		register_rest_route(
			'jetpack/v4',
			'/connection/plugins',
			array(
				'methods'             => WP_REST_Server::READABLE,
				'callback'            => array( $this, 'get_connection_plugins' ),
				'permission_callback' => __CLASS__ . '::activate_plugins_permission_check',
			)
		);

		// Full or partial reconnect in case of connection issues.
		register_rest_route(
			'jetpack/v4',
			'/connection/reconnect',
			array(
				'methods'             => WP_REST_Server::EDITABLE,
				'callback'            => array( $this, 'connection_reconnect' ),
				'args'                => array(
					'action' => array(
						'type'     => 'string',
						'required' => true,
					),
				),
				'permission_callback' => __CLASS__ . '::jetpack_disconnect_permission_check',
			)
		);
	}

	/**
	 * Handles verification that a site is registered.
	 *
	 * @since 5.4.0
	 *
	 * @param WP_REST_Request $request The request sent to the WP REST API.
	 *
	 * @return string|WP_Error
	 */
	public function verify_registration( WP_REST_Request $request ) {
		$registration_data = array( $request['secret_1'], $request['state'] );

		return $this->connection->handle_registration( $registration_data );
	}

	/**
	 * Handles verification that a site is registered
	 *
	 * @since 5.4.0
	 *
	 * @param WP_REST_Request $request The request sent to the WP REST API.
	 *
	 * @return array|wp-error

	 */
	public static function remote_authorize( $request ) {
		$xmlrpc_server = new Jetpack_XMLRPC_Server();
		$result        = $xmlrpc_server->remote_authorize( $request );

		if ( is_a( $result, 'IXR_Error' ) ) {
			$result = new WP_Error( $result->code, $result->message );

		}

		return $result;
	}

	/**
	 * Get connection status for this Jetpack site.
	 *
	 * @since 4.3.0
	 *
	 * @return WP_REST_Response Connection information.
	 */
	public static function connection_status() {
		$status     = new Status();
		$connection = new Manager();

		return rest_ensure_response(
			array(
				'isActive'     => $connection->is_active(),
				'isStaging'    => $status->is_staging_site(),
				'isRegistered' => $connection->is_registered(),
				'devMode'      => array(
					'isActive' => $status->is_development_mode(),
					'constant' => defined( 'JETPACK_DEV_DEBUG' ) && JETPACK_DEV_DEBUG,
					'url'      => site_url() && false === strpos( site_url(), '.' ),
					'filter'   => apply_filters( 'jetpack_development_mode', false ),
				),
			)
		);
	}


	/**
	 * Get plugins connected to the Jetpack.
	 *
	 * @since 8.6.0
	 *
	 * @return WP_REST_Response|WP_Error Response or error object, depending on the request result.
	 */
	public function get_connection_plugins() {
		$plugins = $this->connection->get_connected_plugins();

		if ( is_wp_error( $plugins ) ) {
			return $plugins;
		}

		array_walk(
			$plugins,
			function( &$data, $slug ) {
				$data['slug'] = $slug;
			}
		);

		return rest_ensure_response( array_values( $plugins ) );
	}

	/**
	 * Verify that user can view Jetpack admin page and can activate plugins.
	 *
	 * @since 8.8.0
	 *
	 * @return bool|WP_Error Whether user has the capability 'activate_plugins'.
	 */
	public static function activate_plugins_permission_check() {
		if ( current_user_can( 'activate_plugins' ) ) {
			return true;
		}

		return new WP_Error( 'invalid_user_permission_activate_plugins', self::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );

	}

	/**
	 * Verify that user is allowed to disconnect Jetpack.
	 *
	 * @since 8.8.0
	 *
	 * @return bool|WP_Error Whether user has the capability 'jetpack_disconnect'.
	 */
	public static function jetpack_disconnect_permission_check() {
		if ( current_user_can( 'jetpack_disconnect' ) ) {
			return true;
		}

		return new WP_Error( 'invalid_user_permission_jetpack_disconnect', self::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );

	}

	/**
	 * Returns generic error message when user is not allowed to perform an action.
	 *
	 * @return string The error message.
	 */
	public static function get_user_permissions_error_msg() {
		return self::$user_permissions_error_msg;
	}

	/**
	 * The endpoint tried to partially or fully reconnect the website to WP.com.
	 *
	 * @since 8.8.0
	 *
	 * @param WP_REST_Request $request The request sent to the WP REST API.
	 *
	 * @return \WP_REST_Response|WP_Error
	 */
	public function connection_reconnect( WP_REST_Request $request ) {
		$params = $request->get_json_params();

		$response = array();

		switch ( $params['action'] ) {
			case 'reconnect':
				$result = $this->connection->reconnect();

				if ( true === $result ) {
					$response['status']       = 'in_progress';
					$response['authorizeUrl'] = $this->connection->get_authorization_url();
				} elseif ( is_wp_error( $result ) ) {
					$response = $result;
				}
				break;
			default:
				$response = new WP_Error( 'Unknown action' );

				break;
		}

		return rest_ensure_response( $response );
	}

}


1		<?php
2		/**
3		* Sets up the Connection REST API endpoints.
4		*
5		* @package automattic/jetpack-connection
6		*/
7
8		namespace Automattic\Jetpack\Connection;
9
10		use Automattic\Jetpack\Status;
11		use Jetpack_XMLRPC_Server;
12		use WP_Error;
13		use WP_REST_Request;
14		use WP_REST_Response;
15		use WP_REST_Server;
16
17		/**
18		* Registers the REST routes for Connections.
19		*/
20		class REST_Connector {
21		/**
22		* The Connection Manager.
23		*
24		* @var Manager
25		*/
26		private $connection;
27
28		/**
29		* This property stores the localized "Insufficient Permissions" error message.
30		*
31		* @var string Generic error message when user is not allowed to perform an action.
32		*/
33		private static $user_permissions_error_msg;
34
35		/**
36		* Constructor.
37		*
38		* @param Manager $connection The Connection Manager.
39		*/
40		public function __construct( Manager $connection ) {
41		$this->connection = $connection;
42
43		self::$user_permissions_error_msg = esc_html__(
44		'You do not have the correct user permissions to perform this action.
45		Please contact your site admin if you think this is a mistake.',
46		'jetpack'
47		);
48
49		if ( ! $this->connection->is_active() ) {
50		// Register a site.
51		register_rest_route(
52		'jetpack/v4',
53		'/verify_registration',
54		array(
55		'methods' => WP_REST_Server::EDITABLE,
56		'callback' => array( $this, 'verify_registration' ),
57		'permission_callback' => '__return_true',
58		)
59		);
60		}
61
62		// Authorize a remote user.
63		register_rest_route(
64		'jetpack/v4',
65		'/remote_authorize',
66		array(
67		'methods' => WP_REST_Server::EDITABLE,
68		'callback' => __CLASS__ . '::remote_authorize',
69		'permission_callback' => '__return_true',
70		)
71		);
72
73		// Get current connection status of Jetpack.
74		register_rest_route(
75		'jetpack/v4',
76		'/connection',
77		array(
78		'methods' => WP_REST_Server::READABLE,
79		'callback' => __CLASS__ . '::connection_status',
80		'permission_callback' => '__return_true',
81		)
82		);
83
84		// Get list of plugins that use the Jetpack connection.
85		register_rest_route(
86		'jetpack/v4',
87		'/connection/plugins',
88		array(
89		'methods' => WP_REST_Server::READABLE,
90		'callback' => array( $this, 'get_connection_plugins' ),
91		'permission_callback' => __CLASS__ . '::activate_plugins_permission_check',
92		)
93		);
94
95		// Full or partial reconnect in case of connection issues.
96		register_rest_route(
97		'jetpack/v4',
98		'/connection/reconnect',
99		array(
100		'methods' => WP_REST_Server::EDITABLE,
101		'callback' => array( $this, 'connection_reconnect' ),
102		'args' => array(
103		'action' => array(
104		'type' => 'string',
105		'required' => true,
106		),
107		),
108		'permission_callback' => __CLASS__ . '::jetpack_disconnect_permission_check',
109		)
110		);
111		}
112
113		/**
114		* Handles verification that a site is registered.
115		*
116		* @since 5.4.0
117		*
118		* @param WP_REST_Request $request The request sent to the WP REST API.
119		*
120		* @return string\|WP_Error
121		*/
122		public function verify_registration( WP_REST_Request $request ) {
123		$registration_data = array( $request['secret_1'], $request['state'] );
124
125		return $this->connection->handle_registration( $registration_data );
126		}
127
128		/**
129		* Handles verification that a site is registered
130		*
131		* @since 5.4.0
132		*
133		* @param WP_REST_Request $request The request sent to the WP REST API.
134		*
135		* @return array\|wp-error
		0 ignored issues – show Documentation introduced 2017-04-29 05:12 UTC by Report Bug Copy Issue Report The doc-type `array\|wp-error` could not be parsed: Unknown type name "wp-error" at position 6. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
136		*/
137		public static function remote_authorize( $request ) {
138		$xmlrpc_server = new Jetpack_XMLRPC_Server();
139		$result = $xmlrpc_server->remote_authorize( $request );
140
141		if ( is_a( $result, 'IXR_Error' ) ) {
142		$result = new WP_Error( $result->code, $result->message );
		0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report The call to `WP_Error::__construct()` has too many arguments starting with `$result->code`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
143		}
144
145		return $result;
146		}
147
148		/**
149		* Get connection status for this Jetpack site.
150		*
151		* @since 4.3.0
152		*
153		* @return WP_REST_Response Connection information.
154		*/
155		public static function connection_status() {
156		$status = new Status();
157		$connection = new Manager();
158
159		return rest_ensure_response(
160		array(
161		'isActive' => $connection->is_active(),
162		'isStaging' => $status->is_staging_site(),
163		'isRegistered' => $connection->is_registered(),
164		'devMode' => array(
165		'isActive' => $status->is_development_mode(),
166		'constant' => defined( 'JETPACK_DEV_DEBUG' ) && JETPACK_DEV_DEBUG,
167		'url' => site_url() && false === strpos( site_url(), '.' ),
168		'filter' => apply_filters( 'jetpack_development_mode', false ),
169		),
170		)
171		);
172		}
173
174
175		/**
176		* Get plugins connected to the Jetpack.
177		*
178		* @since 8.6.0
179		*
180		* @return WP_REST_Response\|WP_Error Response or error object, depending on the request result.
181		*/
182		public function get_connection_plugins() {
183		$plugins = $this->connection->get_connected_plugins();
184
185		if ( is_wp_error( $plugins ) ) {
186		return $plugins;
187		}
188
189		array_walk(
190		$plugins,
191		function( &$data, $slug ) {
192		$data['slug'] = $slug;
193		}
194		);
195
196		return rest_ensure_response( array_values( $plugins ) );
197		}
198
199		/**
200		* Verify that user can view Jetpack admin page and can activate plugins.
201		*
202		* @since 8.8.0
203		*
204		* @return bool\|WP_Error Whether user has the capability 'activate_plugins'.
205		*/
206		public static function activate_plugins_permission_check() {
207		if ( current_user_can( 'activate_plugins' ) ) {
208		return true;
209		}
210
211		return new WP_Error( 'invalid_user_permission_activate_plugins', self::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );
		0 ignored issues – show Unused Code introduced 2020-07-03 21:36 UTC by Report Bug Copy Issue Report The call to `WP_Error::__construct()` has too many arguments starting with `'invalid_user_permission_activate_plugins'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
212		}
213
214		/**
215		* Verify that user is allowed to disconnect Jetpack.
216		*
217		* @since 8.8.0
218		*
219		* @return bool\|WP_Error Whether user has the capability 'jetpack_disconnect'.
220		*/
221	View Code Duplication	public static function jetpack_disconnect_permission_check() {
222		if ( current_user_can( 'jetpack_disconnect' ) ) {
223		return true;
224		}
225
226		return new WP_Error( 'invalid_user_permission_jetpack_disconnect', self::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );
		0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report The call to `WP_Error::__construct()` has too many arguments starting with `'invalid_user_permission_jetpack_disconnect'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
227		}
228
229		/**
230		* Returns generic error message when user is not allowed to perform an action.
231		*
232		* @return string The error message.
233		*/
234		public static function get_user_permissions_error_msg() {
235		return self::$user_permissions_error_msg;
236		}
237
238		/**
239		* The endpoint tried to partially or fully reconnect the website to WP.com.
240		*
241		* @since 8.8.0
242		*
243		* @param WP_REST_Request $request The request sent to the WP REST API.
244		*
245		* @return \WP_REST_Response\|WP_Error
246		*/
247		public function connection_reconnect( WP_REST_Request $request ) {
248		$params = $request->get_json_params();
249
250		$response = array();
251
252		switch ( $params['action'] ) {
253		case 'reconnect':
254		$result = $this->connection->reconnect();
255
256		if ( true === $result ) {
257		$response['status'] = 'in_progress';
258		$response['authorizeUrl'] = $this->connection->get_authorization_url();
259		} elseif ( is_wp_error( $result ) ) {
260		$response = $result;
261		}
262		break;
263		default:
264		$response = new WP_Error( 'Unknown action' );
		0 ignored issues – show Unused Code introduced 2020-07-16 20:13 UTC by Report Bug Copy Issue Report The call to `WP_Error::__construct()` has too many arguments starting with `'Unknown action'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
265		break;
266		}
267
268		return rest_ensure_response( $response );
269		}
270
271		}
272

Automattic / jetpack

Push — add/reconnect-in-place ( 63ace6...912fd7 )

jetpack_disconnect_permission_check() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like