diff --git a/projects/packages/connection/.phan/baseline.php b/projects/packages/connection/.phan/baseline.php index 829825a90f77c..c5e53403d185d 100644 --- a/projects/packages/connection/.phan/baseline.php +++ b/projects/packages/connection/.phan/baseline.php @@ -24,11 +24,11 @@ // PhanTypeArraySuspiciousNullable : 5 occurrences // PhanTypeMismatchDefault : 5 occurrences // PhanTypeMismatchArgumentInternal : 3 occurrences - // PhanTypeMismatchArgumentNullable : 3 occurrences // PhanTypeObjectUnsetDeclaredProperty : 3 occurrences // PhanNonClassMethodCall : 2 occurrences // PhanPluginUnreachableCode : 2 occurrences // PhanPossiblyUndeclaredVariable : 2 occurrences + // PhanTypeMismatchArgumentNullable : 2 occurrences // PhanTypeMismatchPropertyDefault : 2 occurrences // PhanTypeMismatchReturnNullable : 2 occurrences // PhanTypePossiblyInvalidDimOffset : 2 occurrences @@ -57,7 +57,7 @@ 'src/class-partner.php' => ['PhanTypeMismatchPropertyProbablyReal'], 'src/class-plugin-storage.php' => ['PhanUndeclaredClassMethod'], 'src/class-rest-authentication.php' => ['PhanTypeMismatchPropertyDefault', 'PhanTypeMismatchPropertyProbablyReal'], - 'src/class-rest-connector.php' => ['PhanParamTooMany', 'PhanTypeMismatchArgument', 'PhanTypeMismatchArgumentProbablyReal', 'PhanTypeMismatchReturnProbablyReal', 'PhanUndeclaredClassMethod'], + 'src/class-rest-connector.php' => ['PhanParamTooMany', 'PhanTypeMismatchArgument', 'PhanTypeMismatchArgumentProbablyReal', 'PhanTypeMismatchReturnProbablyReal'], 'src/class-secrets.php' => ['PhanNonClassMethodCall', 'PhanTypeMismatchArgument'], 'src/class-server-sandbox.php' => ['PhanPluginDuplicateConditionalNullCoalescing', 'PhanTypeMismatchArgument'], 'src/class-tokens.php' => ['PhanImpossibleTypeComparison', 'PhanTypeMismatchArgumentInternal', 'PhanTypeMismatchReturn', 'PhanTypeMismatchReturnProbablyReal'], @@ -66,7 +66,7 @@ 'src/sso/class-helpers.php' => ['PhanTypeMismatchArgumentProbablyReal'], 'src/sso/class-sso.php' => ['PhanNoopNew', 'PhanRedundantCondition', 'PhanTypeMismatchArgument', 'PhanTypeMismatchArgumentProbablyReal', 'PhanUndeclaredClassMethod'], 'src/sso/class-user-admin.php' => ['PhanPluginUnreachableCode', 'PhanTypeMismatchArgument'], - 'src/webhooks/class-authorize-redirect.php' => ['PhanTypeMismatchArgumentNullable', 'PhanUndeclaredClassMethod', 'PhanUndeclaredClassReference'], + 'src/webhooks/class-authorize-redirect.php' => ['PhanUndeclaredClassMethod', 'PhanUndeclaredClassReference'], 'tests/php/test-class-nonce-handler.php' => ['PhanPluginDuplicateAdjacentStatement', 'PhanTypeMismatchArgument'], 'tests/php/test-class-webhooks.php' => ['PhanDeprecatedFunction'], 'tests/php/test-partner-coupon.php' => ['PhanDeprecatedFunction'], diff --git a/projects/packages/connection/changelog/update-sso-connect b/projects/packages/connection/changelog/update-sso-connect new file mode 100644 index 0000000000000..afcc4110688cf --- /dev/null +++ b/projects/packages/connection/changelog/update-sso-connect @@ -0,0 +1,4 @@ +Significance: patch +Type: changed + +SSO: rely on Connection methods instead of relying on methods from the Jetpack plugin. diff --git a/projects/packages/connection/src/class-manager.php b/projects/packages/connection/src/class-manager.php index 3a2ed731ffdb5..b5ad5d6e4cae8 100644 --- a/projects/packages/connection/src/class-manager.php +++ b/projects/packages/connection/src/class-manager.php @@ -1878,11 +1878,16 @@ public function get_token( $data ) { /** * Builds a URL to the Jetpack connection auth page. * - * @param WP_User $user (optional) defaults to the current logged in user. - * @param String $redirect (optional) a redirect URL to use instead of the default. + * @since $$next-version$$ Added optional $from and $raw parameters. + * + * @param WP_User $user (optional) defaults to the current logged in user. + * @param string $redirect (optional) a redirect URL to use instead of the default. + * @param bool|string $from If not false, adds 'from=$from' param to the connect URL. + * @param bool $raw If true, URL will not be escaped. + * * @return string Connect URL. */ - public function get_authorization_url( $user = null, $redirect = null ) { + public function get_authorization_url( $user = null, $redirect = null, $from = false, $raw = false ) { if ( empty( $user ) ) { $user = wp_get_current_user(); } @@ -1975,8 +1980,28 @@ public function get_authorization_url( $user = null, $redirect = null ) { $url = add_query_arg( $body, $api_url ); - /** This filter is documented in plugins/jetpack/class-jetpack.php */ - return apply_filters( 'jetpack_build_authorize_url', $url ); + if ( is_network_admin() ) { + $url = add_query_arg( 'is_multisite', network_admin_url( 'admin.php?page=jetpack-settings' ), $url ); + } + + if ( $from ) { + $url = add_query_arg( 'from', $from, $url ); + } + + if ( $raw ) { + $url = esc_url_raw( $url ); + } + + /** + * Filter the URL used when connecting a user to a WordPress.com account. + * + * @since 2.0.0 + * @since $$next-version$$ Added $raw parameter. + * + * @param string $url Connection URL. + * @param bool $raw If true, URL will not be escaped. + */ + return apply_filters( 'jetpack_build_authorize_url', $url, $raw ); } /** diff --git a/projects/packages/connection/src/class-rest-connector.php b/projects/packages/connection/src/class-rest-connector.php index 27f08a7b581c5..cc5f8733d3c7d 100644 --- a/projects/packages/connection/src/class-rest-connector.php +++ b/projects/packages/connection/src/class-rest-connector.php @@ -7,6 +7,7 @@ namespace Automattic\Jetpack\Connection; +use Automattic\Jetpack\Connection\Webhooks\Authorize_Redirect; use Automattic\Jetpack\Constants; use Automattic\Jetpack\Redirect; use Automattic\Jetpack\Status; @@ -814,11 +815,7 @@ public function connection_register( $request ) { $redirect_uri = $request->get_param( 'redirect_uri' ) ? admin_url( $request->get_param( 'redirect_uri' ) ) : null; - if ( class_exists( 'Jetpack' ) ) { - $authorize_url = \Jetpack::build_authorize_url( $redirect_uri ); - } else { - $authorize_url = $this->connection->get_authorization_url( null, $redirect_uri ); - } + $authorize_url = ( new Authorize_Redirect( $this->connection ) )->build_authorize_url( $redirect_uri ); /** * Filters the response of jetpack/v4/connection/register endpoint diff --git a/projects/packages/connection/src/sso/class-sso.php b/projects/packages/connection/src/sso/class-sso.php index cde21406e82a4..a59647d89237d 100644 --- a/projects/packages/connection/src/sso/class-sso.php +++ b/projects/packages/connection/src/sso/class-sso.php @@ -12,6 +12,7 @@ use Automattic\Jetpack\Connection\SSO\Helpers; use Automattic\Jetpack\Connection\SSO\Notices; use Automattic\Jetpack\Connection\SSO\User_Admin; +use Automattic\Jetpack\Connection\Webhooks\Authorize_Redirect; use Automattic\Jetpack\Roles; use Automattic\Jetpack\Status; use Automattic\Jetpack\Status\Host; @@ -1168,8 +1169,6 @@ public static function get_user_by_wpcom_id( $wpcom_user_id ) { * calls menu_page_url() which doesn't work properly until admin menus are registered. */ public function maybe_authorize_user_after_sso() { - $jetpack = Jetpack::init(); - if ( empty( $_GET['jetpack-sso-auth-redirect'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended return; } @@ -1194,7 +1193,9 @@ public function maybe_authorize_user_after_sso() { */ remove_all_filters( 'jetpack_use_iframe_authorization_flow' ); add_filter( 'jetpack_use_iframe_authorization_flow', '__return_false' ); - $connect_url = $jetpack->build_connect_url( true, $redirect_after_auth, 'sso' ); + + $connection = new Manager( 'jetpack-connection' ); + $connect_url = ( new Authorize_Redirect( $connection ) )->build_authorize_url( $redirect_after_auth, 'sso', true ); add_filter( 'allowed_redirect_hosts', array( Helpers::class, 'allowed_redirect_hosts' ) ); wp_safe_redirect( $connect_url ); diff --git a/projects/packages/connection/src/webhooks/class-authorize-redirect.php b/projects/packages/connection/src/webhooks/class-authorize-redirect.php index 37fd65cd681ed..94b18e66fd204 100644 --- a/projects/packages/connection/src/webhooks/class-authorize-redirect.php +++ b/projects/packages/connection/src/webhooks/class-authorize-redirect.php @@ -10,6 +10,7 @@ use Automattic\Jetpack\Admin_UI\Admin_Menu; use Automattic\Jetpack\Constants; use Automattic\Jetpack\Licensing; +use Automattic\Jetpack\Status\Host; use Automattic\Jetpack\Tracking; use GP_Locales; use Jetpack_Network; @@ -97,44 +98,57 @@ function ( $domains ) { } /** - * Create the Jetpack authorization URL. Copied from Jetpack class. + * Create the Jetpack authorization URL. + * + * @since $$next-version$$ Added optional $from and $raw parameters. * * @param bool|string $redirect URL to redirect to. + * @param bool|string $from If not false, adds 'from=$from' param to the connect URL. + * @param bool $raw If true, URL will not be escaped. * * @todo Update default value for redirect since the called function expects a string. * * @return mixed|void */ - public function build_authorize_url( $redirect = false ) { + public function build_authorize_url( $redirect = false, $from = false, $raw = false ) { add_filter( 'jetpack_connect_request_body', array( __CLASS__, 'filter_connect_request_body' ) ); add_filter( 'jetpack_connect_redirect_url', array( __CLASS__, 'filter_connect_redirect_url' ) ); - $url = $this->connection->get_authorization_url( wp_get_current_user(), $redirect ); + $url = $this->connection->get_authorization_url( wp_get_current_user(), $redirect, $from, $raw ); remove_filter( 'jetpack_connect_request_body', array( __CLASS__, 'filter_connect_request_body' ) ); remove_filter( 'jetpack_connect_redirect_url', array( __CLASS__, 'filter_connect_redirect_url' ) ); - /** This filter is documented in plugins/jetpack/class-jetpack.php */ - return apply_filters( 'jetpack_build_authorize_url', $url ); + /** + * Filter the URL used when authorizing a user to a WordPress.com account. + * + * @since jetpack-8.9.0 + * @since $$next-version$$ Added $raw parameter. + * + * @param string $url Connection URL. + * @param bool $raw If true, URL will not be escaped. + */ + return apply_filters( 'jetpack_build_authorize_url', $url, $raw ); } /** * Filters the redirection URL that is used for connect requests. The redirect - * URL should return the user back to the Jetpack console. - * Copied from Jetpack class. + * URL should return the user back to the My Jetpack page. * - * @param String $redirect the default redirect URL used by the package. - * @return String the modified URL. + * @param string $redirect the default redirect URL used by the package. + * @return string the modified URL. */ public static function filter_connect_redirect_url( $redirect ) { - $jetpack_admin_page = esc_url_raw( admin_url( 'admin.php?page=jetpack' ) ); + $jetpack_admin_page = esc_url_raw( admin_url( 'admin.php?page=my-jetpack' ) ); $redirect = $redirect ? wp_validate_redirect( esc_url_raw( $redirect ), $jetpack_admin_page ) : $jetpack_admin_page; - // phpcs:ignore WordPress.Security.NonceVerification.Recommended - if ( isset( $_REQUEST['is_multisite'] ) ) { + if ( + class_exists( 'Jetpack_Network' ) + && isset( $_REQUEST['is_multisite'] ) // phpcs:ignore WordPress.Security.NonceVerification.Recommended + ) { $redirect = Jetpack_Network::init()->get_url( 'network_admin_page' ); } @@ -143,7 +157,6 @@ public static function filter_connect_redirect_url( $redirect ) { /** * Filters the connection URL parameter array. - * Copied from Jetpack class. * * @param array $args default URL parameters used by the package. * @return array the modified URL arguments array. @@ -170,7 +183,7 @@ public static function filter_connect_request_body( $args ) { ) ); - $calypso_env = self::get_calypso_env(); + $calypso_env = ( new Host() )->get_calypso_env(); if ( ! empty( $calypso_env ) ) { $args['calypso_env'] = $calypso_env; @@ -184,25 +197,15 @@ public static function filter_connect_request_body( $args ) { * it with different Calypso enrionments, such as localhost. * Copied from Jetpack class. * + * @deprecated $$next-version$$ + * * @since 1.37.1 * * @return string Calypso environment */ public static function get_calypso_env() { - // phpcs:ignore WordPress.Security.NonceVerification.Recommended - if ( isset( $_GET['calypso_env'] ) ) { - // phpcs:ignore WordPress.Security.NonceVerification.Recommended - return sanitize_key( $_GET['calypso_env'] ); - } - - if ( getenv( 'CALYPSO_ENV' ) ) { - return sanitize_key( getenv( 'CALYPSO_ENV' ) ); - } - - if ( defined( 'CALYPSO_ENV' ) && CALYPSO_ENV ) { - return sanitize_key( CALYPSO_ENV ); - } + _deprecated_function( __METHOD__, '$$next-version$$', 'Automattic\\Jetpack\\Status\\Host::get_calypso_env' ); - return ''; + return ( new Host() )->get_calypso_env(); } } diff --git a/projects/packages/jitm/changelog/update-sso-connect b/projects/packages/jitm/changelog/update-sso-connect new file mode 100644 index 0000000000000..bd6d06c6225fc --- /dev/null +++ b/projects/packages/jitm/changelog/update-sso-connect @@ -0,0 +1,5 @@ +Significance: patch +Type: changed +Comment: Phan config update + + diff --git a/projects/packages/jitm/src/class-jitm.php b/projects/packages/jitm/src/class-jitm.php index 6941f44627927..4ee87d842d5c6 100644 --- a/projects/packages/jitm/src/class-jitm.php +++ b/projects/packages/jitm/src/class-jitm.php @@ -20,7 +20,7 @@ */ class JITM { - const PACKAGE_VERSION = '3.1.9'; + const PACKAGE_VERSION = '3.1.10-alpha'; /** * The configuration method that is called from the jetpack-config package. diff --git a/projects/plugins/jetpack/changelog/update-sso-connect b/projects/plugins/jetpack/changelog/update-sso-connect new file mode 100644 index 0000000000000..13062e3a9dc3d --- /dev/null +++ b/projects/plugins/jetpack/changelog/update-sso-connect @@ -0,0 +1,4 @@ +Significance: patch +Type: other + +Janitorial: deprecate methods in Jetpack class in favor of methods from the Connection package. diff --git a/projects/plugins/jetpack/class.jetpack.php b/projects/plugins/jetpack/class.jetpack.php index 0337bf1953d7c..edbc30d462fe4 100644 --- a/projects/plugins/jetpack/class.jetpack.php +++ b/projects/plugins/jetpack/class.jetpack.php @@ -16,6 +16,7 @@ use Automattic\Jetpack\Connection\Rest_Authentication as Connection_Rest_Authentication; use Automattic\Jetpack\Connection\Secrets; use Automattic\Jetpack\Connection\Tokens; +use Automattic\Jetpack\Connection\Webhooks\Authorize_Redirect; use Automattic\Jetpack\Constants; use Automattic\Jetpack\CookieState; use Automattic\Jetpack\Current_Plan as Jetpack_Plan; @@ -824,7 +825,7 @@ function () { add_filter( 'jetpack_client_authorize_fallback_url', array( Jetpack_Client_Server::class, 'client_authorize_fallback_url' ) ); // Filters for the Manager::get_token() urls and request body. - add_filter( 'jetpack_token_redirect_url', array( __CLASS__, 'filter_connect_redirect_url' ) ); + add_filter( 'jetpack_token_redirect_url', array( Authorize_Redirect::class, 'filter_connect_redirect_url' ) ); add_filter( 'jetpack_token_request_body', array( __CLASS__, 'filter_token_request_body' ) ); // Filter for the `jetpack/v4/connection/data` API response. @@ -4353,7 +4354,7 @@ public function build_connect_url( $raw = false, $redirect = false, $from = fals } } - $url = static::build_authorize_url( $redirect ); + $url = ( new Authorize_Redirect( static::connection() ) )->build_authorize_url( $redirect ); } if ( $from ) { @@ -4380,64 +4381,28 @@ public function build_connect_url( $raw = false, $redirect = false, $from = fals * * @todo Update default value for redirect since the called function expects a string. * + * @deprecated $$next-version$$ + * * @return mixed|void */ public static function build_authorize_url( $redirect = false, $deprecated = null ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable + _deprecated_function( __METHOD__, 'jetpack-$$next-version$$', 'Authorize_Redirect::build_authorize_url' ); - add_filter( 'jetpack_connect_request_body', array( __CLASS__, 'filter_connect_request_body' ) ); - add_filter( 'jetpack_connect_redirect_url', array( __CLASS__, 'filter_connect_redirect_url' ) ); - - $c8n = self::connection(); - $url = $c8n->get_authorization_url( wp_get_current_user(), $redirect ); - - remove_filter( 'jetpack_connect_request_body', array( __CLASS__, 'filter_connect_request_body' ) ); - remove_filter( 'jetpack_connect_redirect_url', array( __CLASS__, 'filter_connect_redirect_url' ) ); - - /** - * Filter the URL used when authorizing a user to a WordPress.com account. - * - * @since 8.9.0 - * - * @param string $url Connection URL. - */ - return apply_filters( 'jetpack_build_authorize_url', $url ); + return ( new Authorize_Redirect( static::connection() ) )->build_authorize_url( $redirect ); } /** * Filters the connection URL parameter array. * + * @deprecated $$next-version$$ + * * @param array $args default URL parameters used by the package. * @return array the modified URL arguments array. */ public static function filter_connect_request_body( $args ) { - if ( - Constants::is_defined( 'JETPACK__GLOTPRESS_LOCALES_PATH' ) - && include_once Constants::get_constant( 'JETPACK__GLOTPRESS_LOCALES_PATH' ) - ) { - $gp_locale = GP_Locales::by_field( 'wp_locale', get_locale() ); - $args['locale'] = isset( $gp_locale ) && isset( $gp_locale->slug ) - ? $gp_locale->slug - : ''; - } - - $tracking = new Tracking(); - $tracks_identity = $tracking->tracks_get_identity( $args['state'] ); + _deprecated_function( __METHOD__, 'jetpack-$$next-version$$', 'Authorize_Redirect::filter_connect_request_body' ); - $args = array_merge( - $args, - array( - '_ui' => $tracks_identity['_ui'], - '_ut' => $tracks_identity['_ut'], - ) - ); - - $calypso_env = ( new Host() )->get_calypso_env(); - - if ( ! empty( $calypso_env ) ) { - $args['calypso_env'] = $calypso_env; - } - - return $args; + return Authorize_Redirect::filter_connect_request_body( $args ); } /** @@ -4479,20 +4444,14 @@ public static function filter_jetpack_current_user_connection_data( $current_use * Filters the redirection URL that is used for connect requests. The redirect * URL should return the user back to the Jetpack console. * + * @deprecated $$next-version$$ + * * @param String $redirect the default redirect URL used by the package. * @return String the modified URL. */ public static function filter_connect_redirect_url( $redirect ) { - $jetpack_admin_page = esc_url_raw( admin_url( 'admin.php?page=jetpack' ) ); - $redirect = $redirect - ? wp_validate_redirect( esc_url_raw( $redirect ), $jetpack_admin_page ) - : $jetpack_admin_page; - - if ( isset( $_REQUEST['is_multisite'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- not making a site change here. - $redirect = Jetpack_Network::init()->get_url( 'network_admin_page' ); - } - - return $redirect; + _deprecated_function( __METHOD__, 'jetpack-$$next-version$$', 'Authorize_Redirect::filter_connect_redirect_url' ); + return Authorize_Redirect::filter_connect_redirect_url( $redirect ); } /** diff --git a/projects/plugins/jetpack/tests/php/general/test_class.jetpack.php b/projects/plugins/jetpack/tests/php/general/test_class.jetpack.php index 20472171032f9..311cc2829d5e1 100644 --- a/projects/plugins/jetpack/tests/php/general/test_class.jetpack.php +++ b/projects/plugins/jetpack/tests/php/general/test_class.jetpack.php @@ -9,7 +9,6 @@ use Automattic\Jetpack\Connection\Manager as Connection_Manager; use Automattic\Jetpack\Constants; -use Automattic\Jetpack\Partner; use Automattic\Jetpack\Status; use Automattic\Jetpack\Status\Cache as StatusCache; @@ -1019,56 +1018,6 @@ public function test_wp_getOptions_hook_in_place() { $this->assertArrayHasKey( 'jetpack_version', $options ); } - /** - * Tests if Partner codes are added to the connect url. - * - * @dataProvider partner_code_provider - * - * @param string $code_type Partner code type. - * @param string $option_name Option and filter name. - * @param string $query_string_name Query string variable name. - */ - public function test_partner_codes_are_added_to_authorize_url( $code_type, $option_name, $query_string_name ) { - $test_code = 'abc-123'; - Partner::init(); - add_filter( - $option_name, - function () use ( $test_code ) { - return $test_code; - } - ); - $jetpack = \Jetpack::init(); - $url = $jetpack->build_authorize_url(); - - $parsed_vars = array(); - parse_str( wp_parse_url( $url, PHP_URL_QUERY ), $parsed_vars ); - - $this->assertArrayHasKey( $query_string_name, $parsed_vars ); - $this->assertSame( $test_code, $parsed_vars[ $query_string_name ] ); - } - - /** - * Provides code for test_partner_codes_are_added_to_authorize_url. - * - * @return array - */ - public function partner_code_provider() { - return array( - 'subsidiary_code' => - array( - Partner::SUBSIDIARY_CODE, // Code type. - 'jetpack_partner_subsidiary_id', // filter/option key. - 'subsidiaryId', // Query string parameter. - ), - 'affiliate_code' => - array( - Partner::AFFILIATE_CODE, - 'jetpack_affiliate_code', - 'aff', - ), - ); - } - /** * Tests login URL only adds redirect param when redirect param is in original request. *