From 5b27f94c7fa2a85e68fab78f389f1f3bfbb19037 Mon Sep 17 00:00:00 2001 From: Eric Jinks <3147296+Jinksi@users.noreply.github.com> Date: Tue, 30 Apr 2024 16:32:26 +1000 Subject: [PATCH 1/5] Use `remote_request` when requesting survey endpoint to allow non-account-owner users to submit survey --- ...ass-wc-rest-payments-survey-controller.php | 35 ++++++++++--------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/includes/admin/class-wc-rest-payments-survey-controller.php b/includes/admin/class-wc-rest-payments-survey-controller.php index fb3f53b9b40..7bc7efbb2fc 100644 --- a/includes/admin/class-wc-rest-payments-survey-controller.php +++ b/includes/admin/class-wc-rest-payments-survey-controller.php @@ -105,34 +105,37 @@ public function submit_payments_overview_survey( WP_REST_Request $request ): WP_ // as an alternative, I could have also used the `jetpack_constant_default_value` filter, but this is shorter and also provides a fallback. defined( 'JETPACK__WPCOM_JSON_API_BASE' ) || define( 'JETPACK__WPCOM_JSON_API_BASE', 'https://public-api.wordpress.com' ); - $wpcom_request = $this->http_client->wpcom_json_api_request_as_user( - '/marketing/survey', - '2', + $request_body = [ + 'site_id' => $this->http_client->get_blog_id(), + 'survey_id' => 'wcpay-payment-activity', + 'survey_responses' => [ + 'rating' => $rating, + 'comments' => [ 'text' => $comments ], + 'wcpay-version' => [ 'text' => WCPAY_VERSION_NUMBER ], + ], + ]; + + $wpcom_response = $this->http_client->remote_request( [ + 'url' => WC_Payments_API_Client::ENDPOINT_BASE . '/marketing/survey', 'method' => 'POST', 'headers' => [ 'Content-Type' => 'application/json', 'X-Forwarded-For' => \WC_Geolocation::get_ip_address(), ], ], - [ - 'site_id' => $this->http_client->get_blog_id(), - 'survey_id' => 'wcpay-payment-activity', - 'survey_responses' => [ - 'rating' => $rating, - 'comments' => [ 'text' => $comments ], - 'wcpay-version' => [ 'text' => WCPAY_VERSION_NUMBER ], - ], - ] + wp_json_encode( $request_body ) ); - $wpcom_request_body = json_decode( wp_remote_retrieve_body( $wpcom_request ) ); + // TODO: getting "An active access token must be used to submit this survey" error response. + $wpcom_response_status_code = wp_remote_retrieve_response_code( $wpcom_response ); - if ( ! is_wp_error( $wpcom_request ) ) { - update_option( 'wcpay_survey_payment_overview_submitted', true ); + if ( 200 === $wpcom_response_status_code ) { + // update_option( 'wcpay_survey_payment_overview_submitted', true ); + trigger_error( 'wcpay_survey_payment_overview_submitted', E_USER_NOTICE ); } - return new WP_REST_Response( $wpcom_request_body, wp_remote_retrieve_response_code( $wpcom_request ) ); + return new WP_REST_Response( $wpcom_response, $wpcom_response_status_code ); } /** From ef896f31be98bf5e94e954b64d88f5c5e3f0cbcd Mon Sep 17 00:00:00 2001 From: Eric Jinks <3147296+Jinksi@users.noreply.github.com> Date: Wed, 1 May 2024 11:19:05 +1000 Subject: [PATCH 2/5] Use Jetpack connection owner user token when making POST request --- ...ass-wc-rest-payments-survey-controller.php | 50 +++++++++---------- 1 file changed, 24 insertions(+), 26 deletions(-) diff --git a/includes/admin/class-wc-rest-payments-survey-controller.php b/includes/admin/class-wc-rest-payments-survey-controller.php index 7bc7efbb2fc..7c8be6ae13d 100644 --- a/includes/admin/class-wc-rest-payments-survey-controller.php +++ b/includes/admin/class-wc-rest-payments-survey-controller.php @@ -98,41 +98,39 @@ public function submit_payments_overview_survey( WP_REST_Request $request ): WP_ ); } - // Jetpack connection 1.27.0 created a default value for this constant, but we're using an older version of the package - // https://github.com/Automattic/jetpack/blob/master/projects/packages/connection/CHANGELOG.md#1270---2021-05-25 - // - Connection: add the default value of JETPACK__WPCOM_JSON_API_BASE to the Connection Utils class - // this is just a patch so that we don't need to upgrade. - // as an alternative, I could have also used the `jetpack_constant_default_value` filter, but this is shorter and also provides a fallback. - defined( 'JETPACK__WPCOM_JSON_API_BASE' ) || define( 'JETPACK__WPCOM_JSON_API_BASE', 'https://public-api.wordpress.com' ); - - $request_body = [ - 'site_id' => $this->http_client->get_blog_id(), - 'survey_id' => 'wcpay-payment-activity', - 'survey_responses' => [ - 'rating' => $rating, - 'comments' => [ 'text' => $comments ], - 'wcpay-version' => [ 'text' => WCPAY_VERSION_NUMBER ], + $request_args = [ + 'url' => WC_Payments_API_Client::ENDPOINT_BASE . '/marketing/survey', + 'method' => 'POST', + 'headers' => [ + 'Content-Type' => 'application/json', + 'X-Forwarded-For' => \WC_Geolocation::get_ip_address(), ], ]; - - $wpcom_response = $this->http_client->remote_request( + $request_body = wp_json_encode( [ - 'url' => WC_Payments_API_Client::ENDPOINT_BASE . '/marketing/survey', - 'method' => 'POST', - 'headers' => [ - 'Content-Type' => 'application/json', - 'X-Forwarded-For' => \WC_Geolocation::get_ip_address(), + 'site_id' => $this->http_client->get_blog_id(), + 'survey_id' => 'wcpay-payment-activity', + 'survey_responses' => [ + 'rating' => $rating, + 'comments' => [ 'text' => $comments ], + 'wcpay-version' => [ 'text' => WCPAY_VERSION_NUMBER ], ], - ], - wp_json_encode( $request_body ) + ] + ); + $is_site_specific = true; + $use_user_token = true; + + $wpcom_response = $this->http_client->remote_request( + $request_args, + $request_body, + $is_site_specific, + $use_user_token ); - // TODO: getting "An active access token must be used to submit this survey" error response. $wpcom_response_status_code = wp_remote_retrieve_response_code( $wpcom_response ); if ( 200 === $wpcom_response_status_code ) { - // update_option( 'wcpay_survey_payment_overview_submitted', true ); - trigger_error( 'wcpay_survey_payment_overview_submitted', E_USER_NOTICE ); + update_option( 'wcpay_survey_payment_overview_submitted', true ); } return new WP_REST_Response( $wpcom_response, $wpcom_response_status_code ); From 71a3161f50c0084c594d4966bb830e3dcf9b1f2d Mon Sep 17 00:00:00 2001 From: Eric Jinks <3147296+Jinksi@users.noreply.github.com> Date: Wed, 1 May 2024 11:20:34 +1000 Subject: [PATCH 3/5] Add `remote_request` `$use_user_token` docblock detail to mention it is the Jetpack connection owner --- includes/wc-payment-api/class-wc-payments-http.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/wc-payment-api/class-wc-payments-http.php b/includes/wc-payment-api/class-wc-payments-http.php index ba7c6fe4a52..65081e8be10 100644 --- a/includes/wc-payment-api/class-wc-payments-http.php +++ b/includes/wc-payment-api/class-wc-payments-http.php @@ -49,7 +49,7 @@ public function init_hooks() { * @param array $args - The arguments to passed to Jetpack. * @param string $body - The body passed on to the HTTP request. * @param bool $is_site_specific - If true, the site ID will be included in the request url. Defaults to true. - * @param bool $use_user_token - If true, the request will be signed with the user token rather than blog token. Defaults to false. + * @param bool $use_user_token - If true, the request will be signed with the Jetpack connection owner user token rather than blog token. Defaults to false. * * @return array HTTP response on success. * @throws API_Exception - If not connected or request failed. From a581fed6a052fbdfc6f2a6113d806f54b2d60a2f Mon Sep 17 00:00:00 2001 From: Eric Jinks <3147296+Jinksi@users.noreply.github.com> Date: Wed, 1 May 2024 12:20:24 +1000 Subject: [PATCH 4/5] Add changelog entry --- changelog/fix-8710-payment-activity-survey-all-admin-users | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changelog/fix-8710-payment-activity-survey-all-admin-users diff --git a/changelog/fix-8710-payment-activity-survey-all-admin-users b/changelog/fix-8710-payment-activity-survey-all-admin-users new file mode 100644 index 00000000000..1855a4385bb --- /dev/null +++ b/changelog/fix-8710-payment-activity-survey-all-admin-users @@ -0,0 +1,5 @@ +Significance: patch +Type: fix +Comment: Part of Payment Activity Card behind feature flag. Allow non-accountholder users to submit the feedback survey. + + From f9e70966c09ab9fd4e325bb34af20abc1adf2724 Mon Sep 17 00:00:00 2001 From: Eric Jinks <3147296+Jinksi@users.noreply.github.com> Date: Wed, 1 May 2024 12:52:38 +1000 Subject: [PATCH 5/5] Update test `test_valid_request_forwards_data_to_jetpack` to use `remote_request` --- ...ass-wc-rest-payments-survey-controller.php | 33 ++++++++++++------- 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/tests/unit/admin/test-class-wc-rest-payments-survey-controller.php b/tests/unit/admin/test-class-wc-rest-payments-survey-controller.php index edc7d5aad60..cf0480ec993 100644 --- a/tests/unit/admin/test-class-wc-rest-payments-survey-controller.php +++ b/tests/unit/admin/test-class-wc-rest-payments-survey-controller.php @@ -38,7 +38,7 @@ public function setUp(): void { // Set the user so that we can pass the authentication. wp_set_current_user( 1 ); - $this->http_client_stub = $this->getMockBuilder( WC_Payments_Http::class )->disableOriginalConstructor()->setMethods( [ 'wpcom_json_api_request_as_user' ] )->getMock(); + $this->http_client_stub = $this->getMockBuilder( WC_Payments_Http::class )->disableOriginalConstructor()->setMethods( [ 'remote_request' ] )->getMock(); $this->controller = new WC_REST_Payments_Survey_Controller( $this->http_client_stub ); } @@ -63,33 +63,42 @@ public function test_empty_rating_returns_400_status_code() { $this->assertEquals( 400, $response->get_status() ); } + public function test_valid_request_forwards_data_to_jetpack() { + $request_url = WC_Payments_API_Client::ENDPOINT_BASE . '/marketing/survey'; + $this->http_client_stub ->expects( $this->any() ) - ->method( 'wpcom_json_api_request_as_user' ) + ->method( 'remote_request' ) ->with( - $this->stringContains( '/marketing/survey' ), - $this->anything(), - $this->anything(), + // Check the request argument URL is the same. + $this->callback( + function ( $argument ) use ( $request_url ) { + return $request_url === $argument['url']; + } + ), $this->logicalAnd( - $this->arrayHasKey( 'survey_id' ), - $this->arrayHasKey( 'survey_responses' ), $this->callback( function ( $argument ) { - return 'wcpay-payment-activity' === $argument['survey_id']; + $json_body = json_decode( $argument, true ); + return 'wcpay-payment-activity' === $json_body['survey_id']; } ), $this->callback( function ( $argument ) { - return 'happy' === $argument['survey_responses']['rating']; + $json_body = json_decode( $argument, true ); + return 'happy' === $json_body['survey_responses']['rating']; } ), $this->callback( function ( $argument ) { - return 'test comment' === $argument['survey_responses']['comments']['text']; + $json_body = json_decode( $argument, true ); + return 'test comment' === $json_body['survey_responses']['comments']['text']; } - ) - ) + ), + ), + $this->isTrue(), + $this->isTrue(), ) ->willReturn( [