Stats: add 'stats/blog' REST endpoint (#36571)

* Stats: add 'stats/blog' REST endpoint.

* Version bump.

* Fix unit tests.

* Fix tests.

* Fix phan.

* Add package version tracking.

* Add unit tests for the package version tracking.

---------

Co-authored-by: Jeremy Herve <[email protected]>

Author: sergeymitr

projects/packages/stats/changelog/add-rest-endpoint-get-blog

@@ -0,0 +1,4 @@
+Significance: minor
+Type: added
+
+Add the 'stats/blog' REST endpoint.

projects/packages/stats/composer.json

@@ -50,7 +50,7 @@
 			"link-template": "https://github.com/Automattic/jetpack-stats/compare/v${old}...v${new}"
 		},
 		"branch-alias": {
-			"dev-trunk": "0.11.x-dev"
+			"dev-trunk": "0.12.x-dev"
 		},
 		"textdomain": "jetpack-stats"
 	},

projects/packages/stats/src/class-main.php

@@ -75,6 +75,10 @@ private function __construct() {
 		add_filter( 'map_meta_cap', array( __CLASS__, 'map_meta_caps' ), 10, 3 );
 
 		XMLRPC_Provider::init();
+		REST_Provider::init();
+
+		// Set up package version hook.
+		add_filter( 'jetpack_package_versions', __NAMESPACE__ . '\Package_Version::send_package_version_to_tracker' );
 	}
 
 	/**

projects/packages/stats/src/class-package-version.php

@@ -0,0 +1,30 @@
+<?php
+/**
+ * The Package_Version class.
+ *
+ * @package automattic/jetpack-stats
+ */
+
+namespace Automattic\Jetpack\Stats;
+
+/**
+ * The Package_Version class.
+ */
+class Package_Version {
+
+	const PACKAGE_VERSION = '0.12.0-alpha';
+
+	const PACKAGE_SLUG = 'stats';
+
+	/**
+	 * Adds the package slug and version to the package version tracker's data.
+	 *
+	 * @param array $package_versions The package version array.
+	 *
+	 * @return array The package version array.
+	 */
+	public static function send_package_version_to_tracker( $package_versions ) {
+		$package_versions[ self::PACKAGE_SLUG ] = self::PACKAGE_VERSION;
+		return $package_versions;
+	}
+}

projects/packages/stats/src/class-rest-provider.php

@@ -0,0 +1,90 @@
+<?php
+/**
+ * The Stats REST Provider class.
+ *
+ * @package @automattic/jetpack-stats
+ */
+
+namespace Automattic\Jetpack\Stats;
+
+use Automattic\Jetpack\Connection\Rest_Authentication;
+use Automattic\Jetpack\Connection\REST_Connector;
+use WP_Error;
+use WP_REST_Server;
+
+/**
+ * The REST API provider class.
+ *
+ * @since $$next-version$$
+ */
+class REST_Provider {
+	/**
+	 * Singleton instance.
+	 *
+	 * @var REST_Provider
+	 **/
+	private static $instance = null;
+
+	/**
+	 * Private constructor.
+	 *
+	 * Use the static::init() method to get an instance.
+	 */
+	private function __construct() {
+		add_action( 'rest_api_init', array( $this, 'initialize_rest_api' ) );
+	}
+
+	/**
+	 * Initialize class and get back a singleton instance.
+	 *
+	 * @param bool $new_instance Force create new instance.
+	 *
+	 * @return static
+	 */
+	public static function init( $new_instance = false ) {
+		if ( null === self::$instance || $new_instance ) {
+			self::$instance = new static();
+		}
+
+		return self::$instance;
+	}
+
+	/**
+	 * Initialize the REST API.
+	 *
+	 * @return void
+	 */
+	public function initialize_rest_api() {
+		register_rest_route(
+			'jetpack/v4',
+			'/stats/blog',
+			array(
+				'methods'             => WP_REST_Server::READABLE,
+				'callback'            => array( $this, 'get_blog' ),
+				'permission_callback' => array( $this, 'get_blog_permission_check' ),
+			)
+		);
+	}
+
+	/**
+	 * Get the stats blog data.
+	 *
+	 * @since $$next-version$$
+	 *
+	 * @return array
+	 */
+	public function get_blog() {
+		return XMLRPC_Provider::init()->get_blog();
+	}
+
+	/**
+	 * Check permissions for the `/stats/blog` endpoint.
+	 *
+	 * @return WP_Error|true
+	 */
+	public function get_blog_permission_check() {
+		return Rest_Authentication::is_signed_with_blog_token()
+			? true
+			: new WP_Error( 'invalid_permission_stats_get_blog', REST_Connector::get_user_permissions_error_msg(), array( 'status' => rest_authorization_required_code() ) );
+	}
+}

projects/packages/stats/src/class-xmlrpc-provider.php

@@ -38,10 +38,12 @@ private function __construct() {
 	/**
 	 * Initialize class and get back a singleton instance.
 	 *
+	 * @param bool $new_instance Force create new instance.
+	 *
 	 * @return XMLRPC_Provider
 	 */
-	public static function init() {
-		if ( null === self::$instance ) {
+	public static function init( $new_instance = false ) {
+		if ( null === self::$instance || $new_instance ) {
 			self::$instance = new XMLRPC_Provider();
 		}
 

projects/packages/stats/tests/php/test-package-version.php

@@ -0,0 +1,46 @@
+<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
+
+namespace Automattic\Jetpack\Stats;
+
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Unit tests for the Package_Version class.
+ *
+ * @package automattic/jetpack-stats
+ */
+class Test_Package_Version extends TestCase {
+
+	/**
+	 * Tests that the stats package version is added to the package versions array obtained by the
+	 * Package_Version_Tracker.
+	 */
+	public function test_send_package_version_to_tracker_empty_array() {
+		$expected = array(
+			Package_Version::PACKAGE_SLUG => Package_Version::PACKAGE_VERSION,
+		);
+
+		Main::init();
+
+		$this->assertSame( $expected, apply_filters( 'jetpack_package_versions', array() ) );
+	}
+
+	/**
+	 * Tests that the stats package version is added to the package versions array obtained by the
+	 * Package_Version_Tracker.
+	 */
+	public function test_send_package_version_to_tracker_existing_array() {
+		$existing_array = array(
+			'test-package-slug' => '1.0.0',
+		);
+
+		$expected = array_merge(
+			$existing_array,
+			array( Package_Version::PACKAGE_SLUG => Package_Version::PACKAGE_VERSION )
+		);
+
+		add_filter( 'jetpack_package_versions', __NAMESPACE__ . '\Package_Version::send_package_version_to_tracker' );
+
+		$this->assertSame( $expected, apply_filters( 'jetpack_package_versions', $existing_array ) );
+	}
+}

projects/packages/stats/tests/php/test-rest-provider.php

@@ -0,0 +1,178 @@
+<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
+
+namespace Automattic\Jetpack\Stats;
+
+use Automattic\Jetpack\Connection\Rest_Authentication as Connection_Rest_Authentication;
+use PHPUnit\Framework\TestCase;
+use WP_REST_Request;
+use WP_REST_Server;
+
+/**
+ * Unit tests for the REST API endpoints.
+ *
+ * @package automattic/jetpack-stats
+ * @see \Automattic\Jetpack\Stats\REST_Provider
+ */
+class Test_REST_Provider extends TestCase {
+	/**
+	 * REST Server object.
+	 *
+	 * @var WP_REST_Server
+	 */
+	private $server;
+
+	const BLOG_TOKEN = 'new.blogtoken';
+	const BLOG_ID    = 42;
+
+	/**
+	 * Setting up the test.
+	 *
+	 * @before
+	 */
+	public function set_up() {
+		global $wp_rest_server;
+
+		$wp_rest_server = new WP_REST_Server();
+		$this->server   = $wp_rest_server;
+
+		REST_Provider::init( true );
+		do_action( 'rest_api_init' );
+	}
+
+	/**
+	 * Returning the environment into its initial state.
+	 *
+	 * @after
+	 */
+	public function tear_down() {
+		unset( $_SERVER['REQUEST_METHOD'] );
+		$_GET = array();
+
+		Connection_Rest_Authentication::init()->reset_saved_auth_state();
+	}
+
+	/**
+	 * Testing the `remote_provision` endpoint without authentication.
+	 * Response: failed authorization.
+	 */
+	public function test_get_blog_unauthenticated() {
+		wp_set_current_user( 0 );
+		$request = new WP_REST_Request( 'GET', '/jetpack/v4/stats/blog' );
+		$request->set_header( 'Content-Type', 'application/json' );
+
+		// Mock full connection established.
+		add_filter( 'jetpack_options', array( $this, 'mock_jetpack_options' ), 10, 2 );
+
+		$response      = $this->server->dispatch( $request );
+		$response_data = $response->get_data();
+
+		remove_filter( 'jetpack_options', array( $this, 'mock_jetpack_options' ), 10 );
+
+		static::assertEquals( 'invalid_permission_stats_get_blog', $response_data['code'] );
+		static::assertEquals( 401, $response_data['data']['status'] );
+	}
+
+	/**
+	 * Testing the `remote_provision` endpoint with proper authentication.
+	 * We intentionally provide an invalid user ID so the `Jetpack_XMLRPC_Server::remote_provision()` would trigger an error.
+	 * Response: `input_error`, meaning that the REST endpoint passed the data to the handler.
+	 */
+	public function test_get_blog_authenticated() {
+		wp_set_current_user( 0 );
+
+		// Mock full connection established.
+		add_filter( 'jetpack_options', array( $this, 'mock_jetpack_options' ), 10, 2 );
+
+		$_SERVER['REQUEST_METHOD'] = 'POST';
+
+		$_GET['_for']      = 'jetpack';
+		$_GET['token']     = 'new:1:0';
+		$_GET['timestamp'] = (string) time();
+		$_GET['nonce']     = 'testing123';
+		$_GET['body-hash'] = '';
+		// This is intentionally using base64_encode().
+		// phpcs:disable WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
+		// phpcs:disable WordPress.Security.NonceVerification.Recommended
+		// phpcs:disable WordPress.Security.ValidatedSanitizedInput
+		$_GET['signature'] = base64_encode(
+			hash_hmac(
+				'sha1',
+				implode(
+					"\n",
+					$data  = array(
+						$_GET['token'],
+						$_GET['timestamp'],
+						$_GET['nonce'],
+						$_GET['body-hash'],
+						'POST',
+						'anything.example',
+						'80',
+						'',
+					)
+				) . "\n",
+				'blogtoken',
+				true
+			)
+		);
+		// phpcs:enable WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
+		// phpcs:enable WordPress.Security.NonceVerification.Recommended
+		// phpcs:enable WordPress.Security.ValidatedSanitizedInput
+
+		Connection_Rest_Authentication::init()->wp_rest_authenticate( false );
+
+		$request = new WP_REST_Request( 'GET', '/jetpack/v4/stats/blog' );
+		$request->set_header( 'Content-Type', 'application/json' );
+
+		$response      = $this->server->dispatch( $request );
+		$response_data = $response->get_data();
+
+		remove_filter( 'jetpack_options', array( $this, 'mock_jetpack_options' ), 10 );
+
+		$expected_stats_blog = array(
+			'admin_bar'                => true,
+			'count_roles'              => array(),
+			'do_not_track'             => true,
+			'version'                  => Main::STATS_VERSION,
+			'collapse_nudges'          => false,
+			'enable_odyssey_stats'     => true,
+			'odyssey_stats_changed_at' => 0,
+			'notices'                  => array(),
+			'views'                    => 0,
+			'host'                     => 'example.org',
+			'path'                     => '/',
+			'blogname'                 => false,
+			'blogdescription'          => false,
+			'siteurl'                  => 'http://example.org',
+			'gmt_offset'               => false,
+			'timezone_string'          => false,
+			'stats_version'            => Main::STATS_VERSION,
+			'stats_api'                => 'jetpack',
+			'page_on_front'            => false,
+			'permalink_structure'      => false,
+			'category_base'            => false,
+			'tag_base'                 => false,
+		);
+
+		$this->assertSame( $expected_stats_blog, $response_data );
+	}
+
+	/**
+	 * Intercept the `Jetpack_Options` call and mock the values.
+	 * Full connection set-up.
+	 *
+	 * @param mixed  $value The current option value.
+	 * @param string $name Option name.
+	 *
+	 * @return mixed
+	 */
+	public function mock_jetpack_options( $value, $name ) {
+		switch ( $name ) {
+			case 'blog_token':
+				return self::BLOG_TOKEN;
+			case 'id':
+				return self::BLOG_ID;
+		}
+
+		return $value;
+	}
+}

projects/packages/stats/tests/php/test-xmlrpc-provider.php

@@ -30,7 +30,7 @@ class Test_XMLRPC_Provider extends StatsBaseTestCase {
 	protected function set_up() {
 		parent::set_up();
 
-		$this->xmlrpc_instance = XMLRPC_Provider::init();
+		$this->xmlrpc_instance = XMLRPC_Provider::init( true );
 	}
 
 	/**