API: create REST endpoint for 'features/available' (#39442)

* API: create REST endpoint for 'features/available'.

* Added test for succesful authentication for the features available rest endpoint

* Removing deprecated legacy features_available

* changelog

---------

Co-authored-by: Juanma Rodriguez Escriche <[email protected]>

projects/packages/connection/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: major
+Type: removed
+
+Connection: Removed deprecated method features_available

projects/packages/connection/legacy/class-jetpack-xmlrpc-server.php

@@ -823,24 +823,6 @@ public function disconnect_blog() {
 		return false;
 	}
 
-	/**
-	 * Deprecated: This method is no longer part of the Connection package and now lives on the Jetpack plugin.
-	 *
-	 * Returns what features are available. Uses the slug of the module files.
-	 *
-	 * @deprecated since 1.25.0
-	 * @see Jetpack_XMLRPC_Methods::features_available() in the Jetpack plugin
-	 *
-	 * @return array
-	 */
-	public function features_available() {
-		_deprecated_function( __METHOD__, '1.25.0', 'Jetpack_XMLRPC_Methods::features_available()' );
-		if ( class_exists( 'Jetpack_XMLRPC_Methods' ) ) {
-			return Jetpack_XMLRPC_Methods::features_available();
-		}
-		return array();
-	}
-
 	/**
 	 * Deprecated: This method is no longer part of the Connection package and now lives on the Jetpack plugin.
 	 *

projects/plugins/automattic-for-agencies-client/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: removed
+
+Connection: Removed deprecated method features_available

projects/plugins/backup/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: removed
+
+Connection: Removed deprecated method features_available

projects/plugins/boost/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: removed
+
+Connection: Removed deprecated method features_available

projects/plugins/inspect/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: removed
+
+Connection: Removed deprecated method features_available

projects/plugins/jetpack/_inc/lib/class.core-rest-api-endpoints.php

@@ -787,6 +787,21 @@ public static function register_endpoints() {
 				),
 			)
 		);
+
+		/**
+		 * Get the list of available Jetpack features.
+		 *
+		 * @since $$next-version$$
+		 */
+		register_rest_route(
+			'jetpack/v4',
+			'/features/available',
+			array(
+				'methods'             => WP_REST_Server::READABLE,
+				'callback'            => array( static::class, 'get_features_available' ),
+				'permission_callback' => array( static::class, 'get_features_permission_check' ),
+			)
+		);
 	}
 
 	/**
@@ -4467,4 +4482,38 @@ public static function get_intro_offers() {
 			)
 		);
 	}
+
+	/**
+	 * Return the list of available features.
+	 *
+	 * @return array
+	 */
+	public static function get_features_available() {
+		$raw_modules = Jetpack::get_available_modules();
+		$modules     = array();
+		foreach ( $raw_modules as $module ) {
+			$modules[] = Jetpack::get_module_slug( $module );
+		}
+
+		return $modules;
+	}
+
+	/**
+	 * Verify that the API client is allowed to replace user token.
+	 *
+	 * @since 1.29.0
+	 *
+	 * @return bool|WP_Error
+	 */
+	public static function get_features_permission_check() {
+		if ( ! Rest_Authentication::is_signed_with_blog_token() ) {
+			$message = esc_html__(
+				'You do not have the correct user permissions to perform this action. Please contact your site admin if you think this is a mistake.',
+				'jetpack'
+			);
+			return new WP_Error( 'invalid_permission_fetch_features', $message, array( 'status' => rest_authorization_required_code() ) );
+		}
+
+		return true;
+	}
 } // class end

projects/plugins/jetpack/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: other
+
+Create the 'features/available' REST endpoint.

projects/plugins/jetpack/class-jetpack-xmlrpc-methods.php

@@ -44,6 +44,8 @@ public static function xmlrpc_methods( $methods ) {
 	/**
 	 * Returns what features are available. Uses the slug of the module files.
 	 *
+	 * @deprecated $$next-version$$
+	 * @see Jetpack_Core_Json_Api_Endpoints::get_features_available()
 	 * @return array
 	 */
 	public static function features_available() {

projects/plugins/jetpack/tests/php/_inc/lib/test_class.rest-api-authentication.php

@@ -242,6 +242,50 @@ public function test_jetpack_rest_api_get_authentication_success_with_blog_token
 		$this->assertSame( 0, get_current_user_id() );
 	}
 
+	/**
+	 * @author darssen
+	 *
+	 * Test the 'features/available' endpoint authentication.
+	 *
+	 * @since $$next-version$$
+	 */
+	public function test_jetpack_rest_api_get_features_available_authentication_success() {
+		add_filter( 'pre_option_jetpack_private_options', array( $this, 'mock_jetpack_private_options' ), 10, 2 );
+		$token     = 'pretend_this_is_valid_blog_token:1:0';
+		$timestamp = (string) time();
+		$nonce     = 'testing123';
+		$body_hash = '';
+
+		$_GET['token']     = $token;
+		$_GET['timestamp'] = $timestamp;
+		$_GET['nonce']     = $nonce;
+		$_GET['body-hash'] = $body_hash;
+		$_GET['signature'] = base64_encode(
+			hash_hmac(
+				'sha1',
+				implode(
+					"\n",
+					array(
+						$token,
+						$timestamp,
+						$nonce,
+						$body_hash,
+						'GET',
+						'example.org',
+						'80',
+						'/jetpack/v4/features/available',
+						'qstest=yep',
+					)
+				) . "\n",
+				'secret_blog',
+				true
+			)
+		);
+		$this->request     = new WP_REST_Request( 'GET', '/jetpack/v4/features/available' );
+		$response          = $this->server->dispatch( $this->request );
+		$this->assertEquals( 200, $response->get_status() );
+	}
+
 	/**
 	 * @author jnylen0
 	 */

projects/plugins/jetpack/tests/php/_inc/lib/test_class.rest-api-endpoints.php

@@ -1224,4 +1224,17 @@ public function test_post_seen_wc_connection_modal_success() {
 		$this->assertResponseStatus( 200, $response );
 		$this->assertResponseData( array( 'success' => true ), $response );
 	}
+
+	/**
+	 * Test the 'features/available' endpoint, unauthorized.
+	 *
+	 * @since $$next-version$$
+	 */
+	public function test_features_available_unauthorized() {
+		// Create REST request in JSON format and dispatch
+		$response = $this->create_and_get_request( 'features/available' );
+
+		$this->assertResponseStatus( 401, $response );
+		$this->assertResponseData( array( 'code' => 'invalid_permission_fetch_features' ), $response );
+	}
 } // class end

projects/plugins/migration/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: removed
+
+Connection: Removed deprecated method features_available

projects/plugins/mu-wpcom-plugin/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: removed
+
+Connection: Removed deprecated method features_available

projects/plugins/protect/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: removed
+
+Connection: Removed deprecated method features_available

projects/plugins/search/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: removed
+
+Connection: Removed deprecated method features_available

projects/plugins/social/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: removed
+
+Connection: Removed deprecated method features_available

projects/plugins/starter-plugin/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: removed
+
+Connection: Removed deprecated method features_available

projects/plugins/videopress/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: removed
+
+Connection: Removed deprecated method features_available

projects/plugins/wpcomsh/changelog/add-restful-features-available

@@ -0,0 +1,4 @@
+Significance: minor
+Type: removed
+
+Connection: Removed deprecated method features_available