diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php index 43c29ac88837c..38690532ebe49 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php @@ -656,6 +656,25 @@ public function create_item( $request ) { } } + /** + * Filters the type of notification sent upon new user registration. + * + * This filter allows customization of the notification type when a new user is created via REST API. + * + * @since 7.0.0 + * + * @param string $notify Determines who gets notified. Accepts: + * - 'admin': Notify only the site administrator. This is the default. + * - 'user': Notify only the new user. + * - 'both': Notify both admin and user. + * - Any other value (e.g. `false`), no notification is sent. + * @param int $user_id User ID. + */ + $notify = apply_filters( 'rest_wp_user_created_notification', 'admin', $user_id ); + if ( in_array( $notify, array( 'admin', 'user', 'both' ), true ) ) { + wp_new_user_notification( $user_id, null, $notify ); + } + $user = get_user_by( 'id', $user_id ); /** diff --git a/tests/phpunit/tests/rest-api/rest-users-controller.php b/tests/phpunit/tests/rest-api/rest-users-controller.php index b78e95b95f48d..eed1d182f7004 100644 --- a/tests/phpunit/tests/rest-api/rest-users-controller.php +++ b/tests/phpunit/tests/rest-api/rest-users-controller.php @@ -1376,6 +1376,94 @@ public function test_create_item() { $this->check_add_edit_user_response( $response ); } + /** + * @ticket 40477 + */ + public function test_create_user_sends_admin_notification() { + if ( is_multisite() ) { + grant_super_admin( self::$user ); + } + + wp_set_current_user( self::$user ); + reset_phpmailer_instance(); + + $request = new WP_REST_Request( 'POST', '/wp/v2/users' ); + $request->set_param( 'username', 'testuser' ); + $request->set_param( 'email', 'testuser@example.com' ); + $request->set_param( 'password', 'testpassword' ); + $response = rest_get_server()->dispatch( $request ); + + $this->assertSame( 201, $response->get_status() ); + + $mailer = tests_retrieve_phpmailer_instance(); + $this->assertNotEmpty( $mailer->mock_sent, 'No emails were sent' ); + + // Check that at least one email was sent to the admin. + $admin_email = get_option( 'admin_email' ); + $recipients = array_column( $mailer->mock_sent, 'to' ); + $admin_notified = false; + + foreach ( $recipients as $recipient_list ) { + if ( isset( $recipient_list[0][0] ) && $recipient_list[0][0] === $admin_email ) { + $admin_notified = true; + break; + } + } + + $this->assertTrue( $admin_notified, 'Admin email notification was not sent' ); + } + + /** + * @ticket 40477 + */ + public function test_create_user_notification_respects_filter() { + if ( is_multisite() ) { + grant_super_admin( self::$user ); + } + + wp_set_current_user( self::$user ); + add_filter( + 'rest_wp_user_created_notification', + function () { + return 'both'; + } + ); + + reset_phpmailer_instance(); + + $user_email = 'testuser2@example.com'; + $request = new WP_REST_Request( 'POST', '/wp/v2/users' ); + $request->set_param( 'username', 'testuser2' ); + $request->set_param( 'email', $user_email ); + $request->set_param( 'password', 'testpassword2' ); + rest_get_server()->dispatch( $request ); + + $mailer = tests_retrieve_phpmailer_instance(); + $this->assertGreaterThanOrEqual( 2, count( $mailer->mock_sent ), 'Expected at least 2 emails (admin + user)' ); + + // Verify both admin and user received notifications. + $admin_email = get_option( 'admin_email' ); + $recipients = array_column( $mailer->mock_sent, 'to' ); + $admin_notified = false; + $user_notified = false; + + foreach ( $recipients as $recipient_list ) { + if ( isset( $recipient_list[0][0] ) ) { + if ( $recipient_list[0][0] === $admin_email ) { + $admin_notified = true; + } + if ( $recipient_list[0][0] === $user_email ) { + $user_notified = true; + } + } + } + + $this->assertTrue( $admin_notified, 'Admin email notification was not sent' ); + $this->assertTrue( $user_notified, 'User email notification was not sent' ); + + remove_all_filters( 'rest_wp_user_created_notification' ); + } + public function test_create_item_invalid_username() { $this->allow_user_to_manage_multisite();