X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=plugins%2FRequireValidatedEmail%2FRequireValidatedEmailPlugin.php;h=f6b3c4ef7c689dc779749aacd8658d5cc98952c0;hb=c8bc124f0d4c2f7293bfe3d23acbd8865c91795a;hp=ccefa14f62f7abffa33ececd6faace9859e94370;hpb=9b75e162c7002c1f29fa4ba6c1bfab7fb6b163f8;p=quix0rs-gnu-social.git diff --git a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php index ccefa14f62..f6b3c4ef7c 100644 --- a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php +++ b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php @@ -2,7 +2,8 @@ /** * StatusNet, the distributed open-source microblogging tool * - * Plugin that requires the user to have a validated email address before they can post notices + * Plugin that requires the user to have a validated email address before they + * can post notices * * PHP version 5 * @@ -21,8 +22,11 @@ * * @category Plugin * @package StatusNet - * @author Craig Andrews , Brion Vibber - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @author Craig Andrews + * @author Brion Vibber + * @author Evan Prodromou + * @copyright 2011 StatusNet Inc. http://status.net/ + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -31,30 +35,74 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } +/** + * Plugin for requiring a validated email before posting. + * + * Enable this plugin using addPlugin('RequireValidatedEmail'); + * + * @category Plugin + * @package StatusNet + * @author Craig Andrews + * @author Brion Vibber + * @author Evan Prodromou + * @author Mikael Nordfeldth + * @copyright 2009-2013 Free Software Foundation, Inc http://www.fsf.org + * @copyright 2009-2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ class RequireValidatedEmailPlugin extends Plugin { - // Users created before this time will be grandfathered in - // without the validation requirement. - public $grandfatherCutoff=null; + /** + * Users created before this time will be grandfathered in + * without the validation requirement. + */ + public $grandfatherCutoff = null; - function __construct() + /** + * If OpenID plugin is installed, users with a verified OpenID + * association whose provider URL matches one of these regexes + * will be considered to be sufficiently valid for our needs. + * + * For example, to trust WikiHow and Wikipedia OpenID users: + * + * addPlugin('RequireValidatedEmailPlugin', array( + * 'trustedOpenIDs' => array( + * '!^http://\w+\.wikihow\.com/!', + * '!^http://\w+\.wikipedia\.org/!', + * ), + * )); + */ + public $trustedOpenIDs = array(); + + /** + * Whether or not to disallow login for unvalidated users. + */ + public $disallowLogin = false; + + function onRouterInitialized(URLMapper $m) { - parent::__construct(); + $m->connect('main/confirmfirst/:code', + array('action' => 'confirmfirstemail')); + return true; } /** * Event handler for notice saves; rejects the notice * if user's address isn't validated. * - * @param Notice $notice + * @param Notice $notice The notice being saved + * * @return bool hook result code */ - function onStartNoticeSave($notice) + function onStartNoticeSave(Notice $notice) { - $user = User::staticGet('id', $notice->profile_id); + $user = User::getKV('id', $notice->profile_id); if (!empty($user)) { // it's a remote notice if (!$this->validated($user)) { - throw new ClientException(_m("You must validate your email address before posting.")); + // TRANS: Client exception thrown when trying to post notices before validating an e-mail address. + $msg = _m('You must validate your email address before posting.'); + throw new ClientException($msg); } } return true; @@ -64,20 +112,19 @@ class RequireValidatedEmailPlugin extends Plugin * Event handler for registration attempts; rejects the registration * if email field is missing. * - * @param RegisterAction $action + * @param Action $action Action being executed + * * @return bool hook result code */ - function onStartRegistrationTry($action) + function onStartRegisterUser(User &$user, Profile &$profile) { - $email = $action->trimmed('email'); + $email = $user->email; if (empty($email)) { - $action->showForm(_m('You must provide an email address to register.')); - return false; + // TRANS: Client exception thrown when trying to register without providing an e-mail address. + throw new ClientException(_m('You must provide an email address to register.')); } - // Default form will run address format validation and reject if bad. - return true; } @@ -85,32 +132,41 @@ class RequireValidatedEmailPlugin extends Plugin * Check if a user has a validated email address or has been * otherwise grandfathered in. * - * @param User $user + * @param User $user User to valide + * * @return bool */ protected function validated($user) { - if ($this->grandfathered($user)) { - return true; - } - // The email field is only stored after validation... // Until then you'll find them in confirm_address. - return !empty($user->email); + $knownGood = !empty($user->email) || + $this->grandfathered($user) || + $this->hasTrustedOpenID($user); + + // Give other plugins a chance to override, if they can validate + // that somebody's ok despite a non-validated email. + + // @todo FIXME: This isn't how to do it! Use Start*/End* instead + Event::handle('RequireValidatedEmailPlugin_Override', + array($user, &$knownGood)); + + return $knownGood; } /** * Check if a user was created before the grandfathering cutoff. * If so, we won't need to check for validation. * - * @param User $user - * @return bool + * @param User $user User to check + * + * @return bool true if user is grandfathered */ protected function grandfathered($user) { if ($this->grandfatherCutoff) { $created = strtotime($user->created . " GMT"); - $cutoff = strtotime($this->grandfatherCutoff); + $cutoff = strtotime($this->grandfatherCutoff); if ($created < $cutoff) { return true; } @@ -118,15 +174,105 @@ class RequireValidatedEmailPlugin extends Plugin return false; } - function onPluginVersion(&$versions) + /** + * Override for RequireValidatedEmail plugin. If we have a user who's + * not validated an e-mail, but did come from a trusted provider, + * we'll consider them ok. + * + * @param User $user User to check + * + * @return bool true if user has a trusted OpenID. + */ + function hasTrustedOpenID($user) { - $versions[] = array('name' => 'Require Validated Email', - 'version' => STATUSNET_VERSION, - 'author' => 'Craig Andrews, Evan Prodromou, Brion Vibber', - 'homepage' => 'http://status.net/wiki/Plugin:RequireValidatedEmail', - 'rawdescription' => - _m('The Require Validated Email plugin disables posting for accounts that do not have a validated email address.')); + if ($this->trustedOpenIDs && class_exists('User_openid')) { + foreach ($this->trustedOpenIDs as $regex) { + $oid = new User_openid(); + + $oid->user_id = $user->id; + + $oid->find(); + while ($oid->fetch()) { + if (preg_match($regex, $oid->canonical)) { + return true; + } + } + } + } + return false; + } + + /** + * Add version information for this plugin. + * + * @param array &$versions Array of associative arrays of version data + * + * @return boolean hook value + */ + function onPluginVersion(array &$versions) + { + $versions[] = + array('name' => 'Require Validated Email', + 'version' => GNUSOCIAL_VERSION, + 'author' => 'Craig Andrews, '. + 'Evan Prodromou, '. + 'Brion Vibber', + 'homepage' => + 'http://status.net/wiki/Plugin:RequireValidatedEmail', + 'rawdescription' => + // TRANS: Plugin description. + _m('Disables posting without a validated email address.')); + return true; } -} + /** + * Show an error message about validating user email before posting + * + * @param string $tag Current tab tag value + * @param Action $action action being shown + * @param Form $form object producing the form + * + * @return boolean hook value + */ + function onStartMakeEntryForm($tag, $action, &$form) + { + $user = common_current_user(); + if (!empty($user)) { + if (!$this->validated($user)) { + $action->element('div', array('class'=>'error'), _m('You must validate an email address before posting!')); + } + } + return true; + } + + /** + * Prevent unvalidated folks from creating spam groups. + * + * @param Profile $profile User profile we're checking + * @param string $right rights key + * @param boolean $result if overriding, set to true/false has right + * @return boolean hook result value + */ + function onUserRightsCheck(Profile $profile, $right, &$result) + { + if ($right == Right::CREATEGROUP || + ($this->disallowLogin && ($right == Right::WEBLOGIN || $right == Right::API))) { + $user = User::getKV('id', $profile->id); + if ($user && !$this->validated($user)) { + $result = false; + return false; + } + } + return true; + } + + function onLoginAction($action, &$login) + { + if ($action == 'confirmfirstemail') { + $login = true; + return false; + } + return true; + } +}