From bf8a3c1931f0c84fa3981e929b61d6e0b5bbc5e8 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Mon, 21 Feb 2011 16:20:10 -0500
Subject: [PATCH] disallow login for users without validated email

---
 .../RequireValidatedEmailPlugin.php                   | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php
index 980b7beb6e..ad6503e0b7 100644
--- a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php
+++ b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php
@@ -24,6 +24,8 @@
  * @package   StatusNet
  * @author    Craig Andrews <candrews@integralblue.com>
  * @author    Brion Vibber <brion@status.net>
+ * @author    Evan Prodromou <evan@status.net>
+ * @copyright 2011 StatusNet Inc. http://status.net/
  * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link      http://status.net/
@@ -75,6 +77,12 @@ class RequireValidatedEmailPlugin extends Plugin
 
     public $trustedOpenIDs = array();
 
+    /**
+     * Whether or not to disallow login for unvalidated users.
+     */
+
+    public $disallowLogin = false;
+
     /**
      * Event handler for notice saves; rejects the notice
      * if user's address isn't validated.
@@ -246,7 +254,8 @@ class RequireValidatedEmailPlugin extends Plugin
      */
     function onUserRightsCheck(Profile $profile, $right, &$result)
     {
-        if ($right == Right::CREATEGROUP) {
+        if ($right == Right::CREATEGROUP ||
+            ($this->disallowLogin && ($right == Right::WEBLOGIN || $right == Right::API))) {
             $user = User::staticGet('id', $profile->id);
             if ($user && !$this->validated($user)) {
                 $result = false;
-- 
2.39.5