[RequireValidatedEmail] Only check current user posts
This check made registration impossible when welcomeuser didn't have validation as well. And rename the "grandfatherCutoff" option to "exemptBefore". "Grandfathering" is a relatively obscure term linked to the history of the United States of America, so replace that with something self-descriptive.
This commit is contained in:
parent
2de195d20c
commit
024f5fe3a8
@ -1,30 +0,0 @@
|
|||||||
This plugin disables posting for accounts that do not have a
|
|
||||||
validated email address.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
addPlugin('RequireValidatedEmail');
|
|
||||||
|
|
||||||
If you don't want to apply the validationr equirement to existing
|
|
||||||
accounts, you can specify a cutoff date to grandfather in users
|
|
||||||
registered prior to that timestamp.
|
|
||||||
|
|
||||||
addPlugin('RequireValidatedEmail',
|
|
||||||
array('grandfatherCutoff' => 'Dec 7, 2009');
|
|
||||||
|
|
||||||
You can also exclude the validation checks from OpenID accounts
|
|
||||||
connected to a trusted provider, by providing a list of regular
|
|
||||||
expressions to match their provider URLs.
|
|
||||||
|
|
||||||
For example, to trust WikiHow and Wikipedia users:
|
|
||||||
|
|
||||||
addPlugin('RequireValidatedEmailPlugin', array(
|
|
||||||
'trustedOpenIDs' => array(
|
|
||||||
'!^http://\w+\.wikihow\.com/!',
|
|
||||||
'!^http://\w+\.wikipedia\.org/!',
|
|
||||||
),
|
|
||||||
));
|
|
||||||
|
|
||||||
Todo:
|
|
||||||
* add a more visible indicator that validation is still outstanding
|
|
||||||
* test with XMPP, API posting
|
|
33
plugins/RequireValidatedEmail/README.md
Normal file
33
plugins/RequireValidatedEmail/README.md
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
This plugin disables posting for accounts that do not have a
|
||||||
|
validated email address.
|
||||||
|
|
||||||
|
Example:
|
||||||
|
```
|
||||||
|
addPlugin('RequireValidatedEmail');
|
||||||
|
```
|
||||||
|
|
||||||
|
If you don't want to apply the validation equirement to existing accounts, you
|
||||||
|
can specify a date users registered before which are exempted from validation.
|
||||||
|
```
|
||||||
|
addPlugin('RequireValidatedEmail', [
|
||||||
|
'exemptBefore' => '2009-12-07',
|
||||||
|
]);
|
||||||
|
```
|
||||||
|
|
||||||
|
You can also exclude the validation checks from OpenID accounts
|
||||||
|
connected to a trusted provider, by providing a list of regular
|
||||||
|
expressions to match their provider URLs.
|
||||||
|
|
||||||
|
For example, to trust WikiHow and Wikipedia users:
|
||||||
|
```
|
||||||
|
addPlugin('RequireValidatedEmailPlugin', [
|
||||||
|
'trustedOpenIDs' => [
|
||||||
|
'!^https?://\w+\.wikihow\.com/!',
|
||||||
|
'!^https?://\w+\.wikipedia\.org/!',
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
```
|
||||||
|
|
||||||
|
Todo:
|
||||||
|
* add a more visible indicator that validation is still outstanding
|
||||||
|
* test with XMPP, API posting
|
@ -44,9 +44,11 @@ class RequireValidatedEmailPlugin extends Plugin
|
|||||||
const PLUGIN_VERSION = '2.0.0';
|
const PLUGIN_VERSION = '2.0.0';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Users created before this time will be grandfathered in
|
* Users created before this date will be exempted
|
||||||
* without the validation requirement.
|
* without the validation requirement.
|
||||||
*/
|
*/
|
||||||
|
public $exemptBefore = null;
|
||||||
|
// Alternative more obscure term for exemption dates
|
||||||
public $grandfatherCutoff = null;
|
public $grandfatherCutoff = null;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -56,14 +58,14 @@ class RequireValidatedEmailPlugin extends Plugin
|
|||||||
*
|
*
|
||||||
* For example, to trust WikiHow and Wikipedia OpenID users:
|
* For example, to trust WikiHow and Wikipedia OpenID users:
|
||||||
*
|
*
|
||||||
* addPlugin('RequireValidatedEmailPlugin', array(
|
* addPlugin('RequireValidatedEmailPlugin', [
|
||||||
* 'trustedOpenIDs' => array(
|
* 'trustedOpenIDs' => [
|
||||||
* '!^http://\w+\.wikihow\.com/!',
|
* '!^https?://\w+\.wikihow\.com/!',
|
||||||
* '!^http://\w+\.wikipedia\.org/!',
|
* '!^https?://\w+\.wikipedia\.org/!',
|
||||||
* ),
|
* ],
|
||||||
* ));
|
* ]);
|
||||||
*/
|
*/
|
||||||
public $trustedOpenIDs = array();
|
public $trustedOpenIDs = [];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Whether or not to disallow login for unvalidated users.
|
* Whether or not to disallow login for unvalidated users.
|
||||||
@ -95,6 +97,12 @@ class RequireValidatedEmailPlugin extends Plugin
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
$user = $author->getUser();
|
$user = $author->getUser();
|
||||||
|
|
||||||
|
if ($user !== common_current_user()) {
|
||||||
|
// Not the current user, must be legitimate (like welcomeuser)
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
if (!$this->validated($user)) {
|
if (!$this->validated($user)) {
|
||||||
// TRANS: Client exception thrown when trying to post notices before validating an e-mail address.
|
// TRANS: Client exception thrown when trying to post notices before validating an e-mail address.
|
||||||
$msg = _m('You must validate your email address before posting.');
|
$msg = _m('You must validate your email address before posting.');
|
||||||
@ -124,20 +132,22 @@ class RequireValidatedEmailPlugin extends Plugin
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if a user has a validated email address or has been
|
* Check if a user has a validated email address or was
|
||||||
* otherwise grandfathered in.
|
* otherwise exempted.
|
||||||
*
|
*
|
||||||
* @param User $user User to valide
|
* @param User $user User to valide
|
||||||
*
|
*
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
protected function validated(User $user)
|
protected function validated(User $user): bool
|
||||||
{
|
{
|
||||||
// The email field is only stored after validation...
|
// The email field is only stored after validation...
|
||||||
// Until then you'll find them in confirm_address.
|
// Until then you'll find them in confirm_address.
|
||||||
$knownGood = !empty($user->email) ||
|
$knownGood = (
|
||||||
$this->grandfathered($user) ||
|
!empty($user->email)
|
||||||
$this->hasTrustedOpenID($user);
|
|| $this->exempted($user)
|
||||||
|
|| $this->hasTrustedOpenID($user)
|
||||||
|
);
|
||||||
|
|
||||||
// Give other plugins a chance to override, if they can validate
|
// Give other plugins a chance to override, if they can validate
|
||||||
// that somebody's ok despite a non-validated email.
|
// that somebody's ok despite a non-validated email.
|
||||||
@ -152,19 +162,22 @@ class RequireValidatedEmailPlugin extends Plugin
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if a user was created before the grandfathering cutoff.
|
* Check if a user was created before the exemption date.
|
||||||
* If so, we won't need to check for validation.
|
* If so, we won't need to check for validation.
|
||||||
*
|
*
|
||||||
* @param User $user User to check
|
* @param User $user User to check
|
||||||
*
|
*
|
||||||
* @return bool true if user is grandfathered
|
* @return bool true if user is exempted
|
||||||
*/
|
*/
|
||||||
protected function grandfathered(User $user)
|
protected function exempted(User $user): bool
|
||||||
{
|
{
|
||||||
if ($this->grandfatherCutoff) {
|
$exempt_before = ($this->exemptBefore ?? $this->grandfatherCutoff);
|
||||||
$created = strtotime($user->created . " GMT");
|
|
||||||
$cutoff = strtotime($this->grandfatherCutoff);
|
if (!empty($exempt_before)) {
|
||||||
if ($created < $cutoff) {
|
$utc_timezone = new DateTimeZone('UTC');
|
||||||
|
$created_date = new DateTime($user->created, $utc_timezone);
|
||||||
|
$exempt_date = new DateTime($exempt_before, $utc_timezone);
|
||||||
|
if ($created_date < $exempt_date) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user