[RequireValidatedEmail] Only check current user posts
This check made registration impossible when welcomeuser didn't have validation as well. And rename the "grandfatherCutoff" option to "exemptBefore". "Grandfathering" is a relatively obscure term linked to the history of the United States of America, so replace that with something self-descriptive.
This commit is contained in:
parent
2de195d20c
commit
024f5fe3a8
@ -1,30 +0,0 @@
|
||||
This plugin disables posting for accounts that do not have a
|
||||
validated email address.
|
||||
|
||||
Example:
|
||||
|
||||
addPlugin('RequireValidatedEmail');
|
||||
|
||||
If you don't want to apply the validationr equirement to existing
|
||||
accounts, you can specify a cutoff date to grandfather in users
|
||||
registered prior to that timestamp.
|
||||
|
||||
addPlugin('RequireValidatedEmail',
|
||||
array('grandfatherCutoff' => 'Dec 7, 2009');
|
||||
|
||||
You can also exclude the validation checks from OpenID accounts
|
||||
connected to a trusted provider, by providing a list of regular
|
||||
expressions to match their provider URLs.
|
||||
|
||||
For example, to trust WikiHow and Wikipedia users:
|
||||
|
||||
addPlugin('RequireValidatedEmailPlugin', array(
|
||||
'trustedOpenIDs' => array(
|
||||
'!^http://\w+\.wikihow\.com/!',
|
||||
'!^http://\w+\.wikipedia\.org/!',
|
||||
),
|
||||
));
|
||||
|
||||
Todo:
|
||||
* add a more visible indicator that validation is still outstanding
|
||||
* test with XMPP, API posting
|
33
plugins/RequireValidatedEmail/README.md
Normal file
33
plugins/RequireValidatedEmail/README.md
Normal file
@ -0,0 +1,33 @@
|
||||
This plugin disables posting for accounts that do not have a
|
||||
validated email address.
|
||||
|
||||
Example:
|
||||
```
|
||||
addPlugin('RequireValidatedEmail');
|
||||
```
|
||||
|
||||
If you don't want to apply the validation equirement to existing accounts, you
|
||||
can specify a date users registered before which are exempted from validation.
|
||||
```
|
||||
addPlugin('RequireValidatedEmail', [
|
||||
'exemptBefore' => '2009-12-07',
|
||||
]);
|
||||
```
|
||||
|
||||
You can also exclude the validation checks from OpenID accounts
|
||||
connected to a trusted provider, by providing a list of regular
|
||||
expressions to match their provider URLs.
|
||||
|
||||
For example, to trust WikiHow and Wikipedia users:
|
||||
```
|
||||
addPlugin('RequireValidatedEmailPlugin', [
|
||||
'trustedOpenIDs' => [
|
||||
'!^https?://\w+\.wikihow\.com/!',
|
||||
'!^https?://\w+\.wikipedia\.org/!',
|
||||
],
|
||||
]);
|
||||
```
|
||||
|
||||
Todo:
|
||||
* add a more visible indicator that validation is still outstanding
|
||||
* test with XMPP, API posting
|
@ -44,9 +44,11 @@ class RequireValidatedEmailPlugin extends Plugin
|
||||
const PLUGIN_VERSION = '2.0.0';
|
||||
|
||||
/**
|
||||
* Users created before this time will be grandfathered in
|
||||
* Users created before this date will be exempted
|
||||
* without the validation requirement.
|
||||
*/
|
||||
public $exemptBefore = null;
|
||||
// Alternative more obscure term for exemption dates
|
||||
public $grandfatherCutoff = null;
|
||||
|
||||
/**
|
||||
@ -56,14 +58,14 @@ class RequireValidatedEmailPlugin extends Plugin
|
||||
*
|
||||
* For example, to trust WikiHow and Wikipedia OpenID users:
|
||||
*
|
||||
* addPlugin('RequireValidatedEmailPlugin', array(
|
||||
* 'trustedOpenIDs' => array(
|
||||
* '!^http://\w+\.wikihow\.com/!',
|
||||
* '!^http://\w+\.wikipedia\.org/!',
|
||||
* ),
|
||||
* ));
|
||||
* addPlugin('RequireValidatedEmailPlugin', [
|
||||
* 'trustedOpenIDs' => [
|
||||
* '!^https?://\w+\.wikihow\.com/!',
|
||||
* '!^https?://\w+\.wikipedia\.org/!',
|
||||
* ],
|
||||
* ]);
|
||||
*/
|
||||
public $trustedOpenIDs = array();
|
||||
public $trustedOpenIDs = [];
|
||||
|
||||
/**
|
||||
* Whether or not to disallow login for unvalidated users.
|
||||
@ -95,6 +97,12 @@ class RequireValidatedEmailPlugin extends Plugin
|
||||
return true;
|
||||
}
|
||||
$user = $author->getUser();
|
||||
|
||||
if ($user !== common_current_user()) {
|
||||
// Not the current user, must be legitimate (like welcomeuser)
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!$this->validated($user)) {
|
||||
// TRANS: Client exception thrown when trying to post notices before validating an e-mail address.
|
||||
$msg = _m('You must validate your email address before posting.');
|
||||
@ -124,20 +132,22 @@ class RequireValidatedEmailPlugin extends Plugin
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a user has a validated email address or has been
|
||||
* otherwise grandfathered in.
|
||||
* Check if a user has a validated email address or was
|
||||
* otherwise exempted.
|
||||
*
|
||||
* @param User $user User to valide
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function validated(User $user)
|
||||
protected function validated(User $user): bool
|
||||
{
|
||||
// The email field is only stored after validation...
|
||||
// Until then you'll find them in confirm_address.
|
||||
$knownGood = !empty($user->email) ||
|
||||
$this->grandfathered($user) ||
|
||||
$this->hasTrustedOpenID($user);
|
||||
$knownGood = (
|
||||
!empty($user->email)
|
||||
|| $this->exempted($user)
|
||||
|| $this->hasTrustedOpenID($user)
|
||||
);
|
||||
|
||||
// Give other plugins a chance to override, if they can validate
|
||||
// that somebody's ok despite a non-validated email.
|
||||
@ -152,19 +162,22 @@ class RequireValidatedEmailPlugin extends Plugin
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a user was created before the grandfathering cutoff.
|
||||
* Check if a user was created before the exemption date.
|
||||
* If so, we won't need to check for validation.
|
||||
*
|
||||
* @param User $user User to check
|
||||
*
|
||||
* @return bool true if user is grandfathered
|
||||
* @return bool true if user is exempted
|
||||
*/
|
||||
protected function grandfathered(User $user)
|
||||
protected function exempted(User $user): bool
|
||||
{
|
||||
if ($this->grandfatherCutoff) {
|
||||
$created = strtotime($user->created . " GMT");
|
||||
$cutoff = strtotime($this->grandfatherCutoff);
|
||||
if ($created < $cutoff) {
|
||||
$exempt_before = ($this->exemptBefore ?? $this->grandfatherCutoff);
|
||||
|
||||
if (!empty($exempt_before)) {
|
||||
$utc_timezone = new DateTimeZone('UTC');
|
||||
$created_date = new DateTime($user->created, $utc_timezone);
|
||||
$exempt_date = new DateTime($exempt_before, $utc_timezone);
|
||||
if ($created_date < $exempt_date) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user