diff --git a/actions/confirmaddress.php b/actions/confirmaddress.php index 806851001e..9ac6848d7a 100644 --- a/actions/confirmaddress.php +++ b/actions/confirmaddress.php @@ -27,9 +27,7 @@ * @link http://status.net/ */ -if (!defined('STATUSNET') && !defined('LACONICA')) { - exit(1); -} +if (!defined('GNUSOCIAL')) { exit(1); } /** * Confirm an address @@ -44,25 +42,14 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ -class ConfirmaddressAction extends Action +class ConfirmaddressAction extends ManagedAction { /** type of confirmation. */ - var $address; + protected $address; - /** - * Accept a confirmation code - * - * Checks the code and confirms the address in the - * user record - * - * @param args $args $_REQUEST array - * - * @return void - */ - function handle($args) + protected function doPreparation() { - parent::handle($args); if (!common_logged_in()) { common_set_returnto($this->selfUrl()); common_redirect(common_local_url('login')); @@ -70,32 +57,45 @@ class ConfirmaddressAction extends Action $code = $this->trimmed('code'); if (!$code) { // TRANS: Client error displayed when not providing a confirmation code in the contact address confirmation action. - $this->clientError(_('No confirmation code.')); + throw new ClientException(_('No confirmation code.')); } $confirm = Confirm_address::getKV('code', $code); - if (!$confirm) { + if (!$confirm instanceof Confirm_address) { // TRANS: Client error displayed when providing a non-existing confirmation code in the contact address confirmation action. - $this->clientError(_('Confirmation code not found.')); + throw new ClientException(_('Confirmation code not found.'), 404); } - $cur = common_current_user(); - if ($cur->id != $confirm->user_id) { + + try { + $profile = Profile::getByID($confirm->user_id); + } catch (NoResultException $e) { + common_log(LOG_INFO, 'Tried to confirm the email for a deleted profile: '._ve(['id'=>$confirm->user_id, 'email'=>$confirm->address])); + $confirm->delete(); + throw $e; + } + if (!$profile->sameAs($this->scoped)) { // TRANS: Client error displayed when not providing a confirmation code for another user in the contact address confirmation action. - $this->clientError(_('That confirmation code is not for you!')); + throw new AuthorizationException(_('That confirmation code is not for you!')); } + $type = $confirm->address_type; $transports = array(); Event::handle('GetImTransports', array(&$transports)); if (!in_array($type, array('email', 'sms')) && !in_array($type, array_keys($transports))) { // TRANS: Server error for an unknown address type, which can be 'email', 'sms', or the name of an IM network (such as 'xmpp' or 'aim') - $this->serverError(sprintf(_('Unrecognized address type %s'), $type)); + throw new ServerException(sprintf(_('Unrecognized address type %s'), $type)); } $this->address = $confirm->address; + + $cur = $this->scoped->getUser(); + $cur->query('BEGIN'); - if (in_array($type, array('email', 'sms'))) - { + if (in_array($type, array('email', 'sms'))) { + common_debug("Confirming {$type} address for user {$this->scoped->getID()}"); if ($cur->$type == $confirm->address) { + // Already verified, so delete the confirm_address entry + $confirm->delete(); // TRANS: Client error for an already confirmed email/jabber/sms address. - $this->clientError(_('That address has already been confirmed.')); + throw new AlreadyFulfilledException(_('That address has already been confirmed.')); } $orig_user = clone($cur); @@ -122,16 +122,18 @@ class ConfirmaddressAction extends Action $user_im_prefs->user_id = $cur->id; if ($user_im_prefs->find() && $user_im_prefs->fetch()) { if($user_im_prefs->screenname == $confirm->address){ + // Already verified, so delete the confirm_address entry + $confirm->delete(); // TRANS: Client error for an already confirmed IM address. - $this->clientError(_('That address has already been confirmed.')); + throw new AlreadyFulfilledException(_('That address has already been confirmed.')); } $user_im_prefs->screenname = $confirm->address; $result = $user_im_prefs->update(); - if (!$result) { + if ($result === false) { common_log_db_error($user_im_prefs, 'UPDATE', __FILE__); // TRANS: Server error displayed when updating IM preferences fails. - $this->serverError(_('Could not update user IM preferences.')); + throw new ServerException(_('Could not update user IM preferences.')); } }else{ $user_im_prefs = new User_im_prefs(); @@ -140,26 +142,18 @@ class ConfirmaddressAction extends Action $user_im_prefs->user_id = $cur->id; $result = $user_im_prefs->insert(); - if (!$result) { + if ($result === false) { common_log_db_error($user_im_prefs, 'INSERT', __FILE__); // TRANS: Server error displayed when adding IM preferences fails. - $this->serverError(_('Could not insert user IM preferences.')); + throw new ServerException(_('Could not insert user IM preferences.')); } } } - $result = $confirm->delete(); - - if (!$result) { - common_log_db_error($confirm, 'DELETE', __FILE__); - // TRANS: Server error displayed when an address confirmation code deletion from the - // TRANS: database fails in the contact address confirmation action. - $this->serverError(_('Could not delete address confirmation.')); - } + $confirm->delete(); $cur->query('COMMIT'); - $this->showPage(); } /** @@ -180,8 +174,6 @@ class ConfirmaddressAction extends Action */ function showContent() { - $cur = common_current_user(); - $this->element('p', null, // TRANS: Success message for the contact address confirmation action. // TRANS: %s can be 'email', 'jabber', or 'sms'. diff --git a/actions/emailsettings.php b/actions/emailsettings.php index c02f1cdfad..7384b3630d 100644 --- a/actions/emailsettings.php +++ b/actions/emailsettings.php @@ -401,13 +401,7 @@ class EmailsettingsAction extends SettingsAction throw new AlreadyFulfilledException(_('No pending confirmation to cancel.')); } - $result = $confirm->delete(); - - if ($result === false) { - common_log_db_error($confirm, 'DELETE', __FILE__); - // TRANS: Server error thrown on database error canceling e-mail address confirmation. - throw new ServerException(_('Could not delete email confirmation.')); - } + $confirm->delete(); // TRANS: Message given after successfully canceling e-mail address confirmation. return _('Email confirmation cancelled.'); diff --git a/actions/imsettings.php b/actions/imsettings.php index 40bea10e68..80f7f78770 100644 --- a/actions/imsettings.php +++ b/actions/imsettings.php @@ -359,13 +359,7 @@ class ImsettingsAction extends SettingsAction throw new AlreadyFulfilledException(_('No pending confirmation to cancel.')); } - $result = $confirm->delete(); - - if ($result === false) { - common_log_db_error($confirm, 'DELETE', __FILE__); - // TRANS: Server error thrown on database error canceling IM address confirmation. - throw new ServerException(_('Could not delete confirmation.')); - } + $confirm->delete(); // TRANS: Message given after successfully canceling IM address confirmation. return _('IM confirmation cancelled.'); diff --git a/actions/recoverpassword.php b/actions/recoverpassword.php index a3a5b8e5bc..d19ed4693c 100644 --- a/actions/recoverpassword.php +++ b/actions/recoverpassword.php @@ -79,13 +79,7 @@ class RecoverpasswordAction extends Action // Burn this code - $result = $confirm->delete(); - - if (!$result) { - common_log_db_error($confirm, 'DELETE', __FILE__); - // TRANS: Server error displayed removing a password recovery code from the database. - $this->serverError(_('Error with confirmation code.')); - } + $confirm->delete(); // These should be reaped, but for now we just check mod time // Note: it's still deleted; let's avoid a second attempt! diff --git a/actions/smssettings.php b/actions/smssettings.php index ca6a7d04ef..c002474ce2 100644 --- a/actions/smssettings.php +++ b/actions/smssettings.php @@ -368,13 +368,7 @@ class SmssettingsAction extends SettingsAction throw new AlreadyFulfilledException(_('No pending confirmation to cancel.')); } - $result = $confirm->delete(); - - if ($result === false) { - common_log_db_error($confirm, 'DELETE', __FILE__); - // TRANS: Server error thrown on database error canceling SMS phone number confirmation. - throw new ServerException(_('Could not delete SMS confirmation.')); - } + $confirm->delete(); // TRANS: Message given after successfully canceling SMS phone number confirmation. return _('SMS confirmation cancelled.'); diff --git a/classes/Confirm_address.php b/classes/Confirm_address.php index 97e1a75dab..9bb56cef9c 100644 --- a/classes/Confirm_address.php +++ b/classes/Confirm_address.php @@ -66,4 +66,17 @@ class Confirm_address extends Managed_DataObject return $ca; } + + public function delete($useWhere=false) + { + $result = parent::delete($useWhere); + + if ($result === false) { + common_log_db_error($confirm, 'DELETE', __FILE__); + // TRANS: Server error displayed when an address confirmation code deletion from the + // TRANS: database fails in the contact address confirmation action. + throw new ServerException(_('Could not delete address confirmation.')); + } + return $result; + } }