Add config option for RequireValidatedEmail plugin to skip the check for folks with a trusted OpenID association.

Also added an event that other plugins or local config can use to override the checks.
2010-05-19 15:12:39 -07:00 · 2010-05-19 15:12:39 -07:00 · 223795a2e4
parent 74a89b1fc3
commit 223795a2e4
2 changed files with 59 additions and 5 deletions
--- a/plugins/RequireValidatedEmail/README
+++ b/plugins/RequireValidatedEmail/README
@ -12,6 +12,20 @@ registered prior to that timestamp.
  addPlugin('RequireValidatedEmail',
            array('grandfatherCutoff' => 'Dec 7, 2009');

+You can also exclude the validation checks from OpenID accounts
+connected to a trusted provider, by providing a list of regular
+expressions to match their provider URLs.
+
+For example, to trust WikiHow and Wikipedia users:
+
+  addPlugin('RequireValidatedEmailPlugin', array(
+     'trustedOpenIDs' => array(
+         '!^http://\w+\.wikihow\.com/!',
+         '!^http://\w+\.wikipedia\.org/!',
+     ),
+  ));
+
+

 Todo:
 * add a more visible indicator that validation is still outstanding
--- a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php
+++ b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php
@ -37,6 +37,20 @@ class RequireValidatedEmailPlugin extends Plugin
    // without the validation requirement.
    public $grandfatherCutoff=null;

+    // If OpenID plugin is installed, users with a verified OpenID
+    // association whose provider URL matches one of these regexes
+    // will be considered to be sufficiently valid for our needs.
+    //
+    // For example, to trust WikiHow and Wikipedia OpenID users:
+    //
+    // addPlugin('RequireValidatedEmailPlugin', array(
+    //    'trustedOpenIDs' => array(
+    //        '!^http://\w+\.wikihow\.com/!',
+    //        '!^http://\w+\.wikipedia\.org/!',
+    //    ),
+    // ));
+    public $trustedOpenIDs=array();
+
    function __construct()
    {
        parent::__construct();
@ -90,13 +104,17 @@ class RequireValidatedEmailPlugin extends Plugin
     */
    protected function validated($user)
    {
-        if ($this->grandfathered($user)) {
-            return true;
-        }
-
        // The email field is only stored after validation...
        // Until then you'll find them in confirm_address.
-        return !empty($user->email);
+        $knownGood = !empty($user->email) ||
+                     $this->grandfathered($user) ||
+                     $this->hasTrustedOpenID($user);
+
+        // Give other plugins a chance to override, if they can validate
+        // that somebody's ok despite a non-validated email.
+        Event::handle('RequireValidatedEmailPlugin_Override', array($user, &$knownGood));
+
+        return $knownGood;
    }

    /**
@ -118,6 +136,28 @@ class RequireValidatedEmailPlugin extends Plugin
        return false;
    }

+    /**
+     * Override for RequireValidatedEmail plugin. If we have a user who's
+     * not validated an e-mail, but did come from a trusted provider,
+     * we'll consider them ok.
+     */
+    function hasTrustedOpenID($user)
+    {
+        if ($this->trustedOpenIDs && class_exists('User_openid')) {
+            foreach ($this->trustedOpenIDs as $regex) {
+                $oid = new User_openid();
+                $oid->user_id = $user->id;
+                $oid->find();
+                while ($oid->fetch()) {
+                    if (preg_match($regex, $oid->canonical)) {
+                        return true;
+                    }
+                }
+            }
+        }
+        return false;
+    }
+
    function onPluginVersion(&$versions)
    {
        $versions[] = array('name' => 'Require Validated Email',