Add config option for RequireValidatedEmail plugin to skip the check for folks with a trusted OpenID association.

Also added an event that other plugins or local config can use to override the checks.
This commit is contained in:
Brion Vibber 2010-05-19 15:12:39 -07:00
parent 74a89b1fc3
commit 223795a2e4
2 changed files with 59 additions and 5 deletions

View File

@ -12,6 +12,20 @@ registered prior to that timestamp.
addPlugin('RequireValidatedEmail',
array('grandfatherCutoff' => 'Dec 7, 2009');
You can also exclude the validation checks from OpenID accounts
connected to a trusted provider, by providing a list of regular
expressions to match their provider URLs.
For example, to trust WikiHow and Wikipedia users:
addPlugin('RequireValidatedEmailPlugin', array(
'trustedOpenIDs' => array(
'!^http://\w+\.wikihow\.com/!',
'!^http://\w+\.wikipedia\.org/!',
),
));
Todo:
* add a more visible indicator that validation is still outstanding

View File

@ -37,6 +37,20 @@ class RequireValidatedEmailPlugin extends Plugin
// without the validation requirement.
public $grandfatherCutoff=null;
// If OpenID plugin is installed, users with a verified OpenID
// association whose provider URL matches one of these regexes
// will be considered to be sufficiently valid for our needs.
//
// For example, to trust WikiHow and Wikipedia OpenID users:
//
// addPlugin('RequireValidatedEmailPlugin', array(
// 'trustedOpenIDs' => array(
// '!^http://\w+\.wikihow\.com/!',
// '!^http://\w+\.wikipedia\.org/!',
// ),
// ));
public $trustedOpenIDs=array();
function __construct()
{
parent::__construct();
@ -90,13 +104,17 @@ class RequireValidatedEmailPlugin extends Plugin
*/
protected function validated($user)
{
if ($this->grandfathered($user)) {
return true;
}
// The email field is only stored after validation...
// Until then you'll find them in confirm_address.
return !empty($user->email);
$knownGood = !empty($user->email) ||
$this->grandfathered($user) ||
$this->hasTrustedOpenID($user);
// Give other plugins a chance to override, if they can validate
// that somebody's ok despite a non-validated email.
Event::handle('RequireValidatedEmailPlugin_Override', array($user, &$knownGood));
return $knownGood;
}
/**
@ -118,6 +136,28 @@ class RequireValidatedEmailPlugin extends Plugin
return false;
}
/**
* Override for RequireValidatedEmail plugin. If we have a user who's
* not validated an e-mail, but did come from a trusted provider,
* we'll consider them ok.
*/
function hasTrustedOpenID($user)
{
if ($this->trustedOpenIDs && class_exists('User_openid')) {
foreach ($this->trustedOpenIDs as $regex) {
$oid = new User_openid();
$oid->user_id = $user->id;
$oid->find();
while ($oid->fetch()) {
if (preg_match($regex, $oid->canonical)) {
return true;
}
}
}
}
return false;
}
function onPluginVersion(&$versions)
{
$versions[] = array('name' => 'Require Validated Email',