From 7cb10b71bb3d69cad465d5bf64f025d800e74ff2 Mon Sep 17 00:00:00 2001 From: Alexei Sorokin Date: Sun, 9 Aug 2020 23:58:25 +0300 Subject: [PATCH] [RequireValidatedEmail] Only check current user posts This check made registration impossible when welcomeuser didn't have validation as well. And rename the "grandfatherCutoff" option to "exemptBefore". "Grandfathering" is a relatively obscure term linked to the history of the United States of America, so replace that with something self-descriptive. --- plugins/RequireValidatedEmail/README | 30 ---------- plugins/RequireValidatedEmail/README.md | 33 +++++++++++ .../RequireValidatedEmailPlugin.php | 55 ++++++++++++------- 3 files changed, 67 insertions(+), 51 deletions(-) delete mode 100644 plugins/RequireValidatedEmail/README create mode 100644 plugins/RequireValidatedEmail/README.md diff --git a/plugins/RequireValidatedEmail/README b/plugins/RequireValidatedEmail/README deleted file mode 100644 index 326e19c28a..0000000000 --- a/plugins/RequireValidatedEmail/README +++ /dev/null @@ -1,30 +0,0 @@ -This plugin disables posting for accounts that do not have a -validated email address. - -Example: - - addPlugin('RequireValidatedEmail'); - -If you don't want to apply the validationr equirement to existing -accounts, you can specify a cutoff date to grandfather in users -registered prior to that timestamp. - - addPlugin('RequireValidatedEmail', - array('grandfatherCutoff' => 'Dec 7, 2009'); - -You can also exclude the validation checks from OpenID accounts -connected to a trusted provider, by providing a list of regular -expressions to match their provider URLs. - -For example, to trust WikiHow and Wikipedia users: - - addPlugin('RequireValidatedEmailPlugin', array( - 'trustedOpenIDs' => array( - '!^http://\w+\.wikihow\.com/!', - '!^http://\w+\.wikipedia\.org/!', - ), - )); - -Todo: -* add a more visible indicator that validation is still outstanding -* test with XMPP, API posting diff --git a/plugins/RequireValidatedEmail/README.md b/plugins/RequireValidatedEmail/README.md new file mode 100644 index 0000000000..e3babf0ccd --- /dev/null +++ b/plugins/RequireValidatedEmail/README.md @@ -0,0 +1,33 @@ +This plugin disables posting for accounts that do not have a +validated email address. + +Example: +``` + addPlugin('RequireValidatedEmail'); +``` + +If you don't want to apply the validation equirement to existing accounts, you +can specify a date users registered before which are exempted from validation. +``` + addPlugin('RequireValidatedEmail', [ + 'exemptBefore' => '2009-12-07', + ]); +``` + +You can also exclude the validation checks from OpenID accounts +connected to a trusted provider, by providing a list of regular +expressions to match their provider URLs. + +For example, to trust WikiHow and Wikipedia users: +``` + addPlugin('RequireValidatedEmailPlugin', [ + 'trustedOpenIDs' => [ + '!^https?://\w+\.wikihow\.com/!', + '!^https?://\w+\.wikipedia\.org/!', + ], + ]); +``` + +Todo: + * add a more visible indicator that validation is still outstanding + * test with XMPP, API posting diff --git a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php index 6cefe226c6..f7557e6c4c 100644 --- a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php +++ b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php @@ -44,9 +44,11 @@ class RequireValidatedEmailPlugin extends Plugin const PLUGIN_VERSION = '2.0.0'; /** - * Users created before this time will be grandfathered in + * Users created before this date will be exempted * without the validation requirement. */ + public $exemptBefore = null; + // Alternative more obscure term for exemption dates public $grandfatherCutoff = null; /** @@ -56,14 +58,14 @@ class RequireValidatedEmailPlugin extends Plugin * * For example, to trust WikiHow and Wikipedia OpenID users: * - * addPlugin('RequireValidatedEmailPlugin', array( - * 'trustedOpenIDs' => array( - * '!^http://\w+\.wikihow\.com/!', - * '!^http://\w+\.wikipedia\.org/!', - * ), - * )); + * addPlugin('RequireValidatedEmailPlugin', [ + * 'trustedOpenIDs' => [ + * '!^https?://\w+\.wikihow\.com/!', + * '!^https?://\w+\.wikipedia\.org/!', + * ], + * ]); */ - public $trustedOpenIDs = array(); + public $trustedOpenIDs = []; /** * Whether or not to disallow login for unvalidated users. @@ -95,6 +97,12 @@ class RequireValidatedEmailPlugin extends Plugin return true; } $user = $author->getUser(); + + if ($user !== common_current_user()) { + // Not the current user, must be legitimate (like welcomeuser) + return true; + } + if (!$this->validated($user)) { // TRANS: Client exception thrown when trying to post notices before validating an e-mail address. $msg = _m('You must validate your email address before posting.'); @@ -124,20 +132,22 @@ class RequireValidatedEmailPlugin extends Plugin } /** - * Check if a user has a validated email address or has been - * otherwise grandfathered in. + * Check if a user has a validated email address or was + * otherwise exempted. * * @param User $user User to valide * * @return bool */ - protected function validated(User $user) + protected function validated(User $user): bool { // The email field is only stored after validation... // Until then you'll find them in confirm_address. - $knownGood = !empty($user->email) || - $this->grandfathered($user) || - $this->hasTrustedOpenID($user); + $knownGood = ( + !empty($user->email) + || $this->exempted($user) + || $this->hasTrustedOpenID($user) + ); // Give other plugins a chance to override, if they can validate // that somebody's ok despite a non-validated email. @@ -152,19 +162,22 @@ class RequireValidatedEmailPlugin extends Plugin } /** - * Check if a user was created before the grandfathering cutoff. + * Check if a user was created before the exemption date. * If so, we won't need to check for validation. * * @param User $user User to check * - * @return bool true if user is grandfathered + * @return bool true if user is exempted */ - protected function grandfathered(User $user) + protected function exempted(User $user): bool { - if ($this->grandfatherCutoff) { - $created = strtotime($user->created . " GMT"); - $cutoff = strtotime($this->grandfatherCutoff); - if ($created < $cutoff) { + $exempt_before = ($this->exemptBefore ?? $this->grandfatherCutoff); + + if (!empty($exempt_before)) { + $utc_timezone = new DateTimeZone('UTC'); + $created_date = new DateTime($user->created, $utc_timezone); + $exempt_date = new DateTime($exempt_before, $utc_timezone); + if ($created_date < $exempt_date) { return true; } }