[RequireValidatedEmail] Only check current user posts

This check made registration impossible when welcomeuser didn't have validation
as well.

And rename the "grandfatherCutoff" option to "exemptBefore".
"Grandfathering" is a relatively obscure term linked to the history of the
United States of America, so replace that with something self-descriptive.
This commit is contained in:
Alexei Sorokin 2020-08-09 23:58:25 +03:00
parent 47cacf5f1a
commit 7cb10b71bb
3 changed files with 67 additions and 51 deletions

View File

@ -1,30 +0,0 @@
This plugin disables posting for accounts that do not have a
validated email address.
Example:
addPlugin('RequireValidatedEmail');
If you don't want to apply the validationr equirement to existing
accounts, you can specify a cutoff date to grandfather in users
registered prior to that timestamp.
addPlugin('RequireValidatedEmail',
array('grandfatherCutoff' => 'Dec 7, 2009');
You can also exclude the validation checks from OpenID accounts
connected to a trusted provider, by providing a list of regular
expressions to match their provider URLs.
For example, to trust WikiHow and Wikipedia users:
addPlugin('RequireValidatedEmailPlugin', array(
'trustedOpenIDs' => array(
'!^http://\w+\.wikihow\.com/!',
'!^http://\w+\.wikipedia\.org/!',
),
));
Todo:
* add a more visible indicator that validation is still outstanding
* test with XMPP, API posting

View File

@ -0,0 +1,33 @@
This plugin disables posting for accounts that do not have a
validated email address.
Example:
```
addPlugin('RequireValidatedEmail');
```
If you don't want to apply the validation equirement to existing accounts, you
can specify a date users registered before which are exempted from validation.
```
addPlugin('RequireValidatedEmail', [
'exemptBefore' => '2009-12-07',
]);
```
You can also exclude the validation checks from OpenID accounts
connected to a trusted provider, by providing a list of regular
expressions to match their provider URLs.
For example, to trust WikiHow and Wikipedia users:
```
addPlugin('RequireValidatedEmailPlugin', [
'trustedOpenIDs' => [
'!^https?://\w+\.wikihow\.com/!',
'!^https?://\w+\.wikipedia\.org/!',
],
]);
```
Todo:
* add a more visible indicator that validation is still outstanding
* test with XMPP, API posting

View File

@ -44,9 +44,11 @@ class RequireValidatedEmailPlugin extends Plugin
const PLUGIN_VERSION = '2.0.0';
/**
* Users created before this time will be grandfathered in
* Users created before this date will be exempted
* without the validation requirement.
*/
public $exemptBefore = null;
// Alternative more obscure term for exemption dates
public $grandfatherCutoff = null;
/**
@ -56,14 +58,14 @@ class RequireValidatedEmailPlugin extends Plugin
*
* For example, to trust WikiHow and Wikipedia OpenID users:
*
* addPlugin('RequireValidatedEmailPlugin', array(
* 'trustedOpenIDs' => array(
* '!^http://\w+\.wikihow\.com/!',
* '!^http://\w+\.wikipedia\.org/!',
* ),
* ));
* addPlugin('RequireValidatedEmailPlugin', [
* 'trustedOpenIDs' => [
* '!^https?://\w+\.wikihow\.com/!',
* '!^https?://\w+\.wikipedia\.org/!',
* ],
* ]);
*/
public $trustedOpenIDs = array();
public $trustedOpenIDs = [];
/**
* Whether or not to disallow login for unvalidated users.
@ -95,6 +97,12 @@ class RequireValidatedEmailPlugin extends Plugin
return true;
}
$user = $author->getUser();
if ($user !== common_current_user()) {
// Not the current user, must be legitimate (like welcomeuser)
return true;
}
if (!$this->validated($user)) {
// TRANS: Client exception thrown when trying to post notices before validating an e-mail address.
$msg = _m('You must validate your email address before posting.');
@ -124,20 +132,22 @@ class RequireValidatedEmailPlugin extends Plugin
}
/**
* Check if a user has a validated email address or has been
* otherwise grandfathered in.
* Check if a user has a validated email address or was
* otherwise exempted.
*
* @param User $user User to valide
*
* @return bool
*/
protected function validated(User $user)
protected function validated(User $user): bool
{
// The email field is only stored after validation...
// Until then you'll find them in confirm_address.
$knownGood = !empty($user->email) ||
$this->grandfathered($user) ||
$this->hasTrustedOpenID($user);
$knownGood = (
!empty($user->email)
|| $this->exempted($user)
|| $this->hasTrustedOpenID($user)
);
// Give other plugins a chance to override, if they can validate
// that somebody's ok despite a non-validated email.
@ -152,19 +162,22 @@ class RequireValidatedEmailPlugin extends Plugin
}
/**
* Check if a user was created before the grandfathering cutoff.
* Check if a user was created before the exemption date.
* If so, we won't need to check for validation.
*
* @param User $user User to check
*
* @return bool true if user is grandfathered
* @return bool true if user is exempted
*/
protected function grandfathered(User $user)
protected function exempted(User $user): bool
{
if ($this->grandfatherCutoff) {
$created = strtotime($user->created . " GMT");
$cutoff = strtotime($this->grandfatherCutoff);
if ($created < $cutoff) {
$exempt_before = ($this->exemptBefore ?? $this->grandfatherCutoff);
if (!empty($exempt_before)) {
$utc_timezone = new DateTimeZone('UTC');
$created_date = new DateTime($user->created, $utc_timezone);
$exempt_date = new DateTime($exempt_before, $utc_timezone);
if ($created_date < $exempt_date) {
return true;
}
}