DomainWhitelistPlugin.php 9.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284
  1. <?php
  2. /**
  3. * StatusNet - the distributed open-source microblogging tool
  4. * Copyright (C) 2011, StatusNet, Inc.
  5. *
  6. * Restrict the email addresses in a domain to a select whitelist
  7. *
  8. * PHP version 5
  9. *
  10. * This program is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License as published by
  12. * the Free Software Foundation, either version 3 of the License, or
  13. * (at your option) any later version.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  22. *
  23. * @category Cache
  24. * @package StatusNet
  25. * @author Evan Prodromou <evan@status.net>
  26. * @author Zach Copley <zach@status.net>
  27. * @copyright 2011 StatusNet, Inc.
  28. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
  29. * @link http://status.net/
  30. */
  31. if (!defined('STATUSNET')) {
  32. // This check helps protect against security problems;
  33. // your code file can't be executed directly from the web.
  34. exit(1);
  35. }
  36. /**
  37. * Restrict the email addresses to a domain whitelist
  38. *
  39. * @category General
  40. * @package StatusNet
  41. * @author Evan Prodromou <evan@status.net>
  42. * @author Zach Copley <zach@status.net>
  43. * @copyright 2011 StatusNet, Inc.
  44. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
  45. * @link http://status.net/
  46. */
  47. class DomainWhitelistPlugin extends Plugin
  48. {
  49. const PLUGIN_VERSION = '2.0.0';
  50. /**
  51. * Get the path to the plugin's installation directory. Used
  52. * to link in js files and whatnot.
  53. *
  54. * @return String the absolute path
  55. */
  56. protected function getPath() {
  57. return preg_replace('/^' . preg_quote(INSTALLDIR, '/') . '\//', '', dirname(__FILE__));
  58. }
  59. /**
  60. * Link in a JavaScript script for the whitelist invite form
  61. *
  62. * @param Action $action Action being shown
  63. *
  64. * @return boolean hook flag
  65. */
  66. function onEndShowStatusNetScripts($action) {
  67. $name = $action->arg('action');
  68. if ($name == 'invite') {
  69. $action->script($this->getPath() . '/js/whitelistinvite.js');
  70. }
  71. return true;
  72. }
  73. function onRequireValidatedEmailPlugin_Override($user, &$knownGood)
  74. {
  75. $knownGood = (!empty($user->email) && $this->matchesWhitelist($user->email));
  76. return true;
  77. }
  78. function onEndValidateUserEmail($user, $email, &$valid)
  79. {
  80. if ($valid) { // it's otherwise valid
  81. if (!$this->matchesWhitelist($email)) {
  82. $whitelist = $this->getWhitelist();
  83. if (count($whitelist) == 1) {
  84. // TRANS: Client exception thrown when a given e-mailaddress is not in the domain whitelist.
  85. // TRANS: %s is a whitelisted e-mail domain.
  86. $message = sprintf(_m('Email address must be in this domain: %s.'),
  87. $whitelist[0]);
  88. } else {
  89. // TRANS: Client exception thrown when a given e-mailaddress is not in the domain whitelist.
  90. // TRANS: %s are whitelisted e-mail domains separated by comma's (localisable).
  91. $message = sprintf(_m('Email address must be in one of these domains: %s.'),
  92. // TRANS: Separator for whitelisted domains.
  93. implode(_m('SEPARATOR',', '), $whitelist));
  94. }
  95. throw new ClientException($message);
  96. }
  97. }
  98. return true;
  99. }
  100. function onStartAddEmailAddress($user, $email)
  101. {
  102. if (!$this->matchesWhitelist($email)) {
  103. // TRANS: Exception thrown when an e-mail address does not match the site's domain whitelist.
  104. throw new Exception(_m('That email address is not allowed on this site.'));
  105. }
  106. return true;
  107. }
  108. function onEndValidateEmailInvite($user, $email, &$valid)
  109. {
  110. if ($valid) {
  111. $valid = $this->matchesWhitelist($email);
  112. }
  113. return true;
  114. }
  115. function matchesWhitelist($email)
  116. {
  117. $whitelist = $this->getWhitelist();
  118. if (empty($whitelist) || empty($whitelist[0])) {
  119. return true;
  120. }
  121. $userDomain = $this->domainFromEmail($email);
  122. return in_array($userDomain, $whitelist);
  123. }
  124. /**
  125. * Helper function to pull out a domain from
  126. * an email address
  127. *
  128. * @param string $email and email address
  129. * @return string the domain
  130. */
  131. function domainFromEmail($email)
  132. {
  133. $parts = explode('@', $email);
  134. return strtolower(trim($parts[1]));
  135. }
  136. function getWhitelist()
  137. {
  138. $whitelist = common_config('email', 'whitelist');
  139. if (is_array($whitelist)) {
  140. return $this->sortWhiteList($whitelist);
  141. } else {
  142. return explode('|', $whitelist);
  143. }
  144. }
  145. /**
  146. * This is a filter function passed in to array_filter()
  147. * in order to strip out the user's domain, which will
  148. * be re-inserted as the first element (see sortWhitelist()
  149. * below).
  150. *
  151. * @param string $domain domain to check
  152. * @return boolean whether to include the domain
  153. */
  154. function userDomainFilter($domain)
  155. {
  156. $user = common_current_user();
  157. $userDomain = $this->domainFromEmail($user->email);
  158. if ($userDomain == $domain) {
  159. return false;
  160. }
  161. return true;
  162. }
  163. /**
  164. * This function sorts the whitelist alphabetically, and sets the
  165. * current user's domain as the first element in the array of
  166. * allowed domains. Mostly, this is for the JavaScript on the invite
  167. * page--in the case of multiple allowed domains, it's nicer if the
  168. * user's own domain is the first option, and this seemed like a good
  169. * way to do it.
  170. *
  171. * @param array $whitelist whitelist of allowed email domains
  172. * @return array an ordered or sorted version of the whitelist
  173. */
  174. function sortWhitelist($whitelist)
  175. {
  176. $whitelist = array_unique($whitelist);
  177. natcasesort($whitelist);
  178. $user = common_current_user();
  179. if (!empty($user) && !empty($user->email)) {
  180. $userDomain = $this->domainFromEmail($user->email);
  181. $orderedWhitelist = array_values(
  182. array_filter(
  183. $whitelist,
  184. array($this, "userDomainFilter")
  185. )
  186. );
  187. if (in_array($userDomain, $whitelist)) {
  188. array_unshift($orderedWhitelist, $userDomain);
  189. }
  190. return $orderedWhitelist;
  191. }
  192. return $whitelist;
  193. }
  194. /**
  195. * Show a fancier invite form when domains are restricted to the
  196. * whitelist.
  197. *
  198. * @param action $action the invite action
  199. * @return boolean hook value
  200. */
  201. function onStartShowInviteForm($action)
  202. {
  203. $this->showConfirmDialog($action);
  204. $form = new WhitelistInviteForm($action, $this->getWhitelist());
  205. $form->show();
  206. return false;
  207. }
  208. function showConfirmDialog($action)
  209. {
  210. // For JQuery UI modal dialog
  211. $action->elementStart(
  212. 'div',
  213. // TRANS: Title for invitiation deletion dialog.
  214. array('id' => 'confirm-dialog', 'title' => _m('Confirmation Required'))
  215. );
  216. // TRANS: Confirmation text for invitation deletion dialog.
  217. $action->text(_m('Really delete this invitation?'));
  218. $action->elementEnd('div');
  219. }
  220. /**
  221. * This is a bit of a hack. We take the values from the custom
  222. * whitelist invite form and reformat them so they look like
  223. * their coming from the the normal invite form.
  224. *
  225. * @param action &$action the invite action
  226. * @return boolean hook value
  227. */
  228. function onStartSendInvitations(&$action)
  229. {
  230. $emails = array();
  231. $usernames = $action->arg('username');
  232. $domains = $action->arg('domain');
  233. for($i = 0; $i < count($usernames); $i++) {
  234. if (!empty($usernames[$i])) {
  235. $emails[] = $usernames[$i] . '@' . $domains[$i] . "\n";
  236. }
  237. }
  238. $action->args['addresses'] = implode($emails);
  239. return true;
  240. }
  241. public function onPluginVersion(array &$versions): bool
  242. {
  243. $versions[] = array('name' => 'DomainWhitelist',
  244. 'version' => self::PLUGIN_VERSION,
  245. 'author' => 'Evan Prodromou, Zach Copley',
  246. 'homepage' => GNUSOCIAL_ENGINE_REPO_URL . 'tree/master/plugins/DomainWhitelist',
  247. 'rawdescription' =>
  248. // TRANS: Plugin description.
  249. _m('Restrict domains for email users.'));
  250. return true;
  251. }
  252. }