RequireValidatedEmailPlugin.php 8.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289
  1. <?php
  2. // This file is part of GNU social - https://www.gnu.org/software/social
  3. //
  4. // GNU social is free software: you can redistribute it and/or modify
  5. // it under the terms of the GNU Affero General Public License as published by
  6. // the Free Software Foundation, either version 3 of the License, or
  7. // (at your option) any later version.
  8. //
  9. // GNU social is distributed in the hope that it will be useful,
  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. // GNU Affero General Public License for more details.
  13. //
  14. // You should have received a copy of the GNU Affero General Public License
  15. // along with GNU social. If not, see <http://www.gnu.org/licenses/>.
  16. /**
  17. * Plugin that requires the user to have a validated email address before they
  18. * can post notices
  19. *
  20. * @category Plugin
  21. * @package GNUsocial
  22. * @author Craig Andrews <candrews@integralblue.com>
  23. * @author Brion Vibber <brion@status.net>
  24. * @author Evan Prodromou <evan@status.net>
  25. * @author Mikael Nordfeldth <mmn@hethane.se>
  26. * @copyright 2011 StatusNet Inc. http://status.net/
  27. * @copyright 2009-2013 Free Software Foundation, Inc http://www.fsf.org
  28. * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
  29. */
  30. defined('GNUSOCIAL') || die();
  31. /**
  32. * Plugin for requiring a validated email before posting.
  33. *
  34. * Enable this plugin using addPlugin('RequireValidatedEmail');
  35. * @copyright 2009-2013 Free Software Foundation, Inc http://www.fsf.org
  36. * @copyright 2009-2010 StatusNet, Inc.
  37. * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
  38. */
  39. class RequireValidatedEmailPlugin extends Plugin
  40. {
  41. const PLUGIN_VERSION = '2.0.0';
  42. /**
  43. * Users created before this date will be exempted
  44. * without the validation requirement.
  45. */
  46. public $exemptBefore = null;
  47. // Alternative more obscure term for exemption dates
  48. public $grandfatherCutoff = null;
  49. /**
  50. * If OpenID plugin is installed, users with a verified OpenID
  51. * association whose provider URL matches one of these regexes
  52. * will be considered to be sufficiently valid for our needs.
  53. *
  54. * For example, to trust WikiHow and Wikipedia OpenID users:
  55. *
  56. * addPlugin('RequireValidatedEmailPlugin', [
  57. * 'trustedOpenIDs' => [
  58. * '!^https?://\w+\.wikihow\.com/!',
  59. * '!^https?://\w+\.wikipedia\.org/!',
  60. * ],
  61. * ]);
  62. */
  63. public $trustedOpenIDs = [];
  64. /**
  65. * Whether or not to disallow login for unvalidated users.
  66. */
  67. public $disallowLogin = false;
  68. public function onRouterInitialized(URLMapper $m)
  69. {
  70. $m->connect(
  71. 'main/confirmfirst/:code',
  72. ['action' => 'confirmfirstemail']
  73. );
  74. return true;
  75. }
  76. /**
  77. * Event handler for notice saves; rejects the notice
  78. * if user's address isn't validated.
  79. *
  80. * @param Notice $notice The notice being saved
  81. *
  82. * @return bool hook result code
  83. */
  84. public function onStartNoticeSave(Notice $notice)
  85. {
  86. $author = $notice->getProfile();
  87. if (!$author->isLocal()) {
  88. // remote notice
  89. return true;
  90. }
  91. $user = $author->getUser();
  92. if ($user !== common_current_user()) {
  93. // Not the current user, must be legitimate (like welcomeuser)
  94. return true;
  95. }
  96. if (!$this->validated($user)) {
  97. // TRANS: Client exception thrown when trying to post notices before validating an e-mail address.
  98. $msg = _m('You must validate your email address before posting.');
  99. throw new ClientException($msg);
  100. }
  101. return true;
  102. }
  103. /**
  104. * Event handler for registration attempts; rejects the registration
  105. * if email field is missing.
  106. *
  107. * @param Action $action Action being executed
  108. *
  109. * @return bool hook result code
  110. */
  111. public function onStartRegisterUser(&$user, &$profile)
  112. {
  113. $email = $user->email;
  114. if (empty($email)) {
  115. // TRANS: Client exception thrown when trying to register without providing an e-mail address.
  116. throw new ClientException(_m('You must provide an email address to register.'));
  117. }
  118. return true;
  119. }
  120. /**
  121. * Check if a user has a validated email address or was
  122. * otherwise exempted.
  123. *
  124. * @param User $user User to valide
  125. *
  126. * @return bool
  127. */
  128. protected function validated(User $user): bool
  129. {
  130. // The email field is only stored after validation...
  131. // Until then you'll find them in confirm_address.
  132. $knownGood = (
  133. !empty($user->email)
  134. || $this->exempted($user)
  135. || $this->hasTrustedOpenID($user)
  136. );
  137. // Give other plugins a chance to override, if they can validate
  138. // that somebody's ok despite a non-validated email.
  139. // @todo FIXME: This isn't how to do it! Use Start*/End* instead
  140. Event::handle(
  141. 'RequireValidatedEmailPlugin_Override',
  142. [$user, &$knownGood]
  143. );
  144. return $knownGood;
  145. }
  146. /**
  147. * Check if a user was created before the exemption date.
  148. * If so, we won't need to check for validation.
  149. *
  150. * @param User $user User to check
  151. *
  152. * @return bool true if user is exempted
  153. */
  154. protected function exempted(User $user): bool
  155. {
  156. $exempt_before = ($this->exemptBefore ?? $this->grandfatherCutoff);
  157. if (!empty($exempt_before)) {
  158. $utc_timezone = new DateTimeZone('UTC');
  159. $created_date = new DateTime($user->created, $utc_timezone);
  160. $exempt_date = new DateTime($exempt_before, $utc_timezone);
  161. if ($created_date < $exempt_date) {
  162. return true;
  163. }
  164. }
  165. return false;
  166. }
  167. /**
  168. * Override for RequireValidatedEmail plugin. If we have a user who's
  169. * not validated an e-mail, but did come from a trusted provider,
  170. * we'll consider them ok.
  171. *
  172. * @param User $user User to check
  173. *
  174. * @return bool true if user has a trusted OpenID.
  175. */
  176. public function hasTrustedOpenID(User $user)
  177. {
  178. if ($this->trustedOpenIDs && class_exists('User_openid')) {
  179. foreach ($this->trustedOpenIDs as $regex) {
  180. $oid = new User_openid();
  181. $oid->user_id = $user->id;
  182. $oid->find();
  183. while ($oid->fetch()) {
  184. if (preg_match($regex, $oid->canonical)) {
  185. return true;
  186. }
  187. }
  188. }
  189. }
  190. return false;
  191. }
  192. /**
  193. * Add version information for this plugin.
  194. *
  195. * @param array &$versions Array of associative arrays of version data
  196. *
  197. * @return boolean hook value
  198. */
  199. public function onPluginVersion(array &$versions): bool
  200. {
  201. $versions[] =
  202. array('name' => 'Require Validated Email',
  203. 'version' => self::PLUGIN_VERSION,
  204. 'author' => 'Craig Andrews, '.
  205. 'Evan Prodromou, '.
  206. 'Brion Vibber',
  207. 'homepage' =>
  208. GNUSOCIAL_ENGINE_REPO_URL . 'tree/master/plugins/RequireValidatedEmail',
  209. 'rawdescription' =>
  210. // TRANS: Plugin description.
  211. _m('Disables posting without a validated email address.'));
  212. return true;
  213. }
  214. /**
  215. * Show an error message about validating user email before posting
  216. *
  217. * @param string $tag Current tab tag value
  218. * @param Action $action action being shown
  219. * @param Form $form object producing the form
  220. *
  221. * @return boolean hook value
  222. */
  223. public function onStartMakeEntryForm($tag, $action, &$form)
  224. {
  225. $user = common_current_user();
  226. if (!empty($user)) {
  227. if (!$this->validated($user)) {
  228. $action->element('div', array('class'=>'error'), _m('You must validate an email address before posting!'));
  229. }
  230. }
  231. return true;
  232. }
  233. /**
  234. * Prevent unvalidated folks from creating spam groups.
  235. *
  236. * @param Profile $profile User profile we're checking
  237. * @param string $right rights key
  238. * @param boolean $result if overriding, set to true/false has right
  239. * @return boolean hook result value
  240. */
  241. public function onUserRightsCheck(Profile $profile, $right, &$result)
  242. {
  243. if ($right == Right::CREATEGROUP ||
  244. ($this->disallowLogin && ($right == Right::WEBLOGIN || $right == Right::API))) {
  245. $user = User::getKV('id', $profile->id);
  246. if ($user && !$this->validated($user)) {
  247. $result = false;
  248. return false;
  249. }
  250. }
  251. return true;
  252. }
  253. public function onLoginAction($action, &$login)
  254. {
  255. if ($action == 'confirmfirstemail') {
  256. $login = true;
  257. return false;
  258. }
  259. return true;
  260. }
  261. }