RequireValidatedEmailPlugin.php 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282
  1. <?php
  2. /**
  3. * StatusNet, the distributed open-source microblogging tool
  4. *
  5. * Plugin that requires the user to have a validated email address before they
  6. * can post notices
  7. *
  8. * PHP version 5
  9. *
  10. * LICENCE: This program is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License as published by
  12. * the Free Software Foundation, either version 3 of the License, or
  13. * (at your option) any later version.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  22. *
  23. * @category Plugin
  24. * @package StatusNet
  25. * @author Craig Andrews <candrews@integralblue.com>
  26. * @author Brion Vibber <brion@status.net>
  27. * @author Evan Prodromou <evan@status.net>
  28. * @copyright 2011 StatusNet Inc. http://status.net/
  29. * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
  30. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  31. * @link http://status.net/
  32. */
  33. if (!defined('STATUSNET') && !defined('LACONICA')) {
  34. exit(1);
  35. }
  36. /**
  37. * Plugin for requiring a validated email before posting.
  38. *
  39. * Enable this plugin using addPlugin('RequireValidatedEmail');
  40. *
  41. * @category Plugin
  42. * @package StatusNet
  43. * @author Craig Andrews <candrews@integralblue.com>
  44. * @author Brion Vibber <brion@status.net>
  45. * @author Evan Prodromou <evan@status.net>
  46. * @author Mikael Nordfeldth <mmn@hethane.se>
  47. * @copyright 2009-2013 Free Software Foundation, Inc http://www.fsf.org
  48. * @copyright 2009-2010 StatusNet, Inc.
  49. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  50. * @link http://status.net/
  51. */
  52. class RequireValidatedEmailPlugin extends Plugin
  53. {
  54. /**
  55. * Users created before this time will be grandfathered in
  56. * without the validation requirement.
  57. */
  58. public $grandfatherCutoff = null;
  59. /**
  60. * If OpenID plugin is installed, users with a verified OpenID
  61. * association whose provider URL matches one of these regexes
  62. * will be considered to be sufficiently valid for our needs.
  63. *
  64. * For example, to trust WikiHow and Wikipedia OpenID users:
  65. *
  66. * addPlugin('RequireValidatedEmailPlugin', array(
  67. * 'trustedOpenIDs' => array(
  68. * '!^http://\w+\.wikihow\.com/!',
  69. * '!^http://\w+\.wikipedia\.org/!',
  70. * ),
  71. * ));
  72. */
  73. public $trustedOpenIDs = array();
  74. /**
  75. * Whether or not to disallow login for unvalidated users.
  76. */
  77. public $disallowLogin = false;
  78. public function onRouterInitialized(URLMapper $m)
  79. {
  80. $m->connect('main/confirmfirst/:code',
  81. array('action' => 'confirmfirstemail'));
  82. return true;
  83. }
  84. /**
  85. * Event handler for notice saves; rejects the notice
  86. * if user's address isn't validated.
  87. *
  88. * @param Notice $notice The notice being saved
  89. *
  90. * @return bool hook result code
  91. */
  92. public function onStartNoticeSave(Notice $notice)
  93. {
  94. $author = $notice->getProfile();
  95. if (!$author->isLocal()) {
  96. // remote notice
  97. return true;
  98. }
  99. $user = $author->getUser();
  100. if (!$this->validated($user)) {
  101. // TRANS: Client exception thrown when trying to post notices before validating an e-mail address.
  102. $msg = _m('You must validate your email address before posting.');
  103. throw new ClientException($msg);
  104. }
  105. return true;
  106. }
  107. /**
  108. * Event handler for registration attempts; rejects the registration
  109. * if email field is missing.
  110. *
  111. * @param Action $action Action being executed
  112. *
  113. * @return bool hook result code
  114. */
  115. function onStartRegisterUser(&$user, &$profile)
  116. {
  117. $email = $user->email;
  118. if (empty($email)) {
  119. // TRANS: Client exception thrown when trying to register without providing an e-mail address.
  120. throw new ClientException(_m('You must provide an email address to register.'));
  121. }
  122. return true;
  123. }
  124. /**
  125. * Check if a user has a validated email address or has been
  126. * otherwise grandfathered in.
  127. *
  128. * @param User $user User to valide
  129. *
  130. * @return bool
  131. */
  132. protected function validated(User $user)
  133. {
  134. // The email field is only stored after validation...
  135. // Until then you'll find them in confirm_address.
  136. $knownGood = !empty($user->email) ||
  137. $this->grandfathered($user) ||
  138. $this->hasTrustedOpenID($user);
  139. // Give other plugins a chance to override, if they can validate
  140. // that somebody's ok despite a non-validated email.
  141. // @todo FIXME: This isn't how to do it! Use Start*/End* instead
  142. Event::handle('RequireValidatedEmailPlugin_Override',
  143. array($user, &$knownGood));
  144. return $knownGood;
  145. }
  146. /**
  147. * Check if a user was created before the grandfathering cutoff.
  148. * If so, we won't need to check for validation.
  149. *
  150. * @param User $user User to check
  151. *
  152. * @return bool true if user is grandfathered
  153. */
  154. protected function grandfathered(User $user)
  155. {
  156. if ($this->grandfatherCutoff) {
  157. $created = strtotime($user->created . " GMT");
  158. $cutoff = strtotime($this->grandfatherCutoff);
  159. if ($created < $cutoff) {
  160. return true;
  161. }
  162. }
  163. return false;
  164. }
  165. /**
  166. * Override for RequireValidatedEmail plugin. If we have a user who's
  167. * not validated an e-mail, but did come from a trusted provider,
  168. * we'll consider them ok.
  169. *
  170. * @param User $user User to check
  171. *
  172. * @return bool true if user has a trusted OpenID.
  173. */
  174. function hasTrustedOpenID(User $user)
  175. {
  176. if ($this->trustedOpenIDs && class_exists('User_openid')) {
  177. foreach ($this->trustedOpenIDs as $regex) {
  178. $oid = new User_openid();
  179. $oid->user_id = $user->id;
  180. $oid->find();
  181. while ($oid->fetch()) {
  182. if (preg_match($regex, $oid->canonical)) {
  183. return true;
  184. }
  185. }
  186. }
  187. }
  188. return false;
  189. }
  190. /**
  191. * Add version information for this plugin.
  192. *
  193. * @param array &$versions Array of associative arrays of version data
  194. *
  195. * @return boolean hook value
  196. */
  197. function onPluginVersion(array &$versions)
  198. {
  199. $versions[] =
  200. array('name' => 'Require Validated Email',
  201. 'version' => GNUSOCIAL_VERSION,
  202. 'author' => 'Craig Andrews, '.
  203. 'Evan Prodromou, '.
  204. 'Brion Vibber',
  205. 'homepage' =>
  206. 'http://status.net/wiki/Plugin:RequireValidatedEmail',
  207. 'rawdescription' =>
  208. // TRANS: Plugin description.
  209. _m('Disables posting without a validated email address.'));
  210. return true;
  211. }
  212. /**
  213. * Show an error message about validating user email before posting
  214. *
  215. * @param string $tag Current tab tag value
  216. * @param Action $action action being shown
  217. * @param Form $form object producing the form
  218. *
  219. * @return boolean hook value
  220. */
  221. function onStartMakeEntryForm($tag, $action, &$form)
  222. {
  223. $user = common_current_user();
  224. if (!empty($user)) {
  225. if (!$this->validated($user)) {
  226. $action->element('div', array('class'=>'error'), _m('You must validate an email address before posting!'));
  227. }
  228. }
  229. return true;
  230. }
  231. /**
  232. * Prevent unvalidated folks from creating spam groups.
  233. *
  234. * @param Profile $profile User profile we're checking
  235. * @param string $right rights key
  236. * @param boolean $result if overriding, set to true/false has right
  237. * @return boolean hook result value
  238. */
  239. function onUserRightsCheck(Profile $profile, $right, &$result)
  240. {
  241. if ($right == Right::CREATEGROUP ||
  242. ($this->disallowLogin && ($right == Right::WEBLOGIN || $right == Right::API))) {
  243. $user = User::getKV('id', $profile->id);
  244. if ($user && !$this->validated($user)) {
  245. $result = false;
  246. return false;
  247. }
  248. }
  249. return true;
  250. }
  251. function onLoginAction($action, &$login)
  252. {
  253. if ($action == 'confirmfirstemail') {
  254. $login = true;
  255. return false;
  256. }
  257. return true;
  258. }
  259. }