RequireValidatedEmailPlugin.php 8.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284
  1. <?php
  2. /**
  3. * StatusNet, the distributed open-source microblogging tool
  4. *
  5. * Plugin that requires the user to have a validated email address before they
  6. * can post notices
  7. *
  8. * PHP version 5
  9. *
  10. * LICENCE: This program is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License as published by
  12. * the Free Software Foundation, either version 3 of the License, or
  13. * (at your option) any later version.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  22. *
  23. * @category Plugin
  24. * @package StatusNet
  25. * @author Craig Andrews <candrews@integralblue.com>
  26. * @author Brion Vibber <brion@status.net>
  27. * @author Evan Prodromou <evan@status.net>
  28. * @copyright 2011 StatusNet Inc. http://status.net/
  29. * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
  30. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  31. * @link http://status.net/
  32. */
  33. if (!defined('STATUSNET') && !defined('LACONICA')) {
  34. exit(1);
  35. }
  36. /**
  37. * Plugin for requiring a validated email before posting.
  38. *
  39. * Enable this plugin using addPlugin('RequireValidatedEmail');
  40. *
  41. * @category Plugin
  42. * @package StatusNet
  43. * @author Craig Andrews <candrews@integralblue.com>
  44. * @author Brion Vibber <brion@status.net>
  45. * @author Evan Prodromou <evan@status.net>
  46. * @author Mikael Nordfeldth <mmn@hethane.se>
  47. * @copyright 2009-2013 Free Software Foundation, Inc http://www.fsf.org
  48. * @copyright 2009-2010 StatusNet, Inc.
  49. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  50. * @link http://status.net/
  51. */
  52. class RequireValidatedEmailPlugin extends Plugin
  53. {
  54. const PLUGIN_VERSION = '2.0.0';
  55. /**
  56. * Users created before this time will be grandfathered in
  57. * without the validation requirement.
  58. */
  59. public $grandfatherCutoff = null;
  60. /**
  61. * If OpenID plugin is installed, users with a verified OpenID
  62. * association whose provider URL matches one of these regexes
  63. * will be considered to be sufficiently valid for our needs.
  64. *
  65. * For example, to trust WikiHow and Wikipedia OpenID users:
  66. *
  67. * addPlugin('RequireValidatedEmailPlugin', array(
  68. * 'trustedOpenIDs' => array(
  69. * '!^http://\w+\.wikihow\.com/!',
  70. * '!^http://\w+\.wikipedia\.org/!',
  71. * ),
  72. * ));
  73. */
  74. public $trustedOpenIDs = array();
  75. /**
  76. * Whether or not to disallow login for unvalidated users.
  77. */
  78. public $disallowLogin = false;
  79. public function onRouterInitialized(URLMapper $m)
  80. {
  81. $m->('main/confirmfirst/:code',
  82. ['action' => 'confirmfirstemail']);
  83. return true;
  84. }
  85. /**
  86. * Event handler for notice saves; rejects the notice
  87. * if user's address isn't validated.
  88. *
  89. * @param Notice $notice The notice being saved
  90. *
  91. * @return bool hook result code
  92. */
  93. public function onStartNoticeSave(Notice $notice)
  94. {
  95. $author = $notice->getProfile();
  96. if (!$author->isLocal()) {
  97. // remote notice
  98. return true;
  99. }
  100. $user = $author->getUser();
  101. if (!$this->validated($user)) {
  102. // TRANS: Client exception thrown when trying to post notices before validating an e-mail address.
  103. $msg = _m('You must validate your email address before posting.');
  104. throw new ClientException($msg);
  105. }
  106. return true;
  107. }
  108. /**
  109. * Event handler for registration attempts; rejects the registration
  110. * if email field is missing.
  111. *
  112. * @param Action $action Action being executed
  113. *
  114. * @return bool hook result code
  115. */
  116. function onStartRegisterUser(&$user, &$profile)
  117. {
  118. $email = $user->email;
  119. if (empty($email)) {
  120. // TRANS: Client exception thrown when trying to register without providing an e-mail address.
  121. throw new ClientException(_m('You must provide an email address to register.'));
  122. }
  123. return true;
  124. }
  125. /**
  126. * Check if a user has a validated email address or has been
  127. * otherwise grandfathered in.
  128. *
  129. * @param User $user User to valide
  130. *
  131. * @return bool
  132. */
  133. protected function validated(User $user)
  134. {
  135. // The email field is only stored after validation...
  136. // Until then you'll find them in confirm_address.
  137. $knownGood = !empty($user->email) ||
  138. $this->grandfathered($user) ||
  139. $this->hasTrustedOpenID($user);
  140. // Give other plugins a chance to override, if they can validate
  141. // that somebody's ok despite a non-validated email.
  142. // @todo FIXME: This isn't how to do it! Use Start*/End* instead
  143. Event::handle('RequireValidatedEmailPlugin_Override',
  144. array($user, &$knownGood));
  145. return $knownGood;
  146. }
  147. /**
  148. * Check if a user was created before the grandfathering cutoff.
  149. * If so, we won't need to check for validation.
  150. *
  151. * @param User $user User to check
  152. *
  153. * @return bool true if user is grandfathered
  154. */
  155. protected function grandfathered(User $user)
  156. {
  157. if ($this->grandfatherCutoff) {
  158. $created = strtotime($user->created . " GMT");
  159. $cutoff = strtotime($this->grandfatherCutoff);
  160. if ($created < $cutoff) {
  161. return true;
  162. }
  163. }
  164. return false;
  165. }
  166. /**
  167. * Override for RequireValidatedEmail plugin. If we have a user who's
  168. * not validated an e-mail, but did come from a trusted provider,
  169. * we'll consider them ok.
  170. *
  171. * @param User $user User to check
  172. *
  173. * @return bool true if user has a trusted OpenID.
  174. */
  175. function hasTrustedOpenID(User $user)
  176. {
  177. if ($this->trustedOpenIDs && class_exists('User_openid')) {
  178. foreach ($this->trustedOpenIDs as $regex) {
  179. $oid = new User_openid();
  180. $oid->user_id = $user->id;
  181. $oid->find();
  182. while ($oid->fetch()) {
  183. if (preg_match($regex, $oid->canonical)) {
  184. return true;
  185. }
  186. }
  187. }
  188. }
  189. return false;
  190. }
  191. /**
  192. * Add version information for this plugin.
  193. *
  194. * @param array &$versions Array of associative arrays of version data
  195. *
  196. * @return boolean hook value
  197. */
  198. public function onPluginVersion(array &$versions): bool
  199. {
  200. $versions[] =
  201. array('name' => 'Require Validated Email',
  202. 'version' => self::PLUGIN_VERSION,
  203. 'author' => 'Craig Andrews, '.
  204. 'Evan Prodromou, '.
  205. 'Brion Vibber',
  206. 'homepage' =>
  207. 'https://git.gnu.io/gnu/gnu-social/tree/master/plugins/RequireValidatedEmail',
  208. 'rawdescription' =>
  209. // TRANS: Plugin description.
  210. _m('Disables posting without a validated email address.'));
  211. return true;
  212. }
  213. /**
  214. * Show an error message about validating user email before posting
  215. *
  216. * @param string $tag Current tab tag value
  217. * @param Action $action action being shown
  218. * @param Form $form object producing the form
  219. *
  220. * @return boolean hook value
  221. */
  222. function onStartMakeEntryForm($tag, $action, &$form)
  223. {
  224. $user = common_current_user();
  225. if (!empty($user)) {
  226. if (!$this->validated($user)) {
  227. $action->element('div', array('class'=>'error'), _m('You must validate an email address before posting!'));
  228. }
  229. }
  230. return true;
  231. }
  232. /**
  233. * Prevent unvalidated folks from creating spam groups.
  234. *
  235. * @param Profile $profile User profile we're checking
  236. * @param string $right rights key
  237. * @param boolean $result if overriding, set to true/false has right
  238. * @return boolean hook result value
  239. */
  240. function onUserRightsCheck(Profile $profile, $right, &$result)
  241. {
  242. if ($right == Right::CREATEGROUP ||
  243. ($this->disallowLogin && ($right == Right::WEBLOGIN || $right == Right::API))) {
  244. $user = User::getKV('id', $profile->id);
  245. if ($user && !$this->validated($user)) {
  246. $result = false;
  247. return false;
  248. }
  249. }
  250. return true;
  251. }
  252. function onLoginAction($action, &$login)
  253. {
  254. if ($action == 'confirmfirstemail') {
  255. $login = true;
  256. return false;
  257. }
  258. return true;
  259. }
  260. }