(bug 37830) new $wgRequirePasswordforEmailChange

$wgRequirePasswordforEmailChange to control whether password
confirmation is required for changing an email address or not.

Change-Id: Iaef440ef56d391bf9e68d15899fc81c6050722fb

diff --git a/RELEASE-NOTES-1.20 b/RELEASE-NOTES-1.20
index 25668b1..daed79c 100644 (file)
--- a/RELEASE-NOTES-1.20
+++ b/RELEASE-NOTES-1.20
@@ -108,6 +108,8 @@ upgrade PHP if you have not done so prior to upgrading MediaWiki.
 * (bug 38151) Implemented mw.user.getRights for getting and caching the current
   user's user rights.
 * Implemented mw.user.getGroups for getting and caching user groups.
+* (bug 37830) Added $wgRequirePasswordforEmailChange to control whether password
+  confirmation is required for changing an email address or not.
 
 === Bug fixes in 1.20 ===
 * (bug 30245) Use the correct way to construct a log page title.

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 54f4175..69b632c 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -6145,6 +6145,11 @@ $wgSeleniumConfigFile = null;
 $wgDBtestuser = ''; //db user that has permission to create and drop the test databases only
 $wgDBtestpassword = '';
 
+/**
+ * Whether the user must enter their password to change their e-mail address
+ */
+$wgRequirePasswordforEmailChange = true;
+
 /**
  * For really cool vim folding this needs to be at the end:
  * vim: foldmarker=@{,@} foldmethod=marker

diff --git a/includes/specials/SpecialChangeEmail.php b/includes/specials/SpecialChangeEmail.php
index 167d4e2..fc72610 100644 (file)
--- a/includes/specials/SpecialChangeEmail.php
+++ b/includes/specials/SpecialChangeEmail.php
@@ -27,10 +27,26 @@
  * @ingroup SpecialPage
  */
 class SpecialChangeEmail extends UnlistedSpecialPage {
+
+       /**
+        * Users password
+        * @var string
+        */
+       protected $mPassword;
+
+       /**
+        * Users new email address
+        * @var string
+        */
+       protected $mNewEmail;
+
        public function __construct() {
                parent::__construct( 'ChangeEmail' );
        }
 
+       /**
+        * @return Bool
+        */
        function isListed() {
                global $wgAuth;
                return $wgAuth->allowPropChange( 'emailaddress' );
@@ -90,6 +106,9 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
                $this->showForm();
        }
 
+       /**
+        * @param $type string
+        */
        protected function doReturnTo( $type = 'hard' ) {
                $titleObj = Title::newFromText( $this->getRequest()->getVal( 'returnto' ) );
                if ( !$titleObj instanceof Title ) {
@@ -102,11 +121,15 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
                }
        }
 
+       /**
+        * @param $msg string
+        */
        protected function error( $msg ) {
                $this->getOutput()->wrapWikiMsg( "<p class='error'>\n$1\n</p>", $msg );
        }
 
        protected function showForm() {
+               global $wgRequirePasswordforEmailChange;
                $user = $this->getUser();
 
                $oldEmailText = $user->getEmail()
@@ -123,13 +146,20 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
                        Html::hidden( 'token', $user->getEditToken() ) . "\n" .
                        Html::hidden( 'returnto', $this->getRequest()->getVal( 'returnto' ) ) . "\n" .
                        $this->msg( 'changeemail-text' )->parseAsBlock() . "\n" .
-                       Xml::openElement( 'table', array( 'id' => 'mw-changeemail-table' ) ) . "\n" .
-                       $this->pretty( array(
-                               array( 'wpName', 'username', 'text', $user->getName() ),
-                               array( 'wpOldEmail', 'changeemail-oldemail', 'text', $oldEmailText ),
-                               array( 'wpNewEmail', 'changeemail-newemail', 'input', $this->mNewEmail ),
-                               array( 'wpPassword', 'yourpassword', 'password', $this->mPassword ),
-                       ) ) . "\n" .
+                       Xml::openElement( 'table', array( 'id' => 'mw-changeemail-table' ) ) . "\n"
+               );
+               $items = array(
+                       array( 'wpName', 'username', 'text', $user->getName() ),
+                       array( 'wpOldEmail', 'changeemail-oldemail', 'text', $oldEmailText ),
+                       array( 'wpNewEmail', 'changeemail-newemail', 'input', $this->mNewEmail ),
+               );
+               if ( $wgRequirePasswordforEmailChange ) {
+                       $items[] = array( 'wpPassword', 'yourpassword', 'password', $this->mPassword );
+               }
+
+               $this->getOutput()->addHTML(
+                       $this->pretty( $items ) .
+                       "\n" .
                        "<tr>\n" .
                                "<td></td>\n" .
                                '<td class="mw-input">' .
@@ -143,6 +173,10 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
                );
        }
 
+       /**
+        * @param $fields array
+        * @return string
+        */
        protected function pretty( $fields ) {
                $out = '';
                foreach ( $fields as $list ) {
@@ -173,6 +207,9 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
        }
 
        /**
+        * @param $user User
+        * @param $pass string
+        * @param $newaddr string
         * @return bool|string true or string on success, false on failure
         */
        protected function attemptChange( User $user, $pass, $newaddr ) {
@@ -187,7 +224,8 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
                        return false;
                }
 
-               if ( !$user->checkTemporaryPassword( $pass ) && !$user->checkPassword( $pass ) ) {
+               global $wgRequirePasswordforEmailChange;
+               if ( $wgRequirePasswordforEmailChange && !$user->checkTemporaryPassword( $pass ) && !$user->checkPassword( $pass ) ) {
                        $this->error( 'wrongpassword' );
                        return false;
                }