dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Perform a permission check on the title when changing the page language"
[lhc/web/wiklou.git] / includes / specials / SpecialChangeEmail.php
1 <?php
2 /**
3 * Implements Special:ChangeEmail
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup SpecialPage
22 */
23
24 use MediaWiki\Auth\AuthManager;
25
26 /**
27 * Let users change their email address.
28 *
29 * @ingroup SpecialPage
30 */
31 class SpecialChangeEmail extends FormSpecialPage {
32 /**
33 * @var Status
34 */
35 private $status;
36
37 public function __construct() {
38 parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );
39 }
40
41 public function doesWrites() {
42 return true;
43 }
44
45 /**
46 * @return bool
47 */
48 public function isListed() {
49 return AuthManager::singleton()->allowsPropertyChange( 'emailaddress' );
50 }
51
52 /**
53 * Main execution point
54 * @param string $par
55 */
56 function execute( $par ) {
57 $this->checkLoginSecurityLevel();
58
59 $out = $this->getOutput();
60 $out->disallowUserJs();
61
62 parent::execute( $par );
63 }
64
65 protected function checkExecutePermissions( User $user ) {
66 if ( !AuthManager::singleton()->allowsPropertyChange( 'emailaddress' ) ) {
67 throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
68 }
69
70 $this->requireLogin( 'changeemail-no-info' );
71
72 // This could also let someone check the current email address, so
73 // require both permissions.
74 if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
75 throw new PermissionsError( 'viewmyprivateinfo' );
76 }
77
78 parent::checkExecutePermissions( $user );
79 }
80
81 protected function getFormFields() {
82 $user = $this->getUser();
83
84 $fields = [
85 'Name' => [
86 'type' => 'info',
87 'label-message' => 'username',
88 'default' => $user->getName(),
89 ],
90 'OldEmail' => [
91 'type' => 'info',
92 'label-message' => 'changeemail-oldemail',
93 'default' => $user->getEmail() ?: $this->msg( 'changeemail-none' )->text(),
94 ],
95 'NewEmail' => [
96 'type' => 'email',
97 'label-message' => 'changeemail-newemail',
98 'autofocus' => true,
99 'help-message' => 'changeemail-newemail-help',
100 ],
101 ];
102
103 return $fields;
104 }
105
106 protected function getDisplayFormat() {
107 return 'ooui';
108 }
109
110 protected function alterForm( HTMLForm $form ) {
111 $form->setId( 'mw-changeemail-form' );
112 $form->setTableId( 'mw-changeemail-table' );
113 $form->setSubmitTextMsg( 'changeemail-submit' );
114 $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
115
116 $form->addHeaderText( $this->msg( 'changeemail-header' )->parseAsBlock() );
117 }
118
119 public function onSubmit( array $data ) {
120 $status = $this->attemptChange( $this->getUser(), $data['NewEmail'] );
121
122 $this->status = $status;
123
124 return $status;
125 }
126
127 public function onSuccess() {
128 $request = $this->getRequest();
129
130 $returnto = $request->getVal( 'returnto' );
131 $titleObj = $returnto !== null ? Title::newFromText( $returnto ) : null;
132 if ( !$titleObj instanceof Title ) {
133 $titleObj = Title::newMainPage();
134 }
135 $query = $request->getVal( 'returntoquery' );
136
137 if ( $this->status->value === true ) {
138 $this->getOutput()->redirect( $titleObj->getFullUrlForRedirect( $query ) );
139 } elseif ( $this->status->value === 'eauth' ) {
140 # Notify user that a confirmation email has been sent...
141 $this->getOutput()->wrapWikiMsg( "<div class='error' style='clear: both;'>\n$1\n</div>",
142 'eauthentsent', $this->getUser()->getName() );
143 // just show the link to go back
144 $this->getOutput()->addReturnTo( $titleObj, wfCgiToArray( $query ) );
145 }
146 }
147
148 /**
149 * @param User $user
150 * @param string $newaddr
151 * @return Status
152 */
153 private function attemptChange( User $user, $newaddr ) {
154 $authManager = AuthManager::singleton();
155
156 if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
157 return Status::newFatal( 'invalidemailaddress' );
158 }
159
160 if ( $newaddr === $user->getEmail() ) {
161 return Status::newFatal( 'changeemail-nochange' );
162 }
163
164 $oldaddr = $user->getEmail();
165 $status = $user->setEmailWithConfirmation( $newaddr );
166 if ( !$status->isGood() ) {
167 return $status;
168 }
169
170 Hooks::run( 'PrefsEmailAudit', [ $user, $oldaddr, $newaddr ] );
171
172 $user->saveSettings();
173 MediaWiki\Auth\AuthManager::callLegacyAuthPlugin( 'updateExternalDB', [ $user ] );
174
175 return $status;
176 }
177
178 public function requiresUnblock() {
179 return false;
180 }
181
182 protected function getGroupName() {
183 return 'users';
184 }
185 }
Wiklou, le Wiki du Wiklou