includes/specials/SpecialChangeEmail.php

   1 <?php
   2 /**
   3  * Implements Special:ChangeEmail
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  * @ingroup SpecialPage
  22  */
  23
  24 /**
  25  * Let users change their email address.
  26  *
  27  * @ingroup SpecialPage
  28  */
  29 class SpecialChangeEmail extends FormSpecialPage {
  30         /**
  31          * @var Status
  32          */
  33         private $status;
  34
  35         public function __construct() {
  36                 parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );
  37         }
  38
  39         public function doesWrites() {
  40                 return true;
  41         }
  42
  43         /**
  44          * @return bool
  45          */
  46         public function isListed() {
  47                 global $wgAuth;
  48
  49                 return $wgAuth->allowPropChange( 'emailaddress' );
  50         }
  51
  52         /**
  53          * Main execution point
  54          * @param string $par
  55          */
  56         function execute( $par ) {
  57                 $out = $this->getOutput();
  58                 $out->disallowUserJs();
  59
  60                 parent::execute( $par );
  61         }
  62
  63         protected function checkExecutePermissions( User $user ) {
  64                 global $wgAuth;
  65
  66                 if ( !$wgAuth->allowPropChange( 'emailaddress' ) ) {
  67                         throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
  68                 }
  69
  70                 $this->requireLogin( 'changeemail-no-info' );
  71
  72                 // This could also let someone check the current email address, so
  73                 // require both permissions.
  74                 if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
  75                         throw new PermissionsError( 'viewmyprivateinfo' );
  76                 }
  77
  78                 parent::checkExecutePermissions( $user );
  79         }
  80
  81         protected function getFormFields() {
  82                 $user = $this->getUser();
  83
  84                 $fields = [
  85                         'Name' => [
  86                                 'type' => 'info',
  87                                 'label-message' => 'username',
  88                                 'default' => $user->getName(),
  89                         ],
  90                         'OldEmail' => [
  91                                 'type' => 'info',
  92                                 'label-message' => 'changeemail-oldemail',
  93                                 'default' => $user->getEmail() ?: $this->msg( 'changeemail-none' )->text(),
  94                         ],
  95                         'NewEmail' => [
  96                                 'type' => 'email',
  97                                 'label-message' => 'changeemail-newemail',
  98                                 'autofocus' => true,
  99                                 'help-message' => 'changeemail-newemail-help',
 100                         ],
 101                 ];
 102
 103                 if ( $this->getConfig()->get( 'RequirePasswordforEmailChange' ) ) {
 104                         $fields['Password'] = [
 105                                 'type' => 'password',
 106                                 'label-message' => 'changeemail-password'
 107                         ];
 108                 }
 109
 110                 return $fields;
 111         }
 112
 113         protected function getDisplayFormat() {
 114                 return 'ooui';
 115         }
 116
 117         protected function alterForm( HTMLForm $form ) {
 118                 $form->setId( 'mw-changeemail-form' );
 119                 $form->setTableId( 'mw-changeemail-table' );
 120                 $form->setSubmitTextMsg( 'changeemail-submit' );
 121                 $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
 122
 123                 $form->addHeaderText( $this->msg( 'changeemail-header' )->parseAsBlock() );
 124                 if ( $this->getConfig()->get( 'RequirePasswordforEmailChange' ) ) {
 125                         $form->addHeaderText( $this->msg( 'changeemail-passwordrequired' )->parseAsBlock() );
 126                 }
 127         }
 128
 129         public function onSubmit( array $data ) {
 130                 $password = isset( $data['Password'] ) ? $data['Password'] : null;
 131                 $status = $this->attemptChange( $this->getUser(), $password, $data['NewEmail'] );
 132
 133                 $this->status = $status;
 134
 135                 return $status;
 136         }
 137
 138         public function onSuccess() {
 139                 $request = $this->getRequest();
 140
 141                 $returnto = $request->getVal( 'returnto' );
 142                 $titleObj = $returnto !== null ? Title::newFromText( $returnto ) : null;
 143                 if ( !$titleObj instanceof Title ) {
 144                         $titleObj = Title::newMainPage();
 145                 }
 146                 $query = $request->getVal( 'returntoquery' );
 147
 148                 if ( $this->status->value === true ) {
 149                         $this->getOutput()->redirect( $titleObj->getFullURL( $query ) );
 150                 } elseif ( $this->status->value === 'eauth' ) {
 151                         # Notify user that a confirmation email has been sent...
 152                         $this->getOutput()->wrapWikiMsg( "<div class='error' style='clear: both;'>\n$1\n</div>",
 153                                 'eauthentsent', $this->getUser()->getName() );
 154                         // just show the link to go back
 155                         $this->getOutput()->addReturnTo( $titleObj, wfCgiToArray( $query ) );
 156                 }
 157         }
 158
 159         /**
 160          * @param User $user
 161          * @param string $pass
 162          * @param string $newaddr
 163          * @return Status
 164          */
 165         private function attemptChange( User $user, $pass, $newaddr ) {
 166                 if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
 167                         return Status::newFatal( 'invalidemailaddress' );
 168                 }
 169
 170                 if ( $newaddr === $user->getEmail() ) {
 171                         return Status::newFatal( 'changeemail-nochange' );
 172                 }
 173
 174                 $throttleInfo = LoginForm::incrementLoginThrottle( $user->getName() );
 175                 if ( $throttleInfo ) {
 176                         $lang = $this->getLanguage();
 177                         return Status::newFatal(
 178                                 'changeemail-throttled',
 179                                 $lang->formatDuration( $throttleInfo['wait'] )
 180                         );
 181                 }
 182
 183                 if ( $this->getConfig()->get( 'RequirePasswordforEmailChange' )
 184                         && !$user->checkTemporaryPassword( $pass )
 185                         && !$user->checkPassword( $pass )
 186                 ) {
 187                         return Status::newFatal( 'wrongpassword' );
 188                 }
 189
 190                 LoginForm::clearLoginThrottle( $user->getName() );
 191
 192                 $oldaddr = $user->getEmail();
 193                 $status = $user->setEmailWithConfirmation( $newaddr );
 194                 if ( !$status->isGood() ) {
 195                         return $status;
 196                 }
 197
 198                 Hooks::run( 'PrefsEmailAudit', [ $user, $oldaddr, $newaddr ] );
 199
 200                 $user->saveSettings();
 201                 MediaWiki\Auth\AuthManager::callLegacyAuthPlugin( 'updateExternalDB', [ $user ] );
 202
 203                 return $status;
 204         }
 205
 206         public function requiresUnblock() {
 207                 return false;
 208         }
 209
 210         protected function getGroupName() {
 211                 return 'users';
 212         }
 213 }