use MediaWiki\Auth\AuthManager;
use MediaWiki\Logger\LoggerFactory;
+use MediaWiki\MediaWikiServices;
/**
* Let users change their email address.
* @param string $par
*/
function execute( $par ) {
- $this->checkLoginSecurityLevel();
-
$out = $this->getOutput();
$out->disallowUserJs();
parent::execute( $par );
}
+ protected function getLoginSecurityLevel() {
+ return $this->getName();
+ }
+
protected function checkExecutePermissions( User $user ) {
if ( !AuthManager::singleton()->allowsPropertyChange( 'emailaddress' ) ) {
throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
// This could also let someone check the current email address, so
// require both permissions.
- if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
+ if ( !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasRight( $this->getUser(), 'viewmyprivateinfo' )
+ ) {
throw new PermissionsError( 'viewmyprivateinfo' );
}
return Status::newFatal( 'changeemail-nochange' );
}
+ // To prevent spam, rate limit adding a new address, but do
+ // not rate limit removing an address.
+ if ( $newaddr !== '' && $user->pingLimiter( 'changeemail' ) ) {
+ return Status::newFatal( 'actionthrottledtext' );
+ }
+
$oldaddr = $user->getEmail();
$status = $user->setEmailWithConfirmation( $newaddr );
if ( !$status->isGood() ) {