MediaWiki  master
SpecialChangeEmail.php
Go to the documentation of this file.
1 <?php
26 
36  private $status;
37 
41  public function __construct( AuthManager $authManager ) {
42  parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );
43 
44  $this->setAuthManager( $authManager );
45  }
46 
47  public function doesWrites() {
48  return true;
49  }
50 
54  public function isListed() {
55  return $this->getAuthManager()->allowsPropertyChange( 'emailaddress' );
56  }
57 
62  public function execute( $par ) {
63  $out = $this->getOutput();
64  $out->disallowUserJs();
65 
66  parent::execute( $par );
67  }
68 
69  protected function getLoginSecurityLevel() {
70  return $this->getName();
71  }
72 
73  protected function checkExecutePermissions( User $user ) {
74  if ( !$this->getAuthManager()->allowsPropertyChange( 'emailaddress' ) ) {
75  throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
76  }
77 
78  $this->requireLogin( 'changeemail-no-info' );
79 
80  // This could also let someone check the current email address, so
81  // require both permissions.
82  if ( !$this->getAuthority()->isAllowed( 'viewmyprivateinfo' ) ) {
83  throw new PermissionsError( 'viewmyprivateinfo' );
84  }
85 
86  parent::checkExecutePermissions( $user );
87  }
88 
89  protected function getFormFields() {
90  $user = $this->getUser();
91 
92  $fields = [
93  'Name' => [
94  'type' => 'info',
95  'label-message' => 'username',
96  'default' => $user->getName(),
97  ],
98  'OldEmail' => [
99  'type' => 'info',
100  'label-message' => 'changeemail-oldemail',
101  'default' => $user->getEmail() ?: $this->msg( 'changeemail-none' )->text(),
102  ],
103  'NewEmail' => [
104  'type' => 'email',
105  'label-message' => 'changeemail-newemail',
106  'autofocus' => true,
107  'help-message' => 'changeemail-newemail-help',
108  ],
109  ];
110 
111  return $fields;
112  }
113 
114  protected function getDisplayFormat() {
115  return 'ooui';
116  }
117 
118  protected function alterForm( HTMLForm $form ) {
119  $form->setId( 'mw-changeemail-form' );
120  $form->setTableId( 'mw-changeemail-table' );
121  $form->setSubmitTextMsg( 'changeemail-submit' );
122  $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
123 
124  $form->addHeaderText( $this->msg( 'changeemail-header' )->parseAsBlock() );
125  }
126 
127  public function onSubmit( array $data ) {
128  $status = $this->attemptChange( $this->getUser(), $data['NewEmail'] );
129 
130  $this->status = $status;
131 
132  return $status;
133  }
134 
135  public function onSuccess() {
136  $request = $this->getRequest();
137 
138  $returnto = $request->getVal( 'returnto' );
139  $titleObj = $returnto !== null ? Title::newFromText( $returnto ) : null;
140  if ( !$titleObj instanceof Title ) {
141  $titleObj = Title::newMainPage();
142  }
143  $query = $request->getVal( 'returntoquery' );
144 
145  if ( $this->status->value === true ) {
146  $this->getOutput()->redirect( $titleObj->getFullUrlForRedirect( $query ) );
147  } elseif ( $this->status->value === 'eauth' ) {
148  # Notify user that a confirmation email has been sent...
149  $this->getOutput()->wrapWikiMsg( "<div class='warningbox'>\n$1\n</div>",
150  'eauthentsent', $this->getUser()->getName() );
151  // just show the link to go back
152  $this->getOutput()->addReturnTo( $titleObj, wfCgiToArray( $query ) );
153  }
154  }
155 
161  private function attemptChange( User $user, $newaddr ) {
162  if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
163  return Status::newFatal( 'invalidemailaddress' );
164  }
165 
166  $oldaddr = $user->getEmail();
167  if ( $newaddr === $oldaddr ) {
168  return Status::newFatal( 'changeemail-nochange' );
169  }
170 
171  // To prevent spam, rate limit adding a new address, but do
172  // not rate limit removing an address.
173  if ( $newaddr !== '' && $user->pingLimiter( 'changeemail' ) ) {
174  return Status::newFatal( 'actionthrottledtext' );
175  }
176 
177  $userLatest = $user->getInstanceForUpdate();
178  $status = $userLatest->setEmailWithConfirmation( $newaddr );
179  if ( !$status->isGood() ) {
180  return $status;
181  }
182 
183  LoggerFactory::getInstance( 'authentication' )->info(
184  'Changing email address for {user} from {oldemail} to {newemail}', [
185  'user' => $userLatest->getName(),
186  'oldemail' => $oldaddr,
187  'newemail' => $newaddr,
188  ]
189  );
190 
191  $this->getHookRunner()->onPrefsEmailAudit( $userLatest, $oldaddr, $newaddr );
192 
193  $userLatest->saveSettings();
194 
195  return $status;
196  }
197 
198  public function requiresUnblock() {
199  return false;
200  }
201 
202  protected function getGroupName() {
203  return 'users';
204  }
205 }
SpecialChangeEmail\requiresUnblock
requiresUnblock()
Whether this action cannot be executed by a blocked user.
Definition: SpecialChangeEmail.php:198
SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition: SpecialPage.php:911
Title\newFromText
static newFromText( $text, $defaultNamespace=NS_MAIN)
Create a new Title from text, such as what one would find in a link.
Definition: Title.php:415
StatusValue\newFatal
static newFatal( $message,... $parameters)
Factory function for fatal errors.
Definition: StatusValue.php:70
SpecialChangeEmail\doesWrites
doesWrites()
Indicates whether this special page may perform database writes.
Definition: SpecialChangeEmail.php:47
SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition: SpecialPage.php:789
SpecialChangeEmail\attemptChange
attemptChange(User $user, $newaddr)
Definition: SpecialChangeEmail.php:161
HTMLForm\addHeaderText
addHeaderText( $msg, $section=null)
Add HTML to the header, inside the form.
Definition: HTMLForm.php:831
SpecialChangeEmail\__construct
__construct(AuthManager $authManager)
Definition: SpecialChangeEmail.php:41
SpecialChangeEmail\onSuccess
onSuccess()
Do something exciting on successful processing of the form, most likely to show a confirmation messag...
Definition: SpecialChangeEmail.php:135
SpecialChangeEmail\getLoginSecurityLevel
getLoginSecurityLevel()
Tells if the special page does something security-sensitive and needs extra defense against a stolen ...
Definition: SpecialChangeEmail.php:69
SpecialChangeEmail\checkExecutePermissions
checkExecutePermissions(User $user)
Called from execute() to check if the given user can perform this action.
Definition: SpecialChangeEmail.php:73
SpecialChangeEmail\alterForm
alterForm(HTMLForm $form)
Play with the HTMLForm if you need to more substantially.
Definition: SpecialChangeEmail.php:118
Sanitizer\validateEmail
static validateEmail( $addr)
Does a string look like an e-mail address?
Definition: Sanitizer.php:1713
FormSpecialPage
Special page which uses an HTMLForm to handle processing.
Definition: FormSpecialPage.php:31
SpecialPage\getAuthority
getAuthority()
Shortcut to get the Authority executing this instance.
Definition: SpecialPage.php:809
PermissionsError
Show an error when a user tries to do something they do not have the necessary permissions for.
Definition: PermissionsError.php:32
Title\newMainPage
static newMainPage(MessageLocalizer $localizer=null)
Create a new Title for the Main Page.
Definition: Title.php:742
User\pingLimiter
pingLimiter( $action='edit', $incrBy=1)
Primitive rate limits: enforce maximum actions per time period to put a brake on flooding.
Definition: User.php:1684
SpecialPage\getName
getName()
Get the name of this Special Page.
Definition: SpecialPage.php:179
SpecialPage\$authManager
AuthManager null $authManager
Definition: SpecialPage.php:88
User\getInstanceForUpdate
getInstanceForUpdate()
Get a new instance of this user that was loaded from the master via a locking read.
Definition: User.php:4232
Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition: Status.php:44
SpecialChangeEmail\getFormFields
getFormFields()
Get an HTMLForm descriptor array.
Definition: SpecialChangeEmail.php:89
User\getEmail
getEmail()
Get the user's e-mail address.
Definition: User.php:2428
StatusValue\isGood
isGood()
Returns whether the operation completed and didn't have any error or warnings.
Definition: StatusValue.php:122
SpecialPage\getHookRunner
getHookRunner()
Definition: SpecialPage.php:1094
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition: LoggerFactory.php:45
SpecialChangeEmail\$status
Status $status
Definition: SpecialChangeEmail.php:36
SpecialChangeEmail\execute
execute( $par)
Main execution point.
Definition: SpecialChangeEmail.php:62
SpecialChangeEmail\isListed
isListed()
Definition: SpecialChangeEmail.php:54
SpecialPage\setAuthManager
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Definition: SpecialPage.php:509
wfCgiToArray
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
Definition: GlobalFunctions.php:375
SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition: SpecialPage.php:799
FormSpecialPage\$par
string null $par
The sub-page of the special page.
Definition: FormSpecialPage.php:36
SpecialPage\requireLogin
requireLogin( $reasonMsg='exception-nologin-text', $titleMsg='exception-nologin')
If the user is not logged in, throws UserNotLoggedIn error.
Definition: SpecialPage.php:387
SpecialChangeEmail\getDisplayFormat
getDisplayFormat()
Get display format for the form.
Definition: SpecialChangeEmail.php:114
HTMLForm\setId
setId( $id)
Definition: HTMLForm.php:1571
SpecialChangeEmail
Let users change their email address.
Definition: SpecialChangeEmail.php:32
SpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition: SpecialPage.php:779
SpecialChangeEmail\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition: SpecialChangeEmail.php:202
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition: AuthManager.php:96
HTMLForm\setSubmitTextMsg
setSubmitTextMsg( $msg)
Set the text for the submit button to a message.
Definition: HTMLForm.php:1421
Title
Represents a title within MediaWiki.
Definition: Title.php:49
HTMLForm\addHiddenFields
addHiddenFields(array $fields)
Add an array of hidden fields to the output.
Definition: HTMLForm.php:986
SpecialPage\getAuthManager
getAuthManager()
Definition: SpecialPage.php:519
SpecialChangeEmail\onSubmit
onSubmit(array $data)
Process the form on POST submission.
Definition: SpecialChangeEmail.php:127
HTMLForm\setTableId
setTableId( $id)
Set the id of the <table> or outermost <div> element.
Definition: HTMLForm.php:1560
ErrorPageError
An error page which can definitely be safely rendered using the OutputPage.
Definition: ErrorPageError.php:30
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:68
HTMLForm
Object handling generic submission, CSRF protection, layout and other logic for UI forms in a reusabl...
Definition: HTMLForm.php:144