MediaWiki master
SpecialConfirmEmail.php
Go to the documentation of this file.
1<?php
21namespace MediaWiki\Specials;
22
33use Profiler;
36use Wikimedia\ScopedCallback;
37
52
53 private UserFactory $userFactory;
54
58 public function __construct( UserFactory $userFactory ) {
59 parent::__construct( 'Confirmemail', 'editmyprivateinfo' );
60
61 $this->userFactory = $userFactory;
62 }
63
64 public function doesWrites() {
65 return true;
66 }
67
76 public function execute( $code ) {
77 // Ignore things like primary queries/connections on GET requests.
78 // It's very convenient to just allow formless link usage.
79 $trxProfiler = Profiler::instance()->getTransactionProfiler();
80
81 $this->setHeaders();
82 $this->checkReadOnly();
83 $this->checkPermissions();
84
85 // This could also let someone check the current email address, so
86 // require both permissions.
87 if ( !$this->getAuthority()->isAllowed( 'viewmyprivateinfo' ) ) {
88 throw new PermissionsError( 'viewmyprivateinfo' );
89 }
90
91 if ( $code === null || $code === '' ) {
92 $this->requireNamedUser( 'confirmemail_needlogin' );
93 if ( Sanitizer::validateEmail( $this->getUser()->getEmail() ) ) {
94 $this->showRequestForm();
95 } else {
96 $this->getOutput()->addWikiMsg( 'confirmemail_noemail' );
97 }
98 } else {
99 $scope = $trxProfiler->silenceForScope( $trxProfiler::EXPECTATION_REPLICAS_ONLY );
100 $this->attemptConfirm( $code );
101 ScopedCallback::consume( $scope );
102 }
103 }
104
108 private function showRequestForm() {
109 $user = $this->getUser();
110 $out = $this->getOutput();
111
112 if ( !$user->isEmailConfirmed() ) {
113 $descriptor = [];
114 if ( $user->isEmailConfirmationPending() ) {
115 $descriptor += [
116 'pending' => [
117 'type' => 'info',
118 'raw' => true,
119 'default' => "<div class=\"error mw-confirmemail-pending\">\n" .
120 $this->msg( 'confirmemail_pending' )->escaped() .
121 "\n</div>",
122 ],
123 ];
124 }
125
126 $out->addWikiMsg( 'confirmemail_text' );
127 $form = HTMLForm::factory( 'ooui', $descriptor, $this->getContext() );
128 $form
129 ->setAction( $this->getPageTitle()->getLocalURL() )
130 ->setSubmitTextMsg( 'confirmemail_send' )
131 ->setSubmitCallback( [ $this, 'submitSend' ] );
132
133 $retval = $form->show();
134
135 if ( $retval === true ) {
136 // should never happen, but if so, don't let the user without any message
137 $out->addWikiMsg( 'confirmemail_sent' );
138 } elseif ( $retval instanceof Status && $retval->isGood() ) {
139 $out->addWikiTextAsInterface( $retval->getValue() );
140 }
141 } else {
142 // date and time are separate parameters to facilitate localisation.
143 // $time is kept for backward compat reasons.
144 // 'emailauthenticated' is also used in SpecialPreferences.php
145 $lang = $this->getLanguage();
146 $emailAuthenticated = $user->getEmailAuthenticationTimestamp();
147 $time = $lang->userTimeAndDate( $emailAuthenticated, $user );
148 $d = $lang->userDate( $emailAuthenticated, $user );
149 $t = $lang->userTime( $emailAuthenticated, $user );
150 $out->addWikiMsg( 'emailauthenticated', $time, $d, $t );
151 }
152 }
153
159 public function submitSend() {
160 $status = $this->getUser()->sendConfirmationMail();
161 if ( $status->isGood() ) {
162 return Status::newGood( $this->msg( 'confirmemail_sent' )->text() );
163 } else {
164 return Status::newFatal( new RawMessage(
165 $status->getWikiText( 'confirmemail_sendfailed', false, $this->getLanguage() )
166 ) );
167 }
168 }
169
176 private function attemptConfirm( $code ) {
177 $user = $this->userFactory->newFromConfirmationCode(
178 $code,
179 IDBAccessObject::READ_LATEST
180 );
181
182 if ( !is_object( $user ) ) {
183 if ( User::isWellFormedConfirmationToken( $code ) ) {
184 $this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
185 } else {
186 $this->getOutput()->addWikiMsg( 'confirmemail_invalid_format' );
187 }
188
189 return;
190 }
191
192 // Enforce permissions, user blocks, and rate limits
193 $this->authorizeAction( 'confirmemail' )->throwErrorPageError();
194
195 $userLatest = $user->getInstanceForUpdate();
196 $userLatest->confirmEmail();
197 $userLatest->saveSettings();
198 $message = $this->getUser()->isNamed() ? 'confirmemail_loggedin' : 'confirmemail_success';
199 $this->getOutput()->addWikiMsg( $message );
200
201 if ( !$this->getUser()->isNamed() ) {
202 $title = SpecialPage::getTitleFor( 'Userlogin' );
203 $this->getOutput()->returnToMain( true, $title );
204 }
205 }
206}
207
209class_alias( SpecialConfirmEmail::class, 'SpecialConfirmEmail' );
Object handling generic submission, CSRF protection, layout and other logic for UI forms in a reusabl...
Definition HTMLForm.php:206
Variant of the Message class.
HTML sanitizer for MediaWiki.
Definition Sanitizer.php:46
Parent class for all special pages.
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
getUser()
Shortcut to get the User executing this instance.
authorizeAction(?string $action=null)
Utility function for authorizing an action to be performed by the special page.
getPageTitle( $subpage=false)
Get a self-referential title object.
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
checkReadOnly()
If the wiki is currently in readonly mode, throws a ReadOnlyError.
getContext()
Gets the context this SpecialPage is executed in.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
requireNamedUser( $reasonMsg='exception-nologin-text', $titleMsg='exception-nologin')
If the user is not logged in or is a temporary user, throws UserNotLoggedIn.
getOutput()
Get the OutputPage being used for this instance.
getAuthority()
Shortcut to get the Authority executing this instance.
getLanguage()
Shortcut to get user's language.
Shortcut to construct a special page which is unlisted by default.
Email confirmation for registered users.
doesWrites()
Indicates whether this special page may perform database writes.
submitSend()
Callback for HTMLForm send confirmation mail.
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:54
Creates User objects.
internal since 1.36
Definition User.php:94
Show an error when a user tries to do something they do not have the necessary permissions for.
Profiler base class that defines the interface and some shared functionality.
Definition Profiler.php:37
static instance()
Definition Profiler.php:105
Show an error when the wiki is locked/read-only and the user tries to do something that requires writ...
Redirect a user to the login page.
Interface for database access objects.