getAuthManager() ->allowsPropertyChange( 'emailaddress' ); } /** * Main execution point * @param string $par */ public function execute( $par ) { $out = $this->getOutput(); $out->disallowUserJs(); parent::execute( $par ); } protected function getLoginSecurityLevel() { return $this->getName(); } protected function checkExecutePermissions( User $user ) { $services = MediaWikiServices::getInstance(); if ( !$services->getAuthManager()->allowsPropertyChange( 'emailaddress' ) ) { throw new ErrorPageError( 'changeemail', 'cannotchangeemail' ); } $this->requireLogin( 'changeemail-no-info' ); // This could also let someone check the current email address, so // require both permissions. if ( !$services->getPermissionManager() ->userHasRight( $this->getUser(), 'viewmyprivateinfo' ) ) { throw new PermissionsError( 'viewmyprivateinfo' ); } parent::checkExecutePermissions( $user ); } protected function getFormFields() { $user = $this->getUser(); $fields = [ 'Name' => [ 'type' => 'info', 'label-message' => 'username', 'default' => $user->getName(), ], 'OldEmail' => [ 'type' => 'info', 'label-message' => 'changeemail-oldemail', 'default' => $user->getEmail() ?: $this->msg( 'changeemail-none' )->text(), ], 'NewEmail' => [ 'type' => 'email', 'label-message' => 'changeemail-newemail', 'autofocus' => true, 'help-message' => 'changeemail-newemail-help', ], ]; return $fields; } protected function getDisplayFormat() { return 'ooui'; } protected function alterForm( HTMLForm $form ) { $form->setId( 'mw-changeemail-form' ); $form->setTableId( 'mw-changeemail-table' ); $form->setSubmitTextMsg( 'changeemail-submit' ); $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) ); $form->addHeaderText( $this->msg( 'changeemail-header' )->parseAsBlock() ); } public function onSubmit( array $data ) { $status = $this->attemptChange( $this->getUser(), $data['NewEmail'] ); $this->status = $status; return $status; } public function onSuccess() { $request = $this->getRequest(); $returnto = $request->getVal( 'returnto' ); $titleObj = $returnto !== null ? Title::newFromText( $returnto ) : null; if ( !$titleObj instanceof Title ) { $titleObj = Title::newMainPage(); } $query = $request->getVal( 'returntoquery' ); if ( $this->status->value === true ) { $this->getOutput()->redirect( $titleObj->getFullUrlForRedirect( $query ) ); } elseif ( $this->status->value === 'eauth' ) { # Notify user that a confirmation email has been sent... $this->getOutput()->wrapWikiMsg( "

\n$1\n

", 'eauthentsent', $this->getUser()->getName() ); // just show the link to go back $this->getOutput()->addReturnTo( $titleObj, wfCgiToArray( $query ) ); } } /** * @param User $user * @param string $newaddr * @return Status */ private function attemptChange( User $user, $newaddr ) { if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) { return Status::newFatal( 'invalidemailaddress' ); } $oldaddr = $user->getEmail(); if ( $newaddr === $oldaddr ) { return Status::newFatal( 'changeemail-nochange' ); } // To prevent spam, rate limit adding a new address, but do // not rate limit removing an address. if ( $newaddr !== '' && $user->pingLimiter( 'changeemail' ) ) { return Status::newFatal( 'actionthrottledtext' ); } $userLatest = $user->getInstanceForUpdate(); $status = $userLatest->setEmailWithConfirmation( $newaddr ); if ( !$status->isGood() ) { return $status; } LoggerFactory::getInstance( 'authentication' )->info( 'Changing email address for {user} from {oldemail} to {newemail}', [ 'user' => $userLatest->getName(), 'oldemail' => $oldaddr, 'newemail' => $newaddr, ] ); $this->getHookRunner()->onPrefsEmailAudit( $userLatest, $oldaddr, $newaddr ); $userLatest->saveSettings(); return $status; } public function requiresUnblock() { return false; } protected function getGroupName() { return 'users'; } }