summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrion Vibber <brion@pobox.com>2010-05-19 15:12:39 -0700
committerBrion Vibber <brion@pobox.com>2010-05-19 15:45:46 -0700
commit223795a2e430544e9702b1a6a5680fa4b8dfbb76 (patch)
treece7f0b0a27996c82e0b2282dc79f3aa3b84d9c57
parent74a89b1fc37067d91d31bd66922053361eb4e616 (diff)
Add config option for RequireValidatedEmail plugin to skip the check for folks with a trusted OpenID association.
Also added an event that other plugins or local config can use to override the checks.
-rw-r--r--plugins/RequireValidatedEmail/README14
-rw-r--r--plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php50
2 files changed, 59 insertions, 5 deletions
diff --git a/plugins/RequireValidatedEmail/README b/plugins/RequireValidatedEmail/README
index 46ee24d5f..84b1485b2 100644
--- a/plugins/RequireValidatedEmail/README
+++ b/plugins/RequireValidatedEmail/README
@@ -12,6 +12,20 @@ registered prior to that timestamp.
addPlugin('RequireValidatedEmail',
array('grandfatherCutoff' => 'Dec 7, 2009');
+You can also exclude the validation checks from OpenID accounts
+connected to a trusted provider, by providing a list of regular
+expressions to match their provider URLs.
+
+For example, to trust WikiHow and Wikipedia users:
+
+ addPlugin('RequireValidatedEmailPlugin', array(
+ 'trustedOpenIDs' => array(
+ '!^http://\w+\.wikihow\.com/!',
+ '!^http://\w+\.wikipedia\.org/!',
+ ),
+ ));
+
+
Todo:
* add a more visible indicator that validation is still outstanding
diff --git a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php
index ccefa14f6..009a2f78e 100644
--- a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php
+++ b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php
@@ -37,6 +37,20 @@ class RequireValidatedEmailPlugin extends Plugin
// without the validation requirement.
public $grandfatherCutoff=null;
+ // If OpenID plugin is installed, users with a verified OpenID
+ // association whose provider URL matches one of these regexes
+ // will be considered to be sufficiently valid for our needs.
+ //
+ // For example, to trust WikiHow and Wikipedia OpenID users:
+ //
+ // addPlugin('RequireValidatedEmailPlugin', array(
+ // 'trustedOpenIDs' => array(
+ // '!^http://\w+\.wikihow\.com/!',
+ // '!^http://\w+\.wikipedia\.org/!',
+ // ),
+ // ));
+ public $trustedOpenIDs=array();
+
function __construct()
{
parent::__construct();
@@ -90,13 +104,17 @@ class RequireValidatedEmailPlugin extends Plugin
*/
protected function validated($user)
{
- if ($this->grandfathered($user)) {
- return true;
- }
-
// The email field is only stored after validation...
// Until then you'll find them in confirm_address.
- return !empty($user->email);
+ $knownGood = !empty($user->email) ||
+ $this->grandfathered($user) ||
+ $this->hasTrustedOpenID($user);
+
+ // Give other plugins a chance to override, if they can validate
+ // that somebody's ok despite a non-validated email.
+ Event::handle('RequireValidatedEmailPlugin_Override', array($user, &$knownGood));
+
+ return $knownGood;
}
/**
@@ -118,6 +136,28 @@ class RequireValidatedEmailPlugin extends Plugin
return false;
}
+ /**
+ * Override for RequireValidatedEmail plugin. If we have a user who's
+ * not validated an e-mail, but did come from a trusted provider,
+ * we'll consider them ok.
+ */
+ function hasTrustedOpenID($user)
+ {
+ if ($this->trustedOpenIDs && class_exists('User_openid')) {
+ foreach ($this->trustedOpenIDs as $regex) {
+ $oid = new User_openid();
+ $oid->user_id = $user->id;
+ $oid->find();
+ while ($oid->fetch()) {
+ if (preg_match($regex, $oid->canonical)) {
+ return true;
+ }
+ }
+ }
+ }
+ return false;
+ }
+
function onPluginVersion(&$versions)
{
$versions[] = array('name' => 'Require Validated Email',