1 files changed, 206 insertions, 0 deletions
diff --git a/www/wiki/includes/specials/SpecialChangeEmail.php b/www/wiki/includes/specials/SpecialChangeEmail.php
new file mode 100644
index 00000000..05f8022f
--- /dev/null
+++ b/www/wiki/includes/specials/SpecialChangeEmail.php
@@ -0,0 +1,206 @@
+<?php
+/**
+ * Implements Special:ChangeEmail
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ * @ingroup SpecialPage
+ */
+
+use MediaWiki\Auth\AuthManager;
+use MediaWiki\Logger\LoggerFactory;
+
+/**
+ * Let users change their email address.
+ *
+ * @ingroup SpecialPage
+ */
+class SpecialChangeEmail extends FormSpecialPage {
+	/**
+	 * @var Status
+	 */
+	private $status;
+
+	public function __construct() {
+		parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );
+	}
+
+	public function doesWrites() {
+		return true;
+	}
+
+	/**
+	 * @return bool
+	 */
+	public function isListed() {
+		return AuthManager::singleton()->allowsPropertyChange( 'emailaddress' );
+	}
+
+	/**
+	 * Main execution point
+	 * @param string $par
+	 */
+	function execute( $par ) {
+		$out = $this->getOutput();
+		$out->disallowUserJs();
+
+		parent::execute( $par );
+	}
+
+	protected function getLoginSecurityLevel() {
+		return $this->getName();
+	}
+
+	protected function checkExecutePermissions( User $user ) {
+		if ( !AuthManager::singleton()->allowsPropertyChange( 'emailaddress' ) ) {
+			throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
+		}
+
+		$this->requireLogin( 'changeemail-no-info' );
+
+		// This could also let someone check the current email address, so
+		// require both permissions.
+		if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
+			throw new PermissionsError( 'viewmyprivateinfo' );
+		}
+
+		if ( $user->isBlockedFromEmailuser() ) {
+			throw new UserBlockedError( $user->getBlock() );
+		}
+
+		parent::checkExecutePermissions( $user );
+	}
+
+	protected function getFormFields() {
+		$user = $this->getUser();
+
+		$fields = [
+			'Name' => [
+				'type' => 'info',
+				'label-message' => 'username',
+				'default' => $user->getName(),
+			],
+			'OldEmail' => [
+				'type' => 'info',
+				'label-message' => 'changeemail-oldemail',
+				'default' => $user->getEmail() ?: $this->msg( 'changeemail-none' )->text(),
+			],
+			'NewEmail' => [
+				'type' => 'email',
+				'label-message' => 'changeemail-newemail',
+				'autofocus' => true,
+				'help-message' => 'changeemail-newemail-help',
+			],
+		];
+
+		return $fields;
+	}
+
+	protected function getDisplayFormat() {
+		return 'ooui';
+	}
+
+	protected function alterForm( HTMLForm $form ) {
+		$form->setId( 'mw-changeemail-form' );
+		$form->setTableId( 'mw-changeemail-table' );
+		$form->setSubmitTextMsg( 'changeemail-submit' );
+		$form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
+
+		$form->addHeaderText( $this->msg( 'changeemail-header' )->parseAsBlock() );
+	}
+
+	public function onSubmit( array $data ) {
+		$status = $this->attemptChange( $this->getUser(), $data['NewEmail'] );
+
+		$this->status = $status;
+
+		return $status;
+	}
+
+	public function onSuccess() {
+		$request = $this->getRequest();
+
+		$returnto = $request->getVal( 'returnto' );
+		$titleObj = $returnto !== null ? Title::newFromText( $returnto ) : null;
+		if ( !$titleObj instanceof Title ) {
+			$titleObj = Title::newMainPage();
+		}
+		$query = $request->getVal( 'returntoquery' );
+
+		if ( $this->status->value === true ) {
+			$this->getOutput()->redirect( $titleObj->getFullUrlForRedirect( $query ) );
+		} elseif ( $this->status->value === 'eauth' ) {
+			# Notify user that a confirmation email has been sent...
+			$this->getOutput()->wrapWikiMsg( "<div class='error' style='clear: both;'>\n$1\n</div>",
+				'eauthentsent', $this->getUser()->getName() );
+			// just show the link to go back
+			$this->getOutput()->addReturnTo( $titleObj, wfCgiToArray( $query ) );
+		}
+	}
+
+	/**
+	 * @param User $user
+	 * @param string $newaddr
+	 * @return Status
+	 */
+	private function attemptChange( User $user, $newaddr ) {
+		$authManager = AuthManager::singleton();
+
+		if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
+			return Status::newFatal( 'invalidemailaddress' );
+		}
+
+		if ( $newaddr === $user->getEmail() ) {
+			return Status::newFatal( 'changeemail-nochange' );
+		}
+
+		// To prevent spam, rate limit adding a new address, but do
+		// not rate limit removing an address.
+		if ( $newaddr !== '' && $user->pingLimiter( 'changeemail' ) ) {
+			return Status::newFatal( 'actionthrottledtext' );
+		}
+
+		$oldaddr = $user->getEmail();
+		$status = $user->setEmailWithConfirmation( $newaddr );
+		if ( !$status->isGood() ) {
+			return $status;
+		}
+
+		LoggerFactory::getInstance( 'authentication' )->info(
+			'Changing email address for {user} from {oldemail} to {newemail}', [
+				'user' => $user->getName(),
+				'oldemail' => $oldaddr,
+				'newemail' => $newaddr,
+			]
+		);
+
+		Hooks::run( 'PrefsEmailAudit', [ $user, $oldaddr, $newaddr ] );
+
+		$user->saveSettings();
+		MediaWiki\Auth\AuthManager::callLegacyAuthPlugin( 'updateExternalDB', [ $user ] );
+
+		return $status;
+	}
+
+	public function requiresUnblock() {
+		return false;
+	}
+
+	protected function getGroupName() {
+		return 'users';
+	}
+}