*/
use MediaWiki\Auth\AuthManager;
+use MediaWiki\Logger\LoggerFactory;
/**
* Let users change their email address.
* @param string $par
*/
function execute( $par ) {
- $this->checkLoginSecurityLevel();
-
$out = $this->getOutput();
$out->disallowUserJs();
parent::execute( $par );
}
+ protected function getLoginSecurityLevel() {
+ return $this->getName();
+ }
+
protected function checkExecutePermissions( User $user ) {
if ( !AuthManager::singleton()->allowsPropertyChange( 'emailaddress' ) ) {
throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
throw new PermissionsError( 'viewmyprivateinfo' );
}
+ if ( $user->isBlockedFromEmailuser() ) {
+ throw new UserBlockedError( $user->getBlock() );
+ }
+
parent::checkExecutePermissions( $user );
}
return Status::newFatal( 'changeemail-nochange' );
}
+ // To prevent spam, rate limit adding a new address, but do
+ // not rate limit removing an address.
+ if ( $newaddr !== '' && $user->pingLimiter( 'changeemail' ) ) {
+ return Status::newFatal( 'actionthrottledtext' );
+ }
+
$oldaddr = $user->getEmail();
$status = $user->setEmailWithConfirmation( $newaddr );
if ( !$status->isGood() ) {
return $status;
}
+ LoggerFactory::getInstance( 'authentication' )->info(
+ 'Changing email address for {user} from {oldemail} to {newemail}', [
+ 'user' => $user->getName(),
+ 'oldemail' => $oldaddr,
+ 'newemail' => $newaddr,
+ ]
+ );
+
Hooks::run( 'PrefsEmailAudit', [ $user, $oldaddr, $newaddr ] );
$user->saveSettings();