c045fa0291
get_debug_type() does the same thing but better (spelling type names in the same way as in type declarations, and including names of object classes and resource types). It was added in PHP 8, but the symfony/polyfill-php80 package provides it while we still support 7.4. Also remove uses of get_class() and get_resource_type() where the new method already provides the same information. For reference: https://www.php.net/manual/en/function.get-debug-type.php https://www.php.net/manual/en/function.gettype.php To keep this safe and simple to review, I'm only changing cases where the type is immediately used in an exception message. Change-Id: I325efcddcb58be63b1592b9c20ac0845393c15e2
431 lines
13 KiB
PHP
431 lines
13 KiB
PHP
<?php
|
|
/**
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
*
|
|
* @file
|
|
*/
|
|
|
|
namespace MediaWiki\Mail;
|
|
|
|
use MailAddress;
|
|
use MediaWiki\Config\ServiceOptions;
|
|
use MediaWiki\HookContainer\HookContainer;
|
|
use MediaWiki\HookContainer\HookRunner;
|
|
use MediaWiki\MainConfigNames;
|
|
use MediaWiki\Permissions\Authority;
|
|
use MediaWiki\Permissions\PermissionStatus;
|
|
use MediaWiki\Preferences\MultiUsernameFilter;
|
|
use MediaWiki\SpecialPage\SpecialPage;
|
|
use MediaWiki\User\CentralId\CentralIdLookup;
|
|
use MediaWiki\User\Options\UserOptionsLookup;
|
|
use MediaWiki\User\UserFactory;
|
|
use StatusValue;
|
|
use UnexpectedValueException;
|
|
use Wikimedia\Message\IMessageFormatterFactory;
|
|
use Wikimedia\Message\ITextFormatter;
|
|
use Wikimedia\Message\MessageSpecifier;
|
|
use Wikimedia\Message\MessageValue;
|
|
|
|
/**
|
|
* Send email between two wiki users.
|
|
*
|
|
* Obtain via EmailUserFactory
|
|
*
|
|
* This class is stateless and can be used for multiple sends.
|
|
*
|
|
* @since 1.40
|
|
* @ingroup Mail
|
|
*/
|
|
class EmailUser {
|
|
/**
|
|
* @internal For use by ServiceWiring
|
|
*/
|
|
public const CONSTRUCTOR_OPTIONS = [
|
|
MainConfigNames::EnableEmail,
|
|
MainConfigNames::EnableUserEmail,
|
|
MainConfigNames::EnableSpecialMute,
|
|
MainConfigNames::PasswordSender,
|
|
MainConfigNames::UserEmailUseReplyTo,
|
|
];
|
|
|
|
private ServiceOptions $options;
|
|
private HookRunner $hookRunner;
|
|
private UserOptionsLookup $userOptionsLookup;
|
|
private CentralIdLookup $centralIdLookup;
|
|
private UserFactory $userFactory;
|
|
private IEmailer $emailer;
|
|
private IMessageFormatterFactory $messageFormatterFactory;
|
|
private ITextFormatter $contLangMsgFormatter;
|
|
private Authority $sender;
|
|
|
|
/** @var string Temporary property to support the deprecated EmailUserPermissionsErrors hook */
|
|
private string $editToken = '';
|
|
|
|
/**
|
|
* @internal For use by EmailUserFactory.
|
|
*
|
|
* @param ServiceOptions $options
|
|
* @param HookContainer $hookContainer
|
|
* @param UserOptionsLookup $userOptionsLookup
|
|
* @param CentralIdLookup $centralIdLookup
|
|
* @param UserFactory $userFactory
|
|
* @param IEmailer $emailer
|
|
* @param IMessageFormatterFactory $messageFormatterFactory
|
|
* @param ITextFormatter $contLangMsgFormatter
|
|
* @param Authority $sender
|
|
*/
|
|
public function __construct(
|
|
ServiceOptions $options,
|
|
HookContainer $hookContainer,
|
|
UserOptionsLookup $userOptionsLookup,
|
|
CentralIdLookup $centralIdLookup,
|
|
UserFactory $userFactory,
|
|
IEmailer $emailer,
|
|
IMessageFormatterFactory $messageFormatterFactory,
|
|
ITextFormatter $contLangMsgFormatter,
|
|
Authority $sender
|
|
) {
|
|
$options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS );
|
|
$this->options = $options;
|
|
$this->hookRunner = new HookRunner( $hookContainer );
|
|
$this->userOptionsLookup = $userOptionsLookup;
|
|
$this->centralIdLookup = $centralIdLookup;
|
|
$this->userFactory = $userFactory;
|
|
$this->emailer = $emailer;
|
|
$this->messageFormatterFactory = $messageFormatterFactory;
|
|
$this->contLangMsgFormatter = $contLangMsgFormatter;
|
|
|
|
$this->sender = $sender;
|
|
}
|
|
|
|
/**
|
|
* @internal
|
|
* @todo This method might perhaps be moved to a UserEmailContactLookup or something.
|
|
*
|
|
* @param UserEmailContact $target Target user
|
|
* @return StatusValue
|
|
*/
|
|
public function validateTarget( UserEmailContact $target ): StatusValue {
|
|
$targetIdentity = $target->getUser();
|
|
|
|
if ( !$targetIdentity->getId() ) {
|
|
return StatusValue::newFatal( 'emailnotarget' );
|
|
}
|
|
|
|
if ( !$target->isEmailConfirmed() ) {
|
|
return StatusValue::newFatal( 'noemailtext' );
|
|
}
|
|
|
|
$targetUser = $this->userFactory->newFromUserIdentity( $targetIdentity );
|
|
if ( !$targetUser->canReceiveEmail() ) {
|
|
return StatusValue::newFatal( 'nowikiemailtext' );
|
|
}
|
|
|
|
$senderUser = $this->userFactory->newFromAuthority( $this->sender );
|
|
if (
|
|
!$this->userOptionsLookup->getOption( $targetIdentity, 'email-allow-new-users' ) &&
|
|
$senderUser->isNewbie()
|
|
) {
|
|
return StatusValue::newFatal( 'nowikiemailtext' );
|
|
}
|
|
|
|
$muteList = $this->userOptionsLookup->getOption(
|
|
$targetIdentity,
|
|
'email-blacklist',
|
|
''
|
|
);
|
|
if ( $muteList ) {
|
|
$muteList = MultiUsernameFilter::splitIds( $muteList );
|
|
$senderId = $this->centralIdLookup->centralIdFromLocalUser( $this->sender->getUser() );
|
|
if ( $senderId !== 0 && in_array( $senderId, $muteList ) ) {
|
|
return StatusValue::newFatal( 'nowikiemailtext' );
|
|
}
|
|
}
|
|
|
|
return StatusValue::newGood();
|
|
}
|
|
|
|
/**
|
|
* Checks whether email sending is allowed.
|
|
*
|
|
* @return StatusValue For BC, the StatusValue's value can be set to a string representing
|
|
* a message key to use with ErrorPageError. Only SpecialEmailUser should rely on this.
|
|
*/
|
|
public function canSend(): StatusValue {
|
|
if (
|
|
!$this->options->get( MainConfigNames::EnableEmail ) ||
|
|
!$this->options->get( MainConfigNames::EnableUserEmail )
|
|
) {
|
|
return StatusValue::newFatal( 'usermaildisabled' );
|
|
}
|
|
|
|
$user = $this->userFactory->newFromAuthority( $this->sender );
|
|
|
|
// Run this before checking 'sendemail' permission
|
|
// to show appropriate message to anons (T160309)
|
|
if ( !$user->isEmailConfirmed() ) {
|
|
return StatusValue::newFatal( 'mailnologin' );
|
|
}
|
|
|
|
$status = PermissionStatus::newGood();
|
|
if ( !$this->sender->isDefinitelyAllowed( 'sendemail', $status ) ) {
|
|
return $status;
|
|
}
|
|
|
|
$hookErr = false;
|
|
|
|
// TODO Remove deprecated hooks
|
|
$this->hookRunner->onUserCanSendEmail( $user, $hookErr );
|
|
$this->hookRunner->onEmailUserPermissionsErrors( $user, $this->editToken, $hookErr );
|
|
if ( is_array( $hookErr ) ) {
|
|
// SpamBlacklist uses null for the third element, and there might be more handlers not using an array.
|
|
$msgParamsArray = is_array( $hookErr[2] ) ? $hookErr[2] : [];
|
|
$ret = StatusValue::newFatal( $hookErr[1], ...$msgParamsArray );
|
|
$ret->value = $hookErr[0];
|
|
return $ret;
|
|
}
|
|
|
|
return StatusValue::newGood();
|
|
}
|
|
|
|
/**
|
|
* Authorize the email sending, checking permissions etc.
|
|
*
|
|
* @return StatusValue For BC, the StatusValue's value can be set to a string representing
|
|
* a message key to use with ErrorPageError. Only SpecialEmailUser should rely on this.
|
|
*/
|
|
public function authorizeSend(): StatusValue {
|
|
$status = $this->canSend();
|
|
if ( !$status->isOK() ) {
|
|
return $status;
|
|
}
|
|
|
|
$status = PermissionStatus::newGood();
|
|
if ( !$this->sender->authorizeAction( 'sendemail', $status ) ) {
|
|
return $status;
|
|
}
|
|
|
|
$hookRes = $this->hookRunner->onEmailUserAuthorizeSend( $this->sender, $status );
|
|
if ( !$hookRes && !$status->isGood() ) {
|
|
return $status;
|
|
}
|
|
|
|
return StatusValue::newGood();
|
|
}
|
|
|
|
/**
|
|
* Really send a mail, without permission checks.
|
|
*
|
|
* @param UserEmailContact $target
|
|
* @param string $subject
|
|
* @param string $text
|
|
* @param bool $CCMe
|
|
* @param string $langCode Code of the language to be used for interface messages
|
|
* @return StatusValue
|
|
*/
|
|
public function sendEmailUnsafe(
|
|
UserEmailContact $target,
|
|
string $subject,
|
|
string $text,
|
|
bool $CCMe,
|
|
string $langCode
|
|
): StatusValue {
|
|
$senderIdentity = $this->sender->getUser();
|
|
$targetStatus = $this->validateTarget( $target );
|
|
if ( !$targetStatus->isGood() ) {
|
|
return $targetStatus;
|
|
}
|
|
|
|
$senderUser = $this->userFactory->newFromAuthority( $this->sender );
|
|
|
|
$toAddress = MailAddress::newFromUser( $target );
|
|
$fromAddress = MailAddress::newFromUser( $senderUser );
|
|
|
|
// Add a standard footer and trim up trailing newlines
|
|
$text = rtrim( $text ) . "\n\n-- \n";
|
|
$text .= $this->contLangMsgFormatter->format(
|
|
MessageValue::new( 'emailuserfooter', [ $fromAddress->name, $toAddress->name ] )
|
|
);
|
|
|
|
if ( $this->options->get( MainConfigNames::EnableSpecialMute ) ) {
|
|
$text .= "\n" . $this->contLangMsgFormatter->format(
|
|
MessageValue::new(
|
|
'specialmute-email-footer',
|
|
[
|
|
$this->getSpecialMuteCanonicalURL( $senderIdentity->getName() ),
|
|
$senderIdentity->getName()
|
|
]
|
|
)
|
|
);
|
|
}
|
|
|
|
$error = false;
|
|
// TODO Remove deprecated ugly hook
|
|
if ( !$this->hookRunner->onEmailUser( $toAddress, $fromAddress, $subject, $text, $error ) ) {
|
|
if ( $error instanceof StatusValue ) {
|
|
return $error;
|
|
} elseif ( $error === false || $error === '' || $error === [] ) {
|
|
// Possibly to tell HTMLForm to pretend there was no submission?
|
|
return StatusValue::newFatal( 'hookaborted' );
|
|
} elseif ( $error === true ) {
|
|
// Hook sent the mail itself and indicates success?
|
|
return StatusValue::newGood();
|
|
} elseif ( is_array( $error ) ) {
|
|
$status = StatusValue::newGood();
|
|
foreach ( $error as $e ) {
|
|
$status->fatal( $e );
|
|
}
|
|
return $status;
|
|
} elseif ( $error instanceof MessageSpecifier ) {
|
|
return StatusValue::newFatal( $error );
|
|
} else {
|
|
// Setting $error to something else was deprecated in 1.29 and
|
|
// removed in 1.36, and so an exception is now thrown
|
|
$type = get_debug_type( $error );
|
|
throw new UnexpectedValueException(
|
|
'EmailUser hook set $error to unsupported type ' . $type
|
|
);
|
|
}
|
|
}
|
|
|
|
$hookStatus = StatusValue::newGood();
|
|
$hookRes = $this->hookRunner->onEmailUserSendEmail(
|
|
$this->sender,
|
|
$fromAddress,
|
|
$target,
|
|
$toAddress,
|
|
$subject,
|
|
$text,
|
|
$hookStatus
|
|
);
|
|
if ( !$hookRes && !$hookStatus->isGood() ) {
|
|
return $hookStatus;
|
|
}
|
|
|
|
[ $mailFrom, $replyTo ] = $this->getFromAndReplyTo( $fromAddress );
|
|
|
|
$status = $this->emailer->send(
|
|
$toAddress,
|
|
$mailFrom,
|
|
$subject,
|
|
$text,
|
|
null,
|
|
[ 'replyTo' => $replyTo ]
|
|
);
|
|
|
|
if ( !$status->isGood() ) {
|
|
return $status;
|
|
}
|
|
|
|
// if the user requested a copy of this mail, do this now,
|
|
// unless they are emailing themselves, in which case one
|
|
// copy of the message is sufficient.
|
|
if ( $CCMe && !$toAddress->equals( $fromAddress ) ) {
|
|
$userMsgFormatter = $this->messageFormatterFactory->getTextFormatter( $langCode );
|
|
$ccTo = $fromAddress;
|
|
$ccFrom = $fromAddress;
|
|
$ccSubject = $userMsgFormatter->format(
|
|
MessageValue::new( 'emailccsubject' )->plaintextParams(
|
|
$target->getUser()->getName(),
|
|
$subject
|
|
)
|
|
);
|
|
$ccText = $text;
|
|
|
|
$this->hookRunner->onEmailUserCC( $ccTo, $ccFrom, $ccSubject, $ccText );
|
|
|
|
[ $mailFrom, $replyTo ] = $this->getFromAndReplyTo( $ccFrom );
|
|
|
|
$ccStatus = $this->emailer->send(
|
|
$ccTo,
|
|
$mailFrom,
|
|
$ccSubject,
|
|
$ccText,
|
|
null,
|
|
[ 'replyTo' => $replyTo ]
|
|
);
|
|
$status->merge( $ccStatus );
|
|
}
|
|
|
|
$this->hookRunner->onEmailUserComplete( $toAddress, $fromAddress, $subject, $text );
|
|
|
|
return $status;
|
|
}
|
|
|
|
/**
|
|
* @param MailAddress $fromAddress
|
|
* @return array
|
|
* @phan-return array{0:MailAddress,1:?MailAddress}
|
|
*/
|
|
private function getFromAndReplyTo( MailAddress $fromAddress ): array {
|
|
if ( $this->options->get( MainConfigNames::UserEmailUseReplyTo ) ) {
|
|
/**
|
|
* Put the generic wiki autogenerated address in the From:
|
|
* header and reserve the user for Reply-To.
|
|
*
|
|
* This is a bit ugly, but will serve to differentiate
|
|
* wiki-borne mails from direct mails and protects against
|
|
* SPF and bounce problems with some mailers (see below).
|
|
*/
|
|
$mailFrom = new MailAddress(
|
|
$this->options->get( MainConfigNames::PasswordSender ),
|
|
$this->contLangMsgFormatter->format( MessageValue::new( 'emailsender' ) )
|
|
);
|
|
$replyTo = $fromAddress;
|
|
} else {
|
|
/**
|
|
* Put the sending user's e-mail address in the From: header.
|
|
*
|
|
* This is clean-looking and convenient, but has issues.
|
|
* One is that it doesn't as clearly differentiate the wiki mail
|
|
* from "directly" sent mails.
|
|
*
|
|
* Another is that some mailers (like sSMTP) will use the From
|
|
* address as the envelope sender as well. For open sites this
|
|
* can cause mails to be flunked for SPF violations (since the
|
|
* wiki server isn't an authorized sender for various users'
|
|
* domains) as well as creating a privacy issue as bounces
|
|
* containing the recipient's e-mail address may get sent to
|
|
* the sending user.
|
|
*/
|
|
$mailFrom = $fromAddress;
|
|
$replyTo = null;
|
|
}
|
|
return [ $mailFrom, $replyTo ];
|
|
}
|
|
|
|
/**
|
|
* @param string $targetName
|
|
* @return string
|
|
* XXX This code is still heavily reliant on global state, so temporarily skip it in tests.
|
|
* @codeCoverageIgnore
|
|
*/
|
|
private function getSpecialMuteCanonicalURL( string $targetName ): string {
|
|
if ( defined( 'MW_PHPUNIT_TEST' ) ) {
|
|
return "Ceci n'est pas une URL";
|
|
}
|
|
return SpecialPage::getTitleFor( 'Mute', $targetName )->getCanonicalURL();
|
|
}
|
|
|
|
/**
|
|
* @internal Only for BC with SpecialEmailUser
|
|
* @param string $token
|
|
*/
|
|
public function setEditToken( string $token ): void {
|
|
$this->editToken = $token;
|
|
}
|
|
|
|
}
|