jenkins-bot has submitted this change and it was merged. Change subject: User.php: Update 'setEmailWithConfirmation' for notification email ......................................................................
User.php: Update 'setEmailWithConfirmation' for notification email In order to minimise the chances of successful account cracking, a notification email should be sent to the user on their previous registered email address, informing them of the change in the registered email address of their account. Bug: T31856 Change-Id: Ib1ef76d7eb45ed0fa7ee0c2e7e39af21289367d2 --- M includes/user/User.php M languages/i18n/en.json M languages/i18n/qqq.json 3 files changed, 32 insertions(+), 2 deletions(-) Approvals: Parent5446: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/user/User.php b/includes/user/User.php index 68a169a..2e786bd 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -2697,14 +2697,36 @@ return Status::newGood( true ); } + $type = $oldaddr != '' ? 'changed' : 'set'; + $notificationResult = null; + + if ( $wgEmailAuthentication ) { + // Send the user an email notifying the user of the change in registered + // email address on their previous email address + if ( $type == 'changed' ) { + $change = $str != '' ? 'changed' : 'removed'; + $notificationResult = $this->sendMail( + wfMessage( 'notificationemail_subject_' . $change )->text(), + wfMessage( 'notificationemail_body_' . $change, + $this->getRequest()->getIP(), + $this->getName(), + $str )->text() + ); + } + } + $this->setEmail( $str ); if ( $str !== '' && $wgEmailAuthentication ) { // Send a confirmation request to the new address if needed - $type = $oldaddr != '' ? 'changed' : 'set'; $result = $this->sendConfirmationMail( $type ); + + if ( $notificationResult !== null ) { + $result->merge( $notificationResult ); + } + if ( $result->isGood() ) { - // Say to the caller that a confirmation mail has been sent + // Say to the caller that a confirmation and notification mail has been sent $result->value = 'eauth'; } } else { diff --git a/languages/i18n/en.json b/languages/i18n/en.json index fea9fbd..5526e2e 100644 --- a/languages/i18n/en.json +++ b/languages/i18n/en.json @@ -3344,6 +3344,10 @@ "confirmemail_body_set": "Someone, probably you, from IP address $1,\nhas set the email address of the account \"$2\" to this address on {{SITENAME}}.\n\nTo confirm that this account really does belong to you and activate\nemail features on {{SITENAME}}, open this link in your browser:\n\n$3\n\nIf the account does *not* belong to you, follow this link\nto cancel the email address confirmation:\n\n$5\n\nThis confirmation code will expire at $4.", "confirmemail_invalidated": "Email address confirmation canceled", "invalidateemail": "Cancel email confirmation", + "notificationemail_subject_changed": "{{SITENAME}} registered email address has been changed", + "notificationemail_subject_removed": "{{SITENAME}} registered email address has been removed", + "notificationemail_body_changed": "Someone, probably you, from IP address $1,\nhas changed the email address of the account \"$2\" to \"$3\" on {{SITENAME}}.\n\nIf this was not you, contact a site administrator immediately.", + "notificationemail_body_removed": "Someone, probably you, from IP address $1,\nhas removed the email address of the account \"$2\" on {{SITENAME}}.\n\nIf this was not you, contact a site administrator immediately.", "scarytranscludedisabled": "[Interwiki transcluding is disabled]", "scarytranscludefailed": "[Template fetch failed for $1]", "scarytranscludefailed-httpstatus": "[Template fetch failed for $1: HTTP $2]", diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json index 93a3e79..301e5a6 100644 --- a/languages/i18n/qqq.json +++ b/languages/i18n/qqq.json @@ -784,6 +784,10 @@ "changeemail-submit": "Submit button on [[Special:ChangeEmail]]", "changeemail-throttled": "Error message shown at [[Special:ChangeEmail]] after the user has tried to login with incorrect password too many times.\n\nThe user has to wait a certain time before trying to log in again.\n\nParameters:\n* $1 - the time to wait before the next login attempt. Automatically formatted using the following duration messages:\n** {{msg-mw|Duration-millennia}}\n** {{msg-mw|Duration-centuries}}\n** {{msg-mw|Duration-decades}}\n** {{msg-mw|Duration-years}}\n** {{msg-mw|Duration-weeks}}\n** {{msg-mw|Duration-days}}\n** {{msg-mw|Duration-hours}}\n** {{msg-mw|Duration-minutes}}\n** {{msg-mw|Duration-seconds}}\n\nThis is a protection against robots trying to find the password by trying lots of them.\nThe number of attempts and waiting time are configured via [[mw:Manual:$wgPasswordAttemptThrottle|$wgPasswordAttemptThrottle]].\nThis message is used in html.\n\nSee also:\n* {{msg-mw|Changepassword-throttled}}", "changeemail-nochange": "Error message shown on [[Special:ChangeEmail]] if the old email address was entered in the new email address field.", + "notificationemail_subject_changed": "Subject of the email sent on the previously registered email address notifying them about the change in the registered email address.", + "notificationemail_subject_removed": "Subject of the email sent on the previously registered email address notifying them about the removal of the registered email address.", + "notificationemail_body_changed": "Body of the email sent on the previously registered email address notifying them about the change in the registered email address.", + "notificationemail_body_removed": "Body of the email sent on the previously registered email address notifying them about the removal of the registered email address.", "resettokens": "{{doc-special|ResetTokens}}\nIn this case \"token\" may be translated as \"key\", or similar.\n{{Identical|Reset token}}", "resettokens-summary": "{{ignored}}", "resettokens-text": "Text on [[Special:ResetTokens]].", -- To view, visit https://gerrit.wikimedia.org/r/276563 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib1ef76d7eb45ed0fa7ee0c2e7e39af21289367d2 Gerrit-PatchSet: 9 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Galorefitz <smritis.31...@gmail.com> Gerrit-Reviewer: 01tonythomas <01tonytho...@gmail.com> Gerrit-Reviewer: Galorefitz <smritis.31...@gmail.com> Gerrit-Reviewer: Hoo man <h...@online.de> Gerrit-Reviewer: Legoktm <legoktm.wikipe...@gmail.com> Gerrit-Reviewer: Parent5446 <tylerro...@gmail.com> Gerrit-Reviewer: Polybuildr <v.a.ghai...@gmail.com> Gerrit-Reviewer: Reedy <re...@wikimedia.org> Gerrit-Reviewer: Siebrand <siebr...@kitano.nl> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits