includes/mail/EmailUser.php
<?php
/**
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
namespace MediaWiki\Mail;
use MailAddress;
use MediaWiki\Config\ServiceOptions;
use MediaWiki\HookContainer\HookContainer;
use MediaWiki\HookContainer\HookRunner;
use MediaWiki\MainConfigNames;
use MediaWiki\Permissions\Authority;
use MediaWiki\Permissions\PermissionStatus;
use MediaWiki\Preferences\MultiUsernameFilter;
use MediaWiki\SpecialPage\SpecialPage;
use MediaWiki\User\CentralId\CentralIdLookup;
use MediaWiki\User\Options\UserOptionsLookup;
use MediaWiki\User\UserFactory;
use StatusValue;
use UnexpectedValueException;
use Wikimedia\Message\IMessageFormatterFactory;
use Wikimedia\Message\ITextFormatter;
use Wikimedia\Message\MessageSpecifier;
use Wikimedia\Message\MessageValue;
/**
* Send email between two wiki users.
*
* Obtain via EmailUserFactory
*
* This class is stateless and can be used for multiple sends.
*
* @since 1.40
* @ingroup Mail
*/
class EmailUser {
/**
* @internal For use by ServiceWiring
*/
public const CONSTRUCTOR_OPTIONS = [
MainConfigNames::EnableEmail,
MainConfigNames::EnableUserEmail,
MainConfigNames::EnableSpecialMute,
MainConfigNames::PasswordSender,
MainConfigNames::UserEmailUseReplyTo,
];
private ServiceOptions $options;
private HookRunner $hookRunner;
private UserOptionsLookup $userOptionsLookup;
private CentralIdLookup $centralIdLookup;
private UserFactory $userFactory;
private IEmailer $emailer;
private IMessageFormatterFactory $messageFormatterFactory;
private ITextFormatter $contLangMsgFormatter;
private Authority $sender;
/** @var string Temporary property to support the deprecated EmailUserPermissionsErrors hook */
private string $editToken = '';
/**
* @internal For use by EmailUserFactory.
*
* @param ServiceOptions $options
* @param HookContainer $hookContainer
* @param UserOptionsLookup $userOptionsLookup
* @param CentralIdLookup $centralIdLookup
* @param UserFactory $userFactory
* @param IEmailer $emailer
* @param IMessageFormatterFactory $messageFormatterFactory
* @param ITextFormatter $contLangMsgFormatter
* @param Authority $sender
*/
public function __construct(
ServiceOptions $options,
HookContainer $hookContainer,
UserOptionsLookup $userOptionsLookup,
CentralIdLookup $centralIdLookup,
UserFactory $userFactory,
IEmailer $emailer,
IMessageFormatterFactory $messageFormatterFactory,
ITextFormatter $contLangMsgFormatter,
Authority $sender
) {
$options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS );
$this->options = $options;
$this->hookRunner = new HookRunner( $hookContainer );
$this->userOptionsLookup = $userOptionsLookup;
$this->centralIdLookup = $centralIdLookup;
$this->userFactory = $userFactory;
$this->emailer = $emailer;
$this->messageFormatterFactory = $messageFormatterFactory;
$this->contLangMsgFormatter = $contLangMsgFormatter;
$this->sender = $sender;
}
/**
* @internal
* @todo This method might perhaps be moved to a UserEmailContactLookup or something.
*
* @param UserEmailContact $target Target user
* @return StatusValue
*/
public function validateTarget( UserEmailContact $target ): StatusValue {
$targetIdentity = $target->getUser();
if ( !$targetIdentity->getId() ) {
return StatusValue::newFatal( 'emailnotarget' );
}
if ( !$target->isEmailConfirmed() ) {
return StatusValue::newFatal( 'noemailtext' );
}
$targetUser = $this->userFactory->newFromUserIdentity( $targetIdentity );
if ( !$targetUser->canReceiveEmail() ) {
return StatusValue::newFatal( 'nowikiemailtext' );
}
$senderUser = $this->userFactory->newFromAuthority( $this->sender );
if (
!$this->userOptionsLookup->getOption( $targetIdentity, 'email-allow-new-users' ) &&
$senderUser->isNewbie()
) {
return StatusValue::newFatal( 'nowikiemailtext' );
}
$muteList = $this->userOptionsLookup->getOption(
$targetIdentity,
'email-blacklist',
''
);
if ( $muteList ) {
$muteList = MultiUsernameFilter::splitIds( $muteList );
$senderId = $this->centralIdLookup->centralIdFromLocalUser( $this->sender->getUser() );
if ( $senderId !== 0 && in_array( $senderId, $muteList ) ) {
return StatusValue::newFatal( 'nowikiemailtext' );
}
}
return StatusValue::newGood();
}
/**
* Checks whether email sending is allowed.
*
* @return StatusValue For BC, the StatusValue's value can be set to a string representing
* a message key to use with ErrorPageError. Only SpecialEmailUser should rely on this.
*/
public function canSend(): StatusValue {
if (
!$this->options->get( MainConfigNames::EnableEmail ) ||
!$this->options->get( MainConfigNames::EnableUserEmail )
) {
return StatusValue::newFatal( 'usermaildisabled' );
}
$user = $this->userFactory->newFromAuthority( $this->sender );
// Run this before checking 'sendemail' permission
// to show appropriate message to anons (T160309)
if ( !$user->isEmailConfirmed() ) {
return StatusValue::newFatal( 'mailnologin' );
}
$status = PermissionStatus::newGood();
if ( !$this->sender->isDefinitelyAllowed( 'sendemail', $status ) ) {
return $status;
}
$hookErr = false;
// TODO Remove deprecated hooks
$this->hookRunner->onUserCanSendEmail( $user, $hookErr );
$this->hookRunner->onEmailUserPermissionsErrors( $user, $this->editToken, $hookErr );
if ( is_array( $hookErr ) ) {
// SpamBlacklist uses null for the third element, and there might be more handlers not using an array.
$msgParamsArray = is_array( $hookErr[2] ) ? $hookErr[2] : [];
$ret = StatusValue::newFatal( $hookErr[1], ...$msgParamsArray );
$ret->value = $hookErr[0];
return $ret;
}
return StatusValue::newGood();
}
/**
* Authorize the email sending, checking permissions etc.
*
* @return StatusValue For BC, the StatusValue's value can be set to a string representing
* a message key to use with ErrorPageError. Only SpecialEmailUser should rely on this.
*/
public function authorizeSend(): StatusValue {
$status = $this->canSend();
if ( !$status->isOK() ) {
return $status;
}
$status = PermissionStatus::newGood();
if ( !$this->sender->authorizeAction( 'sendemail', $status ) ) {
return $status;
}
$hookRes = $this->hookRunner->onEmailUserAuthorizeSend( $this->sender, $status );
if ( !$hookRes && !$status->isGood() ) {
return $status;
}
return StatusValue::newGood();
}
/**
* Really send a mail, without permission checks.
*
* @param UserEmailContact $target
* @param string $subject
* @param string $text
* @param bool $CCMe
* @param string $langCode Code of the language to be used for interface messages
* @return StatusValue
*/
public function sendEmailUnsafe(
UserEmailContact $target,
string $subject,
string $text,
bool $CCMe,
string $langCode
): StatusValue {
$senderIdentity = $this->sender->getUser();
$targetStatus = $this->validateTarget( $target );
if ( !$targetStatus->isGood() ) {
return $targetStatus;
}
$senderUser = $this->userFactory->newFromAuthority( $this->sender );
$toAddress = MailAddress::newFromUser( $target );
$fromAddress = MailAddress::newFromUser( $senderUser );
// Add a standard footer and trim up trailing newlines
$text = rtrim( $text ) . "\n\n-- \n";
$text .= $this->contLangMsgFormatter->format(
MessageValue::new( 'emailuserfooter', [ $fromAddress->name, $toAddress->name ] )
);
if ( $this->options->get( MainConfigNames::EnableSpecialMute ) ) {
$text .= "\n" . $this->contLangMsgFormatter->format(
MessageValue::new(
'specialmute-email-footer',
[
$this->getSpecialMuteCanonicalURL( $senderIdentity->getName() ),
$senderIdentity->getName()
]
)
);
}
$error = false;
// TODO Remove deprecated ugly hook
if ( !$this->hookRunner->onEmailUser( $toAddress, $fromAddress, $subject, $text, $error ) ) {
if ( $error instanceof StatusValue ) {
return $error;
} elseif ( $error === false || $error === '' || $error === [] ) {
// Possibly to tell HTMLForm to pretend there was no submission?
return StatusValue::newFatal( 'hookaborted' );
} elseif ( $error === true ) {
// Hook sent the mail itself and indicates success?
return StatusValue::newGood();
} elseif ( is_array( $error ) ) {
$status = StatusValue::newGood();
foreach ( $error as $e ) {
$status->fatal( $e );
}
return $status;
} elseif ( $error instanceof MessageSpecifier ) {
return StatusValue::newFatal( $error );
} else {
// Setting $error to something else was deprecated in 1.29 and
// removed in 1.36, and so an exception is now thrown
$type = get_debug_type( $error );
throw new UnexpectedValueException(
'EmailUser hook set $error to unsupported type ' . $type
);
}
}
$hookStatus = StatusValue::newGood();
$hookRes = $this->hookRunner->onEmailUserSendEmail(
$this->sender,
$fromAddress,
$target,
$toAddress,
$subject,
$text,
$hookStatus
);
if ( !$hookRes && !$hookStatus->isGood() ) {
return $hookStatus;
}
[ $mailFrom, $replyTo ] = $this->getFromAndReplyTo( $fromAddress );
$status = $this->emailer->send(
$toAddress,
$mailFrom,
$subject,
$text,
null,
[ 'replyTo' => $replyTo ]
);
if ( !$status->isGood() ) {
return $status;
}
// if the user requested a copy of this mail, do this now,
// unless they are emailing themselves, in which case one
// copy of the message is sufficient.
if ( $CCMe && !$toAddress->equals( $fromAddress ) ) {
$userMsgFormatter = $this->messageFormatterFactory->getTextFormatter( $langCode );
$ccTo = $fromAddress;
$ccFrom = $fromAddress;
$ccSubject = $userMsgFormatter->format(
MessageValue::new( 'emailccsubject' )->plaintextParams(
$target->getUser()->getName(),
$subject
)
);
$ccText = $text;
$this->hookRunner->onEmailUserCC( $ccTo, $ccFrom, $ccSubject, $ccText );
[ $mailFrom, $replyTo ] = $this->getFromAndReplyTo( $ccFrom );
$ccStatus = $this->emailer->send(
$ccTo,
$mailFrom,
$ccSubject,
$ccText,
null,
[ 'replyTo' => $replyTo ]
);
$status->merge( $ccStatus );
}
$this->hookRunner->onEmailUserComplete( $toAddress, $fromAddress, $subject, $text );
return $status;
}
/**
* @param MailAddress $fromAddress
* @return array
* @phan-return array{0:MailAddress,1:?MailAddress}
*/
private function getFromAndReplyTo( MailAddress $fromAddress ): array {
if ( $this->options->get( MainConfigNames::UserEmailUseReplyTo ) ) {
/**
* Put the generic wiki autogenerated address in the From:
* header and reserve the user for Reply-To.
*
* This is a bit ugly, but will serve to differentiate
* wiki-borne mails from direct mails and protects against
* SPF and bounce problems with some mailers (see below).
*/
$mailFrom = new MailAddress(
$this->options->get( MainConfigNames::PasswordSender ),
$this->contLangMsgFormatter->format( MessageValue::new( 'emailsender' ) )
);
$replyTo = $fromAddress;
} else {
/**
* Put the sending user's e-mail address in the From: header.
*
* This is clean-looking and convenient, but has issues.
* One is that it doesn't as clearly differentiate the wiki mail
* from "directly" sent mails.
*
* Another is that some mailers (like sSMTP) will use the From
* address as the envelope sender as well. For open sites this
* can cause mails to be flunked for SPF violations (since the
* wiki server isn't an authorized sender for various users'
* domains) as well as creating a privacy issue as bounces
* containing the recipient's e-mail address may get sent to
* the sending user.
*/
$mailFrom = $fromAddress;
$replyTo = null;
}
return [ $mailFrom, $replyTo ];
}
/**
* @param string $targetName
* @return string
* XXX This code is still heavily reliant on global state, so temporarily skip it in tests.
* @codeCoverageIgnore
*/
private function getSpecialMuteCanonicalURL( string $targetName ): string {
if ( defined( 'MW_PHPUNIT_TEST' ) ) {
return "Ceci n'est pas une URL";
}
return SpecialPage::getTitleFor( 'Mute', $targetName )->getCanonicalURL();
}
/**
* @internal Only for BC with SpecialEmailUser
* @param string $token
*/
public function setEditToken( string $token ): void {
$this->editToken = $token;
}
}