Provide email address verification feature (#2481)

* Add an email field to the profile page I reuse the `mail_login` from the configuration. I'm not sure if it's useful today (I would say it was used when Persona login was available). A good improvement would be to rename `mail_login` into `email` so it would be more intuitive to use. * Add boolean to the conf to force email validation This commit only adds a configuration item. * Add email during registration if email must be validated * Set email token to validate when email changes * Block access to FreshRSS if email is not validated * Send email when address is changed * Allow to resend the validation email * Allow the user to change its email while blocked * Document the email validation feature * fixup! Allow the user to change its email while blocked * tec: Autoload PHPMailer lib * Validate email address format * Add feedback on validation email resend action * Allow to logout when user is blocked * fix: Change default email "from" * Reorganize i18n keys * Complete all the locales with default english * Hide sidebar (profile page) if email is not validated * Check email requirements on registration * Allow admin to specify email when creating users * Don't check email format if value is empty * Remove trailing comma in userController Co-Authored-By: Alexandre Alapetite <alexandre@alapetite.fr> * Set PHPMailer validator to html5 before sending email * fixup! Remove trailing comma in userController
author: Marien Fressinaud <dev@marienfressinaud.fr> 2019-08-29 12:02:05 +0200
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2019-08-29 12:02:05 +0200
commit: 75632e70f0d49048f4ce72a0fa8bbcbcd7b2d312 (patch)
tree: 09c2f637ceedb76a30ad833555f02c2d50ee4863 /app/views
parent: ad44ff81694ff4cbcccc514a17351476a38aadd8 (diff)
6 files changed, 78 insertions, 2 deletions
diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml
index 19e11ef76..87582a2d0 100644
--- a/app/views/auth/register.phtml
+++ b/app/views/auth/register.phtml
@@ -8,6 +8,15 @@
 			<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" autocomplete="off" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" />
 		</div>
 
+		<?php if ($this->show_email_field) { ?>
+			<div>
+				<label class="group-name" for="new_user_email">
+					<?php echo _t('gen.auth.email'); ?>
+				</label>
+				<input id="new_user_email" name="new_user_email" type="email" required />
+			</div>
+		<?php } ?>
+
 		<div>
 			<label class="group-name" for="new_user_passwordPlain"><?php echo _t('gen.auth.password'), '<br />', _i('help'), ' ', _t('gen.auth.password.format'); ?></label>
 			<div class="stick">
diff --git a/app/views/configure/system.phtml b/app/views/configure/system.phtml
index 9af4cc2c9..eb0e68dfc 100644
--- a/app/views/configure/system.phtml
+++ b/app/views/configure/system.phtml
@@ -38,6 +38,24 @@
 			</div>
 		</div>
 
+		<?php if ($this->can_enable_email_validation) { ?>
+			<div class="form-group">
+				<div class="group-controls">
+					<label class="checkbox" for="force-email-validation">
+						<input
+							type="checkbox"
+							name="force-email-validation"
+							id="force-email-validation"
+							value="1"
+							<?php echo FreshRSS_Context::$system_conf->force_email_validation ? 'checked="checked"' : ''; ?>
+							data-leave-validation="<?php echo FreshRSS_Context::$system_conf->force_email_validation; ?>"
+						/>
+						<?php echo _t('admin.system.force_email_validation'); ?>
+					</label>
+				</div>
+			</div>
+		<?php } ?>
+
 		<div class="form-group">
 			<label class="group-name" for="max-feeds"><?php echo _t('admin.system.max-feeds'); ?></label>
 			<div class="group-controls">
@@ -51,7 +69,7 @@
 			    <input type="number" id="max-categories" name="max-categories" value="<?php echo FreshRSS_Context::$system_conf->limits['max_categories']; ?>" min="1" data-leave-validation="<?php echo FreshRSS_Context::$system_conf->limits['max_categories']; ?>"/>
 			</div>
 		</div>
-		
+
 		<div class="form-group">
 			<label class="group-name" for="cookie-duration"><?php echo _t('admin.system.cookie-duration.number'); ?></label>
 			<div class="group-controls">
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml
index d0e5928ef..501257e5b 100644
--- a/app/views/user/manage.phtml
+++ b/app/views/user/manage.phtml
@@ -26,6 +26,17 @@
 			</div>
 		</div>
 
+		<?php if ($this->show_email_field) { ?>
+			<div class="form-group">
+				<label class="group-name" for="new_user_email">
+					<?php echo _t('gen.auth.email'); ?>
+				</label>
+				<div class="group-controls">
+					<input id="new_user_email" name="new_user_email" type="email" required />
+				</div>
+			</div>
+		<?php } ?>
+
 		<div class="form-group">
 			<label class="group-name" for="new_user_passwordPlain"><?php echo _t('admin.user.password_form'); ?></label>
 			<div class="group-controls">
diff --git a/app/views/user/profile.phtml b/app/views/user/profile.phtml
index 83140376d..87aa25b11 100644
--- a/app/views/user/profile.phtml
+++ b/app/views/user/profile.phtml
@@ -1,4 +1,8 @@
-<?php $this->partial('aside_configure'); ?>
+<?php
+    if (!$this->disable_aside) {
+        $this->partial('aside_configure');
+    }
+?>
 
 <div class="post">
 	<a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a>
@@ -19,6 +23,13 @@
 		</div>
 
 		<div class="form-group">
+			<label class="group-name" for="email"><?php echo _t('conf.profile.email'); ?></label>
+			<div class="group-controls">
+				<input id="email" name="email" type="email" value="<?php echo FreshRSS_Context::$user_conf->mail_login; ?>" />
+			</div>
+		</div>
+
+		<div class="form-group">
 			<label class="group-name" for="newPasswordPlain"><?php echo _t('conf.profile.password_form'); ?></label>
 			<div class="group-controls">
 				<div class="stick">
diff --git a/app/views/user/validateEmail.phtml b/app/views/user/validateEmail.phtml
new file mode 100644
index 000000000..a246c222e
--- /dev/null
+++ b/app/views/user/validateEmail.phtml
@@ -0,0 +1,22 @@
+<div class="post">
+    <p>
+        <?php echo _t('user.email.validation.need_to', FreshRSS_Context::$system_conf->title); ?>
+    </p>
+
+    <p>
+        <?php echo _t('user.email.validation.email_sent_to', FreshRSS_Context::$user_conf->mail_login); ?>
+    </p>
+
+    <form action="<?php echo _url('user', 'sendValidationEmail'); ?>" method="post">
+        <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
+        <button type="submit" class="btn">
+            <?php echo _t('user.email.validation.resend_email'); ?>
+        </button>
+    </form>
+
+    <p>
+        <small>
+            <?php echo _t('user.email.validation.change_email', _url('user', 'profile')); ?>
+        </small>
+    </p>
+</div>
diff --git a/app/views/user_mailer/email_need_validation.txt b/app/views/user_mailer/email_need_validation.txt
new file mode 100644
index 000000000..13b63c1af
--- /dev/null
+++ b/app/views/user_mailer/email_need_validation.txt
@@ -0,0 +1,5 @@
+<?php echo _t('user.mailer.email_need_validation.welcome', $this->username); ?>
+
+<?php echo _t('user.mailer.email_need_validation.body', $this->site_title); ?>
+
+<?php echo $this->validation_url; ?>
author	Marien Fressinaud <dev@marienfressinaud.fr>	2019-08-29 12:02:05 +0200
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2019-08-29 12:02:05 +0200
commit	75632e70f0d49048f4ce72a0fa8bbcbcd7b2d312 (patch)
tree	09c2f637ceedb76a30ad833555f02c2d50ee4863 /app/views
parent	ad44ff81694ff4cbcccc514a17351476a38aadd8 (diff)