From 6d9ae1d9bb00e17db8b18e914fd27eba43c95884 Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Thu, 6 Dec 2012 15:49:33 -0500
Subject: [PATCH] Resolving VUFIND-590: email now requires authentication by
default (to deter spammers), but anonymous emailing can be enabled via
config.ini.
---
config/vufind/config.ini | 2 ++
.../src/VuFind/Controller/AbstractRecord.php | 8 +++++++
.../src/VuFind/Controller/AjaxController.php | 24 +++++++++++++++++++
.../src/VuFind/Controller/CartController.php | 8 +++++++
.../VuFind/Controller/SearchController.php | 15 ++++++++++++
themes/blueprint/js/common.js | 2 +-
themes/blueprint/js/record.js | 2 +-
7 files changed, 59 insertions(+), 2 deletions(-)
diff --git a/config/vufind/config.ini b/config/vufind/config.ini
index 9cbda6c4936..5a6cce97cf5 100644
--- a/config/vufind/config.ini
+++ b/config/vufind/config.ini
@@ -240,6 +240,8 @@ host = localhost
port = 25
;username = user
;password = pass
+; If set to false, users can send anonymous emails; otherwise, they must log in first
+require_login = true
; This section needs to be changed to match your database connection information
[Database]
diff --git a/module/VuFind/src/VuFind/Controller/AbstractRecord.php b/module/VuFind/src/VuFind/Controller/AbstractRecord.php
index 260c21a81ca..3f7e7ccd2b9 100644
--- a/module/VuFind/src/VuFind/Controller/AbstractRecord.php
+++ b/module/VuFind/src/VuFind/Controller/AbstractRecord.php
@@ -341,6 +341,14 @@ class AbstractRecord extends AbstractBase
*/
public function emailAction()
{
+ // Force login if necessary:
+ $config = \VuFind\Config\Reader::getConfig();
+ if ((!isset($config->Mail->require_login) || $config->Mail->require_login)
+ && !$this->getUser()
+ ) {
+ return $this->forceLogin();
+ }
+
// Retrieve the record driver:
$driver = $this->loadRecord();
diff --git a/module/VuFind/src/VuFind/Controller/AjaxController.php b/module/VuFind/src/VuFind/Controller/AjaxController.php
index 32dff95f474..e2baa303d05 100644
--- a/module/VuFind/src/VuFind/Controller/AjaxController.php
+++ b/module/VuFind/src/VuFind/Controller/AjaxController.php
@@ -972,6 +972,18 @@ class AjaxController extends AbstractBase
public function emailRecord()
{
$this->writeSession(); // avoid session write timing bug
+
+ // Force login if necessary:
+ $config = \VuFind\Config\Reader::getConfig();
+ if ((!isset($config->Mail->require_login) || $config->Mail->require_login)
+ && !$this->getUser()
+ ) {
+ return $this->output(
+ $this->translate('You must be logged in first'),
+ self::STATUS_NEED_AUTH
+ );
+ }
+
// Attempt to send the email:
try {
$record = $this->getRecordLoader()->load(
@@ -1001,6 +1013,18 @@ class AjaxController extends AbstractBase
public function emailSearch()
{
$this->writeSession(); // avoid session write timing bug
+
+ // Force login if necessary:
+ $config = \VuFind\Config\Reader::getConfig();
+ if ((!isset($config->Mail->require_login) || $config->Mail->require_login)
+ && !$this->getUser()
+ ) {
+ return $this->output(
+ $this->translate('You must be logged in first'),
+ self::STATUS_NEED_AUTH
+ );
+ }
+
// Make sure URL is properly formatted -- if no protocol is specified, run it
// through the serverurl helper:
$url = $this->params()->fromPost('url');
diff --git a/module/VuFind/src/VuFind/Controller/CartController.php b/module/VuFind/src/VuFind/Controller/CartController.php
index c7bdffa0cd9..95f080442e1 100644
--- a/module/VuFind/src/VuFind/Controller/CartController.php
+++ b/module/VuFind/src/VuFind/Controller/CartController.php
@@ -166,6 +166,14 @@ class CartController extends AbstractBase
*/
public function emailAction()
{
+ // Force login if necessary:
+ $config = \VuFind\Config\Reader::getConfig();
+ if ((!isset($config->Mail->require_login) || $config->Mail->require_login)
+ && !$this->getUser()
+ ) {
+ return $this->forceLogin();
+ }
+
$ids = is_null($this->params()->fromPost('selectAll'))
? $this->params()->fromPost('ids')
: $this->params()->fromPost('idsAll');
diff --git a/module/VuFind/src/VuFind/Controller/SearchController.php b/module/VuFind/src/VuFind/Controller/SearchController.php
index 7f5488a8d64..01863d9494a 100644
--- a/module/VuFind/src/VuFind/Controller/SearchController.php
+++ b/module/VuFind/src/VuFind/Controller/SearchController.php
@@ -84,6 +84,21 @@ class SearchController extends AbstractSearch
)
);
+ // Force login if necessary:
+ $config = \VuFind\Config\Reader::getConfig();
+ if ((!isset($config->Mail->require_login) || $config->Mail->require_login)
+ && !$this->getUser()
+ ) {
+ return $this->forceLogin(null, array('emailurl' => $view->url));
+ }
+
+ // Check if we have a URL in login followup data:
+ $followup = $this->followup()->retrieve();
+ if (isset($followup->emailurl)) {
+ $view->url = $followup->emailurl;
+ unset($followup->emailurl);
+ }
+
// Fail if we can't figure out a URL to share:
if (empty($view->url)) {
throw new \Exception('Cannot determine URL to share.');
diff --git a/themes/blueprint/js/common.js b/themes/blueprint/js/common.js
index 0379f3a077d..68cdb97e2d0 100644
--- a/themes/blueprint/js/common.js
+++ b/themes/blueprint/js/common.js
@@ -45,7 +45,7 @@ $(document).ready(function(){
// assign click event to "email search" links
$('a.mailSearch').click(function() {
var id = this.id.substr('mailSearch'.length);
- var $dialog = getLightbox('Search', 'Email', id, null, this.title);
+ var $dialog = getLightbox('Search', 'Email', id, null, this.title, 'Search', 'Email', id);
return false;
});
diff --git a/themes/blueprint/js/record.js b/themes/blueprint/js/record.js
index e1f74085e15..8bde4929a44 100644
--- a/themes/blueprint/js/record.js
+++ b/themes/blueprint/js/record.js
@@ -26,7 +26,7 @@ $(document).ready(function(){
});
$('a.mailRecord').click(function() {
var controller = extractController(this);
- var $dialog = getLightbox(controller, 'Email', id, null, this.title);
+ var $dialog = getLightbox(controller, 'Email', id, null, this.title, controller, 'Email', id);
return false;
});
$('a.tagRecord').click(function() {
--
GitLab