From b537666e5cb2ead37ac12818b41a459056c88e83 Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Tue, 3 Jun 2014 16:10:24 -0400
Subject: [PATCH] closes #1592, closes #1634

---
 install/data/defaults.json               |  4 ++++
 public/language/en_GB/error.json         |  1 +
 public/language/en_GB/notifications.json |  7 ++++++-
 src/controllers/index.js                 | 15 +--------------
 src/socket.io/admin.js                   |  4 ++--
 src/socket.io/index.js                   |  2 +-
 src/user.js                              | 17 ++++++++++-------
 src/user/create.js                       |  2 +-
 src/user/email.js                        |  3 +--
 9 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/install/data/defaults.json b/install/data/defaults.json
index 8f1bc88115..d9a6e3d17b 100644
--- a/install/data/defaults.json
+++ b/install/data/defaults.json
@@ -66,5 +66,9 @@
     {
         "field": "chatMessagesToDisplay",
         "value": 50
+    },
+    {
+        "field": "requireEmailConfirmation",
+        "value": 1
     }
 ]
\ No newline at end of file
diff --git a/public/language/en_GB/error.json b/public/language/en_GB/error.json
index 7b5a6eece9..73ac0ad947 100644
--- a/public/language/en_GB/error.json
+++ b/public/language/en_GB/error.json
@@ -19,6 +19,7 @@
 
 	"username-taken": "Username taken",
 	"email-taken": "Email taken",
+	"email-not-confirmed": "Your email is not confirmed",
 
 	"username-too-short": "User name too short",
 
diff --git a/public/language/en_GB/notifications.json b/public/language/en_GB/notifications.json
index d480d39a2e..c37595a009 100644
--- a/public/language/en_GB/notifications.json
+++ b/public/language/en_GB/notifications.json
@@ -16,6 +16,11 @@
 	"upvoted_your_post": "<strong>%1</strong> has upvoted your post.",
 	"favourited_your_post": "<strong>%1</strong> has favourited your post.",
 	"user_flagged_post": "<strong>%1</strong> flagged a post.",
-	"user_posted_to" : "<strong>%1</strong> has posted a reply to: <strong>%2</strong>"
+	"user_posted_to" : "<strong>%1</strong> has posted a reply to: <strong>%2</strong>",
+
+	"email-confirmed": "Email Confirmed",
+	"email-confirmed-message": "Thank you for validating your email. Your account is now fully activated.",
+	"email-confirm-error": "An error occurred...",
+	"email-confirm-error-message": "There was a problem validating your email address. Perhaps the code was invalid or has expired."
 
 }
diff --git a/src/controllers/index.js b/src/controllers/index.js
index 2cc7c6cf15..37a3040a9f 100644
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -210,20 +210,7 @@ Controllers.register = function(req, res, next) {
 
 Controllers.confirmEmail = function(req, res, next) {
 	user.email.confirm(req.params.code, function (data) {
-		if (data.status === 'ok') {
-			data = {
-				'alert-class': 'alert-success',
-				title: 'Email Confirmed',
-				text: 'Thank you for vaidating your email. Your account is now fully activated.'
-			};
-		} else {
-			data = {
-				'alert-class': 'alert-danger',
-				title: 'An error occurred...',
-				text: 'There was a problem validating your email address. Perhaps the code was invalid or has expired.'
-			};
-		}
-
+		data.status = data.status === 'ok';
 		res.render('confirm', data);
 	});
 };
diff --git a/src/socket.io/admin.js b/src/socket.io/admin.js
index aa653d516f..2ad7fa625b 100644
--- a/src/socket.io/admin.js
+++ b/src/socket.io/admin.js
@@ -25,12 +25,12 @@ var	groups = require('../groups'),
 		settings: {}
 	};
 
-SocketAdmin.before = function(socket, next) {
+SocketAdmin.before = function(socket, method, next) {
 	user.isAdministrator(socket.uid, function(err, isAdmin) {
 		if (!err && isAdmin) {
 			next();
 		} else {
-			winston.warn('[socket.io] Call to admin method blocked (accessed by uid ' + socket.uid + ')');
+			winston.warn('[socket.io] Call to admin method ( ' + method + ' ) blocked (accessed by uid ' + socket.uid + ')');
 		}
 	});
 };
diff --git a/src/socket.io/index.js b/src/socket.io/index.js
index a5f9bd9d18..3b872c2cac 100644
--- a/src/socket.io/index.js
+++ b/src/socket.io/index.js
@@ -165,7 +165,7 @@ Sockets.init = function(server) {
 			}
 
 			if (Namespaces[namespace].before) {
-				Namespaces[namespace].before(socket, function() {
+				Namespaces[namespace].before(socket, payload.name, function() {
 					callMethod(methodToCall);
 				});
 			} else {
diff --git a/src/user.js b/src/user.js
index c7fec2596a..dee7496928 100644
--- a/src/user.js
+++ b/src/user.js
@@ -155,21 +155,20 @@ var bcrypt = require('bcryptjs'),
 
 	User.isReadyToPost = function(uid, callback) {
 		async.parallel({
-			banned: function(next) {
-				User.getUserField(uid, 'banned', next);
+			userData: function(next) {
+				User.getUserFields(uid, ['banned', 'lastposttime', 'email', 'email:confirmed'], next);
 			},
 			exists: function(next) {
 				db.exists('user:' + uid, next);
-			},
-			lastposttime: function(next) {
-				User.getUserField(uid, 'lastposttime', next);
 			}
 		}, function(err, results) {
 			if (err) {
 				return callback(err);
 			}
 
-			if (parseInt(results.banned, 10) === 1) {
+			var userData = results.userData;
+
+			if (parseInt(userData.banned, 10) === 1) {
 				return callback(new Error('[[error:user-banned]]'));
 			}
 
@@ -177,7 +176,11 @@ var bcrypt = require('bcryptjs'),
 				return callback(new Error('[[error:no-user]]'));
 			}
 
-			var lastposttime = results.lastposttime;
+			if (userData.email && (parseInt(meta.config.requireEmailConfirmation, 10) === 1 || meta.config.requireEmailConfirmation === undefined) && parseInt(userData['email:confirmed'], 10) !== 1) {
+				return callback(new Error('[[error:email-not-confirmed]]'));
+			}
+
+			var lastposttime = userData.lastposttime;
 			if (!lastposttime) {
 				lastposttime = 0;
 			}
diff --git a/src/user/create.js b/src/user/create.js
index f9efeebaef..3f4a78de81 100644
--- a/src/user/create.js
+++ b/src/user/create.js
@@ -137,7 +137,7 @@ module.exports = function(User) {
 
 					if (userData.email !== undefined) {
 						db.setObjectField('email:uid', userData.email, uid);
-						if (parseInt(uid, 10) !== 1) {
+						if (parseInt(uid, 10) !== 1 && (parseInt(meta.config.requireEmailConfirmation, 10) === 1 || meta.config.requireEmailConfirmation === undefined)) {
 							User.email.verify(uid, userData.email);
 						}
 					}
diff --git a/src/user/email.js b/src/user/email.js
index 74aa01db17..f3800331b5 100644
--- a/src/user/email.js
+++ b/src/user/email.js
@@ -45,7 +45,6 @@ var async = require('async'),
 				db.expireAt('confirm:' + confirm_code, Math.floor(Date.now() / 1000 + 60 * 60 * 2), next);
 			}
 		], function(err) {
-			// Send intro email w/ confirm code
 			user.getUserField(uid, 'username', function(err, username) {
 				if (err) {
 					return winston.error(err.message);
@@ -73,7 +72,7 @@ var async = require('async'),
 			}
 
 			if (confirmObj && confirmObj.uid && confirmObj.email) {
-				db.setObjectField('email:confirmed', confirmObj.email, '1', function() {
+				user.setUserField(confirmObj.uid, 'email:confirmed', 1, function() {
 					callback({
 						status: 'ok'
 					});