Last modified: 2013-03-28 22:55:42 UTC
None of Special:ConfirmEmail, User::newFromConfirmationCode, and User::confirmEmail check if an email is already confirmed. newFromConfirmationCode just checks if it's a valid non-expired code, but using a code does not expire it. It's fine not to show an error for double confirmations, but the hook should not fire twice. I don't think setEmailAuthenticationTimestamp should be called again either, so my patch will avoid doing so.
Proposed fix at https://gerrit.wikimedia.org/r/56539 It calls isEmailConfirmed to see if they're already confirmed. If so, it returns true without doing anything. This does mean the EmailConfirmed hook (called by isEmailConfirmed) will be called in an additional scenario. However, isEmailConfirmed seems to be called frequently already (e.g. by both canSendEmail and canReceiveEmail). The fix means you can do something user-facing (e.g. sending an email to the user) on ConfirmEmailComplete without that occurring twice if the URL is visited again when they're already confirmed.
Merged.