From f8f3c9ecf9da1f14722f6d3266a0e80ea157f98f Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@owncloud.com>
Date: Mon, 7 Dec 2015 15:14:19 +0100
Subject: [PATCH 1/2] Remove password reset when the user can not change the
 password

---
 core/templates/login.php | 8 ++++++--
 lib/private/util.php     | 6 ++++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/core/templates/login.php b/core/templates/login.php
index 03be6258fd..7b09d4fac9 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -56,11 +56,15 @@ script('core', [
 			<input type="submit" id="submit" class="login primary icon-confirm svg" title="<?php p($l->t('Log in')); ?>" value="" disabled="disabled"/>
 		</p>
 
-		<?php if (isset($_['invalidpassword']) && ($_['invalidpassword'])): ?>
+		<?php if (!empty($_['invalidpassword']) && !empty($_['canResetPassword'])) { ?>
 		<a id="lost-password" class="warning" href="">
 			<?php p($l->t('Wrong password. Reset it?')); ?>
 		</a>
-		<?php endif; ?>
+		<?php } else if (!empty($_['invalidpassword'])) { ?>
+			<p class="warning">
+				<?php p($l->t('Wrong password.')); ?>
+			</p>
+		<?php } ?>
 		<?php if ($_['rememberLoginAllowed'] === true) : ?>
 		<div class="remember-login-container">
 			<input type="checkbox" name="remember_login" value="1" id="remember_login" class="checkbox checkbox--white">
diff --git a/lib/private/util.php b/lib/private/util.php
index 9929b7d5b1..532730998c 100644
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -947,6 +947,12 @@ class OC_Util {
 			$parameters['redirect_url'] = $_REQUEST['redirect_url'];
 		}
 
+		$parameters['canResetPassword'] = true;
+		$user = \OC::$server->getUserManager()->get($_REQUEST['user']);
+		if ($user instanceof IUser) {
+			$parameters['canResetPassword'] = $user->canChangePassword();
+		}
+
 		$parameters['alt_login'] = OC_App::getAlternativeLogIns();
 		$parameters['rememberLoginAllowed'] = self::rememberLoginAllowed();
 		\OC_Hook::emit('OC_Util', 'pre_displayLoginPage', array('parameters' => $parameters));

From 87bc02c6cd482a28aa175d269d48a849ca9eb399 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@owncloud.com>
Date: Mon, 7 Dec 2015 15:37:26 +0100
Subject: [PATCH 2/2] Allow specifying a custom reset-password-url

---
 config/config.sample.php |  8 ++++++++
 core/js/config.php       |  1 +
 core/js/lostpassword.js  | 12 ++++++++----
 lib/private/util.php     |  8 +++++---
 4 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/config/config.sample.php b/config/config.sample.php
index 034a1ebddb..c3abe3a2b8 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -213,6 +213,14 @@ $CONFIG = array(
 	)
 ),
 
+/**
+ * If your user backend does not allow to reset the password (e.g. when it's a
+ * read-only user backend like LDAP), you can specify a custom link, where the
+ * user is redirected to, when clicking the "reset password" link after a failed
+ * login-attempt.
+ */
+'lost_password_link' => 'https://example.org/link/to/password/reset',
+
 /**
  * Mail Parameters
  *
diff --git a/core/js/config.php b/core/js/config.php
index 8956689e74..e51ae90372 100644
--- a/core/js/config.php
+++ b/core/js/config.php
@@ -141,6 +141,7 @@ $array = array(
 			'version'			=> implode('.', OC_Util::getVersion()),
 			'versionstring'		=> OC_Util::getVersionString(),
 			'enable_avatars'	=> \OC::$server->getConfig()->getSystemValue('enable_avatars', true),
+			'lost_password_link'=> \OC::$server->getConfig()->getSystemValue('lost_password_link', null),
 			'modRewriteWorking'	=> (getenv('front_controller_active') === 'true'),
 		)
 	),
diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js
index 294a9d8c1c..df28c2308c 100644
--- a/core/js/lostpassword.js
+++ b/core/js/lostpassword.js
@@ -13,22 +13,26 @@ OC.Lostpassword = {
 	resetErrorMsg : t('core', 'Password can not be changed. Please contact your administrator.'),
 
 	init : function() {
-		$('#lost-password').click(OC.Lostpassword.sendLink);
+		$('#lost-password').click(OC.Lostpassword.resetLink);
 		$('#reset-password #submit').click(OC.Lostpassword.resetPassword);
 	},
 
-	sendLink : function(event){
+	resetLink : function(event){
 		event.preventDefault();
 		if (!$('#user').val().length){
 			$('#submit').trigger('click');
 		} else {
-			$.post(
+			if (OC.config['lost_password_link']) {
+				window.location = OC.config['lost_password_link'];
+			} else {
+				$.post(
 					OC.generateUrl('/lostpassword/email'),
 					{
 						user : $('#user').val()
 					},
 					OC.Lostpassword.sendLinkDone
-			);
+				);
+			}
 		}
 	},
 
diff --git a/lib/private/util.php b/lib/private/util.php
index 532730998c..c31ad63b9b 100644
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -948,9 +948,11 @@ class OC_Util {
 		}
 
 		$parameters['canResetPassword'] = true;
-		$user = \OC::$server->getUserManager()->get($_REQUEST['user']);
-		if ($user instanceof IUser) {
-			$parameters['canResetPassword'] = $user->canChangePassword();
+		if (!\OC::$server->getSystemConfig()->getValue('lost_password_link')) {
+			$user = \OC::$server->getUserManager()->get($_REQUEST['user']);
+			if ($user instanceof IUser) {
+				$parameters['canResetPassword'] = $user->canChangePassword();
+			}
 		}
 
 		$parameters['alt_login'] = OC_App::getAlternativeLogIns();