From b776c3b89f4d772c9ed478acd0d998c0cda52971 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Tue, 20 Nov 2018 13:28:40 +0100 Subject: [PATCH] Respect the disabled setting for lost_password_link Fixes #11146 As documented when it is set to disabled the user can't request a lost password. Signed-off-by: Roeland Jago Douma --- core/Controller/LoginController.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 182d2bc106..c30206ff3d 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -224,7 +224,9 @@ class LoginController extends Controller { $parameters['resetPasswordLink'] = $this->config ->getSystemValue('lost_password_link', ''); - if (!$parameters['resetPasswordLink'] && $userObj !== null) { + if ($parameters['resetPasswordLink'] === 'disabled') { + $parameters['canResetPassword'] = false; + } else if (!$parameters['resetPasswordLink'] && $userObj !== null) { $parameters['canResetPassword'] = $userObj->canChangePassword(); } else if ($userObj !== null && $userObj->isEnabled() === false) { $parameters['canResetPassword'] = false;