diff --git a/config/config.sample.php b/config/config.sample.php index 2bafbd411c..b143693082 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -253,6 +253,7 @@ $CONFIG = array( * read-only user backend like LDAP), you can specify a custom link, where the * user is redirected to, when clicking the "reset password" link after a failed * login-attempt. + * In case you do not want to provide any link, replace the url with 'disabled' */ 'lost_password_link' => 'https://example.org/link/to/password/reset', diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 691d74cdc6..93b695dd99 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -159,6 +159,8 @@ class LoginController extends Controller { $parameters['canResetPassword'] = $userObj->canChangePassword(); } } + } elseif ($parameters['resetPasswordLink'] === 'disabled') { + $parameters['canResetPassword'] = false; } $parameters['alt_login'] = OC_App::getAlternativeLogIns(); diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index 3f9ef17236..0d5988a249 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -131,6 +131,14 @@ class LostController extends Controller { * @return TemplateResponse */ public function resetform($token, $userId) { + if ($this->config->getSystemValue('lost_password_link', '') !== '') { + return new TemplateResponse('core', 'error', [ + 'errors' => [['error' => $this->l10n->t('Password reset is disabled')]] + ], + 'guest' + ); + } + try { $this->checkPasswordResetToken($token, $userId); } catch (\Exception $e) { @@ -211,6 +219,10 @@ class LostController extends Controller { * @return JSONResponse */ public function email($user){ + if ($this->config->getSystemValue('lost_password_link', '') !== '') { + return new JSONResponse($this->error($this->l10n->t('Password reset is disabled'))); + } + // FIXME: use HTTP error codes try { $this->sendEmail($user); @@ -234,6 +246,10 @@ class LostController extends Controller { * @return array */ public function setPassword($token, $userId, $password, $proceed) { + if ($this->config->getSystemValue('lost_password_link', '') !== '') { + return $this->error($this->l10n->t('Password reset is disabled')); + } + if ($this->encryptionManager->isEnabled() && !$proceed) { return $this->error('', array('encryption' => true)); } diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js index 2f96911f16..1923b73a17 100644 --- a/core/js/lostpassword.js +++ b/core/js/lostpassword.js @@ -22,7 +22,9 @@ OC.Lostpassword = { if (!$('#user').val().length){ $('#submit').trigger('click'); } else { - if (OC.config.lost_password_link) { + if (OC.config.lost_password_link === 'disabled') { + return; + } else if (OC.config.lost_password_link) { window.location = OC.config.lost_password_link; } else { $.post( diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php index d7d9094c48..d7098aafcc 100644 --- a/tests/Core/Controller/LostControllerTest.php +++ b/tests/Core/Controller/LostControllerTest.php @@ -86,9 +86,13 @@ class LostControllerTest extends \Test\TestCase { ->willReturn('ExistingUser'); $this->config = $this->createMock(IConfig::class); - $this->config->method('getSystemValue') - ->with('secret', null) - ->willReturn('SECRET'); + $this->config->expects($this->any()) + ->method('getSystemValue') + ->willReturnMap([ + ['secret', null, 'SECRET'], + ['secret', '', 'SECRET'], + ['lost_password_link', '', ''], + ]); $this->l10n = $this->createMock(IL10N::class); $this->l10n ->expects($this->any()) @@ -347,10 +351,6 @@ class LostControllerTest extends \Test\TestCase { ->method('send') ->with($message); - $this->config->method('getSystemValue') - ->with('secret', '') - ->willReturn('SECRET'); - $this->crypto->method('encrypt') ->with( $this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'), @@ -434,10 +434,6 @@ class LostControllerTest extends \Test\TestCase { ->method('send') ->with($message); - $this->config->method('getSystemValue') - ->with('secret', '') - ->willReturn('SECRET'); - $this->crypto->method('encrypt') ->with( $this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'), @@ -516,10 +512,6 @@ class LostControllerTest extends \Test\TestCase { ->with($message) ->will($this->throwException(new \Exception())); - $this->config->method('getSystemValue') - ->with('secret', '') - ->willReturn('SECRET'); - $this->crypto->method('encrypt') ->with( $this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'),