No password reset for disabled users
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
parent
231cffffb9
commit
d5c6d56170
|
@ -167,7 +167,7 @@ class LostController extends Controller {
|
||||||
*/
|
*/
|
||||||
protected function checkPasswordResetToken($token, $userId) {
|
protected function checkPasswordResetToken($token, $userId) {
|
||||||
$user = $this->userManager->get($userId);
|
$user = $this->userManager->get($userId);
|
||||||
if($user === null) {
|
if($user === null || !$user->isEnabled()) {
|
||||||
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
|
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -340,16 +340,25 @@ class LostController extends Controller {
|
||||||
/**
|
/**
|
||||||
* @param string $input
|
* @param string $input
|
||||||
* @return IUser
|
* @return IUser
|
||||||
* @throws \Exception
|
* @throws \InvalidArgumentException
|
||||||
*/
|
*/
|
||||||
protected function findUserByIdOrMail($input) {
|
protected function findUserByIdOrMail($input) {
|
||||||
$user = $this->userManager->get($input);
|
$user = $this->userManager->get($input);
|
||||||
if ($user instanceof IUser) {
|
if ($user instanceof IUser) {
|
||||||
|
if (!$user->isEnabled()) {
|
||||||
|
throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
|
||||||
|
}
|
||||||
|
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
$users = $this->userManager->getByEmail($input);
|
$users = $this->userManager->getByEmail($input);
|
||||||
if (count($users) === 1) {
|
if (count($users) === 1) {
|
||||||
return $users[0];
|
$user = $users[0];
|
||||||
|
if (!$user->isEnabled()) {
|
||||||
|
throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
return $user;
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
|
throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
|
||||||
|
|
|
@ -84,6 +84,9 @@ class LostControllerTest extends \Test\TestCase {
|
||||||
$this->existingUser->expects($this->any())
|
$this->existingUser->expects($this->any())
|
||||||
->method('getUID')
|
->method('getUID')
|
||||||
->willReturn('ExistingUser');
|
->willReturn('ExistingUser');
|
||||||
|
$this->existingUser->expects($this->any())
|
||||||
|
->method('isEnabled')
|
||||||
|
->willReturn(true);
|
||||||
|
|
||||||
$this->config = $this->createMock(IConfig::class);
|
$this->config = $this->createMock(IConfig::class);
|
||||||
$this->config->expects($this->any())
|
$this->config->expects($this->any())
|
||||||
|
@ -684,8 +687,34 @@ class LostControllerTest extends \Test\TestCase {
|
||||||
$this->assertSame($expectedResponse, $response);
|
$this->assertSame($expectedResponse, $response);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testSetPasswordForDisabledUser() {
|
||||||
|
$user = $this->createMock(IUser::class);
|
||||||
|
$user->expects($this->any())
|
||||||
|
->method('isEnabled')
|
||||||
|
->willReturn(false);
|
||||||
|
$user->expects($this->never())
|
||||||
|
->method('setPassword');
|
||||||
|
|
||||||
|
$this->config->method('getUserValue')
|
||||||
|
->with('ValidTokenUser', 'core', 'lostpassword', null)
|
||||||
|
->willReturn('encryptedData');
|
||||||
|
$this->userManager->method('get')
|
||||||
|
->with('DisabledUser')
|
||||||
|
->willReturn($this->existingUser);
|
||||||
|
|
||||||
|
$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
|
||||||
|
$expectedResponse = [
|
||||||
|
'status' => 'error',
|
||||||
|
'msg' => 'Couldn\'t reset password because the token is invalid'
|
||||||
|
];
|
||||||
|
$this->assertSame($expectedResponse, $response);
|
||||||
|
}
|
||||||
|
|
||||||
public function testSendEmailNoEmail() {
|
public function testSendEmailNoEmail() {
|
||||||
$user = $this->createMock(IUser::class);
|
$user = $this->createMock(IUser::class);
|
||||||
|
$user->expects($this->any())
|
||||||
|
->method('isEnabled')
|
||||||
|
->willReturn(true);
|
||||||
$this->userManager->method('userExists')
|
$this->userManager->method('userExists')
|
||||||
->with('ExistingUser')
|
->with('ExistingUser')
|
||||||
->willReturn(true);
|
->willReturn(true);
|
||||||
|
|
Loading…
Reference in New Issue