Browse Source
No password reset for disabled users
Signed-off-by: Joas Schilling <coding@schilljs.com>tags/v13.0.0beta1
Joas Schilling
6 years ago
2 changed files with 41 additions and 3 deletions
+ 12
- 3
core/Controller/LostController.php
View File
| @@ -167,7 +167,7 @@ class LostController extends Controller { | |||
| */ | |||
| protected function checkPasswordResetToken($token, $userId) { | |||
| $user = $this->userManager->get($userId); | |||
| if($user === null) { | |||
| if($user === null || !$user->isEnabled()) { | |||
| throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); | |||
| } | |||
| @@ -340,16 +340,25 @@ class LostController extends Controller { | |||
| /** | |||
| * @param string $input | |||
| * @return IUser | |||
| * @throws \Exception | |||
| * @throws \InvalidArgumentException | |||
| */ | |||
| protected function findUserByIdOrMail($input) { | |||
| $user = $this->userManager->get($input); | |||
| if ($user instanceof IUser) { | |||
| if (!$user->isEnabled()) { | |||
| throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.')); | |||
| } | |||
| return $user; | |||
| } | |||
| $users = $this->userManager->getByEmail($input); | |||
| if (count($users) === 1) { | |||
| return $users[0]; | |||
| $user = $users[0]; | |||
| if (!$user->isEnabled()) { | |||
| throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.')); | |||
| } | |||
| return $user; | |||
| } | |||
| throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.')); | |||
+ 29
- 0
tests/Core/Controller/LostControllerTest.php
View File
| @@ -84,6 +84,9 @@ class LostControllerTest extends \Test\TestCase { | |||
| $this->existingUser->expects($this->any()) | |||
| ->method('getUID') | |||
| ->willReturn('ExistingUser'); | |||
| $this->existingUser->expects($this->any()) | |||
| ->method('isEnabled') | |||
| ->willReturn(true); | |||
| $this->config = $this->createMock(IConfig::class); | |||
| $this->config->expects($this->any()) | |||
| @@ -684,8 +687,34 @@ class LostControllerTest extends \Test\TestCase { | |||
| $this->assertSame($expectedResponse, $response); | |||
| } | |||
| public function testSetPasswordForDisabledUser() { | |||
| $user = $this->createMock(IUser::class); | |||
| $user->expects($this->any()) | |||
| ->method('isEnabled') | |||
| ->willReturn(false); | |||
| $user->expects($this->never()) | |||
| ->method('setPassword'); | |||
| $this->config->method('getUserValue') | |||
| ->with('ValidTokenUser', 'core', 'lostpassword', null) | |||
| ->willReturn('encryptedData'); | |||
| $this->userManager->method('get') | |||
| ->with('DisabledUser') | |||
| ->willReturn($this->existingUser); | |||
| $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true); | |||
| $expectedResponse = [ | |||
| 'status' => 'error', | |||
| 'msg' => 'Couldn\'t reset password because the token is invalid' | |||
| ]; | |||
| $this->assertSame($expectedResponse, $response); | |||
| } | |||
| public function testSendEmailNoEmail() { | |||
| $user = $this->createMock(IUser::class); | |||
| $user->expects($this->any()) | |||
| ->method('isEnabled') | |||
| ->willReturn(true); | |||
| $this->userManager->method('userExists') | |||
| ->with('ExistingUser') | |||
| ->willReturn(true); | |||
Loading…