Enable password reset for user with same email address when only one is active

When two or more user share the same email address its not possible to
reset password by email. Even when only one account is active.

This pr reduce list of users returned by getByEmail by disabled users.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

1 files changed, 12 insertions, 9 deletions

diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index eacd5847c6c..d663559dc62 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -364,24 +364,27 @@ class LostController extends Controller {
 	 * @throws \InvalidArgumentException
 	 */
 	protected function findUserByIdOrMail($input) {
+		$userNotFound = new \InvalidArgumentException(
+			$this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.')
+		);
+
 		$user = $this->userManager->get($input);
 		if ($user instanceof IUser) {
 			if (!$user->isEnabled()) {
-				throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
+				throw $userNotFound;
 			}
 
 			return $user;
 		}
-		$users = $this->userManager->getByEmail($input);
-		if (count($users) === 1) {
-			$user = $users[0];
-			if (!$user->isEnabled()) {
-				throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
-			}
 
-			return $user;
+		$users = \array_filter($this->userManager->getByEmail($input), function (IUser $user) {
+			return $user->isEnabled();
+		});
+
+		if (\count($users) === 1) {
+			return $users[0];
 		}
 
-		throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
+		throw $userNotFound;
 	}
 }