Merge pull request #4809 from nextcloud/downstream-27676

Disable reset password link

3 files changed, 21 insertions, 1 deletions

diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 691d74cdc60..93b695dd999 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -159,6 +159,8 @@ class LoginController extends Controller {
 					$parameters['canResetPassword'] = $userObj->canChangePassword();
 				}
 			}
+		} elseif ($parameters['resetPasswordLink'] === 'disabled') {
+			$parameters['canResetPassword'] = false;
 		}
 
 		$parameters['alt_login'] = OC_App::getAlternativeLogIns();
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index 3f9ef172365..0d5988a2495 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -131,6 +131,14 @@ class LostController extends Controller {
 	 * @return TemplateResponse
 	 */
 	public function resetform($token, $userId) {
+		if ($this->config->getSystemValue('lost_password_link', '') !== '') {
+			return new TemplateResponse('core', 'error', [
+					'errors' => [['error' => $this->l10n->t('Password reset is disabled')]]
+				],
+				'guest'
+			);
+		}
+
 		try {
 			$this->checkPasswordResetToken($token, $userId);
 		} catch (\Exception $e) {
@@ -211,6 +219,10 @@ class LostController extends Controller {
 	 * @return JSONResponse
 	 */
 	public function email($user){
+		if ($this->config->getSystemValue('lost_password_link', '') !== '') {
+			return new JSONResponse($this->error($this->l10n->t('Password reset is disabled')));
+		}
+
 		// FIXME: use HTTP error codes
 		try {
 			$this->sendEmail($user);
@@ -234,6 +246,10 @@ class LostController extends Controller {
 	 * @return array
 	 */
 	public function setPassword($token, $userId, $password, $proceed) {
+		if ($this->config->getSystemValue('lost_password_link', '') !== '') {
+			return $this->error($this->l10n->t('Password reset is disabled'));
+		}
+
 		if ($this->encryptionManager->isEnabled() && !$proceed) {
 			return $this->error('', array('encryption' => true));
 		}
diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js
index 2f96911f162..1923b73a179 100644
--- a/core/js/lostpassword.js
+++ b/core/js/lostpassword.js
@@ -22,7 +22,9 @@ OC.Lostpassword = {
 		if (!$('#user').val().length){
 			$('#submit').trigger('click');
 		} else {
-			if (OC.config.lost_password_link) {
+			if (OC.config.lost_password_link === 'disabled') {
+				return;
+			} else if (OC.config.lost_password_link) {
 				window.location = OC.config.lost_password_link;
 			} else {
 				$.post(