No password reset for disabled users

Signed-off-by: Joas Schilling <coding@schilljs.com>

1 files changed, 29 insertions, 0 deletions

diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php
index ef419e40b40..0bdc11f8a2f 100644
--- a/tests/Core/Controller/LostControllerTest.php
+++ b/tests/Core/Controller/LostControllerTest.php
@@ -84,6 +84,9 @@ class LostControllerTest extends \Test\TestCase {
 		$this->existingUser->expects($this->any())
 			->method('getUID')
 			->willReturn('ExistingUser');
+		$this->existingUser->expects($this->any())
+			->method('isEnabled')
+			->willReturn(true);
 
 		$this->config = $this->createMock(IConfig::class);
 		$this->config->expects($this->any())
@@ -684,8 +687,34 @@ class LostControllerTest extends \Test\TestCase {
 		$this->assertSame($expectedResponse, $response);
 	}
 
+	public function testSetPasswordForDisabledUser() {
+		$user = $this->createMock(IUser::class);
+		$user->expects($this->any())
+			->method('isEnabled')
+			->willReturn(false);
+		$user->expects($this->never())
+			->method('setPassword');
+
+		$this->config->method('getUserValue')
+			->with('ValidTokenUser', 'core', 'lostpassword', null)
+			->willReturn('encryptedData');
+		$this->userManager->method('get')
+			->with('DisabledUser')
+			->willReturn($this->existingUser);
+
+		$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
+		$expectedResponse = [
+			'status' => 'error',
+			'msg' => 'Couldn\'t reset password because the token is invalid'
+			];
+		$this->assertSame($expectedResponse, $response);
+	}
+
 	public function testSendEmailNoEmail() {
 		$user = $this->createMock(IUser::class);
+		$user->expects($this->any())
+			->method('isEnabled')
+			->willReturn(true);
 		$this->userManager->method('userExists')
 			->with('ExistingUser')
 			->willReturn(true);