diff options
| -rw-r--r-- | core/Controller/LostController.php | 3 | ||||
| -rw-r--r-- | tests/Core/Controller/LostControllerTest.php | 7 |
2 files changed, 7 insertions, 3 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index 5471f568473..dcfb37e84ef 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -172,7 +172,8 @@ class LostController extends Controller { */ protected function checkPasswordResetToken(string $token, string $userId): void { try { - $this->verificationToken->check($token, $this->userManager->get($userId), 'lostpassword', '', true); + $user = $this->userManager->get($userId); + $this->verificationToken->check($token, $user, 'lostpassword', $user ? $user->getEMailAddress() : '', true); } catch (InvalidTokenException $e) { $error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED ? $this->l10n->t('Could not reset password because the token is expired') diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php index a9dd4c1797b..e860c808014 100644 --- a/tests/Core/Controller/LostControllerTest.php +++ b/tests/Core/Controller/LostControllerTest.php @@ -153,7 +153,7 @@ class LostControllerTest extends \Test\TestCase { ->willReturn($this->existingUser); $this->verificationToken->expects($this->once()) ->method('check') - ->with('12345:MySecretToken', $this->existingUser, 'lostpassword') + ->with('12345:MySecretToken', $this->existingUser, 'lostpassword', 'test@example.com') ->willThrowException(new InvalidTokenException(InvalidTokenException::TOKEN_DECRYPTION_ERROR)); $response = $this->lostController->resetform('12345:MySecretToken', 'ValidTokenUser'); @@ -174,7 +174,7 @@ class LostControllerTest extends \Test\TestCase { ->willReturn($this->existingUser); $this->verificationToken->expects($this->once()) ->method('check') - ->with('MySecretToken', $this->existingUser, 'lostpassword'); + ->with('MySecretToken', $this->existingUser, 'lostpassword', 'test@example.com'); $response = $this->lostController->resetform('MySecretToken', 'ValidTokenUser'); $expectedResponse = new TemplateResponse('core', @@ -513,6 +513,9 @@ class LostControllerTest extends \Test\TestCase { ->willReturn(false); $user->expects($this->never()) ->method('setPassword'); + $user->expects($this->any()) + ->method('getEMailAddress') + ->willReturn('random@example.org'); $this->config->method('getUserValue') ->with('ValidTokenUser', 'core', 'lostpassword', null) |