From 0828df5ed4d8488570821b07baaaa7449be3ba64 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Thu, 11 May 2017 16:46:43 +0200
Subject: Disable the API endpoints as well

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 core/Controller/LostController.php | 16 ++++++++++++++++
 core/js/lostpassword.js            |  4 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)

(limited to 'core')

diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index 3f9ef172365..0d5988a2495 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -131,6 +131,14 @@ class LostController extends Controller {
 	 * @return TemplateResponse
 	 */
 	public function resetform($token, $userId) {
+		if ($this->config->getSystemValue('lost_password_link', '') !== '') {
+			return new TemplateResponse('core', 'error', [
+					'errors' => [['error' => $this->l10n->t('Password reset is disabled')]]
+				],
+				'guest'
+			);
+		}
+
 		try {
 			$this->checkPasswordResetToken($token, $userId);
 		} catch (\Exception $e) {
@@ -211,6 +219,10 @@ class LostController extends Controller {
 	 * @return JSONResponse
 	 */
 	public function email($user){
+		if ($this->config->getSystemValue('lost_password_link', '') !== '') {
+			return new JSONResponse($this->error($this->l10n->t('Password reset is disabled')));
+		}
+
 		// FIXME: use HTTP error codes
 		try {
 			$this->sendEmail($user);
@@ -234,6 +246,10 @@ class LostController extends Controller {
 	 * @return array
 	 */
 	public function setPassword($token, $userId, $password, $proceed) {
+		if ($this->config->getSystemValue('lost_password_link', '') !== '') {
+			return $this->error($this->l10n->t('Password reset is disabled'));
+		}
+
 		if ($this->encryptionManager->isEnabled() && !$proceed) {
 			return $this->error('', array('encryption' => true));
 		}
diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js
index 2f96911f162..1923b73a179 100644
--- a/core/js/lostpassword.js
+++ b/core/js/lostpassword.js
@@ -22,7 +22,9 @@ OC.Lostpassword = {
 		if (!$('#user').val().length){
 			$('#submit').trigger('click');
 		} else {
-			if (OC.config.lost_password_link) {
+			if (OC.config.lost_password_link === 'disabled') {
+				return;
+			} else if (OC.config.lost_password_link) {
 				window.location = OC.config.lost_password_link;
 			} else {
 				$.post(
-- 
cgit v1.2.3