Skip to content

Commit

Permalink
Item14414: Don't allow disabled accounts to reset password.
Browse files Browse the repository at this point in the history
  • Loading branch information
@gac410
gac410 committed Jun 20, 2017
1 parent a3ed1e8 commit 276b8fe
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
6 changes: 6 additions & 0 deletions core/lib/Foswiki/UI/Passwords.pm
View file
Expand Up @@ -147,6 +147,12 @@ sub _resetUsersPassword {
return 0;
}

if ( !$session->{users}->userEnabled($login) ) {
$$pMess .=
$session->inlineAlert( 'alertsnohtml', 'disabled_user', $login );
return 0;
}

require Foswiki::Users;
my $password = Foswiki::Users::randomPassword();

Expand Down
2 changes: 2 additions & 0 deletions core/templates/messages.tmpl
View file
Expand Up @@ -374,6 +374,8 @@ registermessages.tmpl
%{==============================================================================}%
%TMPL:DEF{"missing_user"}% %MAKETEXT{"The entry for user [_1] was missing in the password system." args="%PARAM1%"}% %TMPL:END%
%{==============================================================================}%
%TMPL:DEF{"disabled_user"}% %MAKETEXT{"The entry for user [_1] is disabled in the password system." args="%PARAM1%"}% %TMPL:END%
%{==============================================================================}%
%TMPL:DEF{"bad_user"}% %MAKETEXT{"Can't find user [_1]" args="%PARAM1%"}%%TMPL:END%
%{==============================================================================}%
%TMPL:DEF{"no_email_for"}% %MAKETEXT{"Can't get an e-mail address for [_1] (required for password reset)" args="%PARAM1%"}% %TMPL:END%
Expand Down

0 comments on commit 276b8fe

Please sign in to comment.