Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #753898 by corbacho, weri, opdavies, dscl, idebr, willzyx, manauwarsheikh, dansologuren, yoroy, alexpott: Wrong message for blocked users who request password reset

8.0.x
xjm 2015-05-24 20:01:09 -05:00
parent 618ad10aa3
commit 9cdd22cb75
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
core/modules/user/src/Form/UserPasswordForm.php
View File

@ -116,14 +116,20 @@ class UserPasswordForm extends FormBase {
public function validateForm(array &$form, FormStateInterface $form_state) {
$name = trim($form_state->getValue('name'));
// Try to load by email.
$users = $this->userStorage->loadByProperties(array('mail' => $name, 'status' => '1'));
$users = $this->userStorage->loadByProperties(array('mail' => $name));
if (empty($users)) {
// No success, try to load by name.
$users = $this->userStorage->loadByProperties(array('name' => $name, 'status' => '1'));
$users = $this->userStorage->loadByProperties(array('name' => $name));
}
$account = reset($users);
if ($account && $account->id()) {
$form_state->setValueForElement(array('#parents' => array('account')), $account);
// Blocked accounts cannot request a new password.
if (!$account->isActive()) {
$form_state->setErrorByName('name', $this->t('%name is blocked or has not been activated yet.', array('%name' => $name)));
}
else {
$form_state->setValueForElement(array('#parents' => array('account')), $account);
}
}
else {
$form_state->setErrorByName('name', $this->t('Sorry, %name is not recognized as a username or an email address.', array('%name' => $name)));

9
core/modules/user/src/Tests/UserPasswordResetTest.php
View File

@ -153,6 +153,15 @@ class UserPasswordResetTest extends PageCacheTagsTestBase {
$blocked_account->save();
$this->drupalGet("user/reset/" . $blocked_account->id() . "/$timestamp/" . user_pass_rehash($blocked_account->getPassword(), $timestamp, $blocked_account->getLastLoginTime(), $this->account->id()));
$this->assertResponse(403);
// Verify a blocked user can not request a new password.
$this->drupalGet('user/password');
// Count email messages before to compare with after.
$before = count($this->drupalGetMails(array('id' => 'user_password_reset')));
$edit = array('name' => $blocked_account->getUsername());
$this->drupalPostForm(NULL, $edit, t('Submit'));
$this->assertRaw(t('%name is blocked or has not been activated yet.', array('%name' => $blocked_account->getUsername())), 'Notified user blocked accounts can not request a new password');
$this->assertTrue(count($this->drupalGetMails(array('id' => 'user_password_reset'))) === $before, 'No email was sent when requesting password reset for a blocked account');
}
/**