From 9cdd22cb757f8397abc230d7e1cc33d2615b1e25 Mon Sep 17 00:00:00 2001 From: xjm Date: Sun, 24 May 2015 20:01:09 -0500 Subject: [PATCH] Issue #753898 by corbacho, weri, opdavies, dscl, idebr, willzyx, manauwarsheikh, dansologuren, yoroy, alexpott: Wrong message for blocked users who request password reset --- core/modules/user/src/Form/UserPasswordForm.php | 12 +++++++++--- .../modules/user/src/Tests/UserPasswordResetTest.php | 9 +++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/core/modules/user/src/Form/UserPasswordForm.php b/core/modules/user/src/Form/UserPasswordForm.php index 48b55711f08..8a1a83982e8 100644 --- a/core/modules/user/src/Form/UserPasswordForm.php +++ b/core/modules/user/src/Form/UserPasswordForm.php @@ -116,14 +116,20 @@ class UserPasswordForm extends FormBase { public function validateForm(array &$form, FormStateInterface $form_state) { $name = trim($form_state->getValue('name')); // Try to load by email. - $users = $this->userStorage->loadByProperties(array('mail' => $name, 'status' => '1')); + $users = $this->userStorage->loadByProperties(array('mail' => $name)); if (empty($users)) { // No success, try to load by name. - $users = $this->userStorage->loadByProperties(array('name' => $name, 'status' => '1')); + $users = $this->userStorage->loadByProperties(array('name' => $name)); } $account = reset($users); if ($account && $account->id()) { - $form_state->setValueForElement(array('#parents' => array('account')), $account); + // Blocked accounts cannot request a new password. + if (!$account->isActive()) { + $form_state->setErrorByName('name', $this->t('%name is blocked or has not been activated yet.', array('%name' => $name))); + } + else { + $form_state->setValueForElement(array('#parents' => array('account')), $account); + } } else { $form_state->setErrorByName('name', $this->t('Sorry, %name is not recognized as a username or an email address.', array('%name' => $name))); diff --git a/core/modules/user/src/Tests/UserPasswordResetTest.php b/core/modules/user/src/Tests/UserPasswordResetTest.php index 3db2c009b55..07c7fcf481d 100644 --- a/core/modules/user/src/Tests/UserPasswordResetTest.php +++ b/core/modules/user/src/Tests/UserPasswordResetTest.php @@ -153,6 +153,15 @@ class UserPasswordResetTest extends PageCacheTagsTestBase { $blocked_account->save(); $this->drupalGet("user/reset/" . $blocked_account->id() . "/$timestamp/" . user_pass_rehash($blocked_account->getPassword(), $timestamp, $blocked_account->getLastLoginTime(), $this->account->id())); $this->assertResponse(403); + + // Verify a blocked user can not request a new password. + $this->drupalGet('user/password'); + // Count email messages before to compare with after. + $before = count($this->drupalGetMails(array('id' => 'user_password_reset'))); + $edit = array('name' => $blocked_account->getUsername()); + $this->drupalPostForm(NULL, $edit, t('Submit')); + $this->assertRaw(t('%name is blocked or has not been activated yet.', array('%name' => $blocked_account->getUsername())), 'Notified user blocked accounts can not request a new password'); + $this->assertTrue(count($this->drupalGetMails(array('id' => 'user_password_reset'))) === $before, 'No email was sent when requesting password reset for a blocked account'); } /**