Browse Source

Respect the disabled setting for lost_password_link

Fixes #11146
As documented when it is set to disabled the user can't request a lost
password.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
pull/12552/head
Roeland Jago Douma 7 years ago
parent
commit
43d6ae7476
No known key found for this signature in database GPG Key ID: F941078878347C0C
  1. 4
      core/Controller/LoginController.php

4
core/Controller/LoginController.php

@ -232,7 +232,9 @@ class LoginController extends Controller {
$parameters['resetPasswordLink'] = $this->config
->getSystemValue('lost_password_link', '');
if (!$parameters['resetPasswordLink'] && $userObj !== null) {
if ($parameters['resetPasswordLink'] === 'disabled') {
$parameters['canResetPassword'] = false;
} else if (!$parameters['resetPasswordLink'] && $userObj !== null) {
$parameters['canResetPassword'] = $userObj->canChangePassword();
} else if ($userObj !== null && $userObj->isEnabled() === false) {
$parameters['canResetPassword'] = false;

Loading…
Cancel
Save