From 43d6ae7476bbf4d08991b405a63a0f8dbc2ac25a Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Tue, 20 Nov 2018 13:28:40 +0100 Subject: [PATCH] Respect the disabled setting for lost_password_link Fixes #11146 As documented when it is set to disabled the user can't request a lost password. Signed-off-by: Roeland Jago Douma --- core/Controller/LoginController.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index d34f243f15f6e..40e13b43c80f0 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -232,7 +232,9 @@ private function setPasswordResetParameters( $parameters['resetPasswordLink'] = $this->config ->getSystemValue('lost_password_link', ''); - if (!$parameters['resetPasswordLink'] && $userObj !== null) { + if ($parameters['resetPasswordLink'] === 'disabled') { + $parameters['canResetPassword'] = false; + } else if (!$parameters['resetPasswordLink'] && $userObj !== null) { $parameters['canResetPassword'] = $userObj->canChangePassword(); } else if ($userObj !== null && $userObj->isEnabled() === false) { $parameters['canResetPassword'] = false;