Respect the disabled setting for lost_password_link

Fixes #11146
As documented when it is set to disabled the user can't request a lost
password.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-11-20 13:28:40 +01:00
parent 53418f2795
commit 43d6ae7476
No known key found for this signature in database
GPG key ID: F941078878347C0C

View file

@ -232,7 +232,9 @@ class LoginController extends Controller {
$parameters['resetPasswordLink'] = $this->config
->getSystemValue('lost_password_link', '');
if (!$parameters['resetPasswordLink'] && $userObj !== null) {
if ($parameters['resetPasswordLink'] === 'disabled') {
$parameters['canResetPassword'] = false;
} else if (!$parameters['resetPasswordLink'] && $userObj !== null) {
$parameters['canResetPassword'] = $userObj->canChangePassword();
} else if ($userObj !== null && $userObj->isEnabled() === false) {
$parameters['canResetPassword'] = false;