[Bps-public-commit] rt-extension-resetpassword branch, master, updated. 0.05-3-gcb9a4b5

[Thomas Sibley]

The branch, master has been updated
       via  cb9a4b5add50313aa737254151f616626899fb58 (commit)
      from  79512af84fe4b60a84ff9810d242cb4c51b3378d (commit)

Summary of changes:
 html/NoAuth/ResetPassword/Request.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

- Log -----------------------------------------------------------------
commit cb9a4b5add50313aa737254151f616626899fb58
Author: Christian Loos <cloos at netcologne.de>
Date:   Tue Jul 16 10:20:49 2013 +0200

    don't allow requests for disabled users
    
    The previous behavior makes no sense because disabled users can't login even
    if they have a password.

diff --git a/html/NoAuth/ResetPassword/Request.html b/html/NoAuth/ResetPassword/Request.html
index ca0fc17..3afa02d 100644
--- a/html/NoAuth/ResetPassword/Request.html
+++ b/html/NoAuth/ResetPassword/Request.html
@@ -64,7 +64,7 @@ my $title = loc("Reset your password");
 if ($ARGS{'Email'} ) {
     my $u = RT::User->new($RT::SystemUser);
     $u->LoadByCols(EmailAddress => $ARGS{'Email'});
-    if ($u->id and $u->HasPassword) {
+    if ($u->id and $u->HasPassword and not $u->Disabled) {
     my $token = Digest::MD5->new()->add( $u->id, $u->__Value('Password'),
     $RT::DatabasePassword, $u->LastUpdated, @{[$RT::WebPath]} . '/NoAuth/ResetPassword/Reset')->hexdigest();
 
@@ -86,6 +86,8 @@ RT::Interface::Email::MailError( To => $u->EmailAddress, From => $RT::OwnerEmail
 
 
 push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
+} elsif ($u->id and $u->Disabled) {
+push @actions, loc("You can't reset your password because your user is disabled.");
 } elsif ($u->id) {
 push @actions, loc("You can't reset your password as you don't already have one.");
 } else {

-----------------------------------------------------------------------