Bug 455814: token.cgi should reject password change requests for disabled…

Bug 455814: token.cgi should reject password change requests for disabled accounts - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r=ghendricks a=LpSolit

Bug 455814: token.cgi should reject password change requests for disabled…
bea6f25d · lpsolit%gmail.com · 7499f716 · bea6f25d · bea6f25d
Commit bea6f25d authored Sep 20, 2008 by lpsolit%gmail.com
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

messages.html.tmpl template/en/default/global/messages.html.tmpl +4 -0

token.cgi token.cgi +6 -0

No files found.
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -114,6 +114,10 @@
    The user account [% otheruser.login FILTER html %] has been deleted
    successfully.

+  [% ELSIF message_tag == "account_disabled" %]
+    The user account [% account FILTER html %] is disabled, so you
+    cannot change its password.
+
  [% ELSIF message_tag == "attachment_creation_failed" %]
    The [% terms.bug %] was created successfully, but attachment creation
    failed.

--- a/token.cgi
+++ b/token.cgi
@@ -111,6 +111,12 @@ if ( $action eq 'reqpw' ) {
        || ThrowUserError('illegal_email_address', {addr => $login_name});

    $user_account = Bugzilla::User->check($login_name);
+
+    # Make sure the user account is active.
+    if ($user_account->is_disabled) {
+        ThrowUserError('account_disabled',
+                       {disabled_reason => get_text('account_disabled', {account => $login_name})});
+    }
 }

 # If the user is changing their password, make sure they submitted a new