From bea6f25db1bf8f4333b3bf72d73015c7cdb9a197 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sat, 20 Sep 2008 01:00:25 +0000 Subject: Bug 455814: token.cgi should reject password change requests for disabled accounts - Patch by Frédéric Buclin r=ghendricks a=LpSolit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- template/en/default/global/messages.html.tmpl | 4 ++++ token.cgi | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl index d35cd6d6d..eb869a776 100644 --- a/template/en/default/global/messages.html.tmpl +++ b/template/en/default/global/messages.html.tmpl @@ -114,6 +114,10 @@ The user account [% otheruser.login FILTER html %] has been deleted successfully. + [% ELSIF message_tag == "account_disabled" %] + The user account [% account FILTER html %] is disabled, so you + cannot change its password. + [% ELSIF message_tag == "attachment_creation_failed" %] The [% terms.bug %] was created successfully, but attachment creation failed. diff --git a/token.cgi b/token.cgi index bbbbe01c6..34a017376 100755 --- a/token.cgi +++ b/token.cgi @@ -111,6 +111,12 @@ if ( $action eq 'reqpw' ) { || ThrowUserError('illegal_email_address', {addr => $login_name}); $user_account = Bugzilla::User->check($login_name); + + # Make sure the user account is active. + if ($user_account->is_disabled) { + ThrowUserError('account_disabled', + {disabled_reason => get_text('account_disabled', {account => $login_name})}); + } } # If the user is changing their password, make sure they submitted a new -- cgit v1.2.3-24-g4f1b