Bug 455814: token.cgi should reject password change requests for disabled accounts...

diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index d35cd6d6dfeec415c8960c7afc2bb32ff7e2eaea..eb869a77637006a1331e99ba99ca5492007cb8e1 100644 (file)
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -114,6 +114,10 @@
     The user account [% otheruser.login FILTER html %] has been deleted
     successfully.
 
+  [% ELSIF message_tag == "account_disabled" %]
+    The user account [% account FILTER html %] is disabled, so you
+    cannot change its password.
+
   [% ELSIF message_tag == "attachment_creation_failed" %]
     The [% terms.bug %] was created successfully, but attachment creation
     failed.

diff --git a/token.cgi b/token.cgi
index bbbbe01c6eed9f31b430a203f680fc1592df1c9e..34a0173760625229f9649191a439b6c99da6008b 100755 (executable)
--- a/token.cgi
+++ b/token.cgi
@@ -111,6 +111,12 @@ if ( $action eq 'reqpw' ) {
         || ThrowUserError('illegal_email_address', {addr => $login_name});
 
     $user_account = Bugzilla::User->check($login_name);
+
+    # Make sure the user account is active.
+    if ($user_account->is_disabled) {
+        ThrowUserError('account_disabled',
+                       {disabled_reason => get_text('account_disabled', {account => $login_name})});
+    }
 }
 
 # If the user is changing their password, make sure they submitted a new