From bea6f25db1bf8f4333b3bf72d73015c7cdb9a197 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Sat, 20 Sep 2008 01:00:25 +0000
Subject: [PATCH] =?utf8?q?Bug=20455814:=20token.cgi=20should=20reject=20pa?=
 =?utf8?q?ssword=20change=20requests=20for=20disabled=20accounts=20-=20Pat?=
 =?utf8?q?ch=20by=20Fr=C3=83=C2=A9d=C3=83=C2=A9ric=20Buclin=20<LpSolit@gma?=
 =?utf8?q?il.com>=20r=3Dghendricks=20a=3DLpSolit?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 template/en/default/global/messages.html.tmpl | 4 ++++
 token.cgi                                     | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index d35cd6d6df..eb869a7763 100644
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -114,6 +114,10 @@
     The user account [% otheruser.login FILTER html %] has been deleted
     successfully.
 
+  [% ELSIF message_tag == "account_disabled" %]
+    The user account [% account FILTER html %] is disabled, so you
+    cannot change its password.
+
   [% ELSIF message_tag == "attachment_creation_failed" %]
     The [% terms.bug %] was created successfully, but attachment creation
     failed.
diff --git a/token.cgi b/token.cgi
index bbbbe01c6e..34a0173760 100755
--- a/token.cgi
+++ b/token.cgi
@@ -111,6 +111,12 @@ if ( $action eq 'reqpw' ) {
         || ThrowUserError('illegal_email_address', {addr => $login_name});
 
     $user_account = Bugzilla::User->check($login_name);
+
+    # Make sure the user account is active.
+    if ($user_account->is_disabled) {
+        ThrowUserError('account_disabled',
+                       {disabled_reason => get_text('account_disabled', {account => $login_name})});
+    }
 }
 
 # If the user is changing their password, make sure they submitted a new
-- 
2.47.3