diff --git a/core/modules/user/src/Form/UserPasswordForm.php b/core/modules/user/src/Form/UserPasswordForm.php index 87d39e9..3e1885a 100644 --- a/core/modules/user/src/Form/UserPasswordForm.php +++ b/core/modules/user/src/Form/UserPasswordForm.php @@ -138,6 +138,7 @@ public function buildForm(array $form, FormStateInterface $form_state) { '#type' => 'hidden', '#value' => 2, ); + $form['name']['#default_value'] = $this->getRequest()->query->get('name'); } $form['actions'] = array('#type' => 'actions'); if ($form_state->getValue('step') == 2) { @@ -166,7 +167,7 @@ public function validateForm(array &$form, FormStateInterface $form_state) { $name = trim($form_state->getValue('name')); $accounts = array(); // Try to load by email. - $users = entity_load_multiple_by_properties('user', array('mail' => $name, 'status' => '1')); + $users = $this->userStorage->loadByProperties(array('mail' => $name)); $account_by_email = reset($users); if ($account_by_email) { $accounts[Crypt::hashBase64(Settings::getHashSalt() . $account_by_email->id())] = $account_by_email; @@ -174,19 +175,34 @@ public function validateForm(array &$form, FormStateInterface $form_state) { // Also try to load by user name, but only when the user is not logged in. $user = $this->currentUser(); if ($user->id() == 0) { - $users = entity_load_multiple_by_properties('user', array('name' => $name, 'status' => '1')); + $users = $this->userStorage->loadByProperties(array('name' => $name)); $account_by_name = reset($users); if ($account_by_name) { $accounts[Crypt::hashBase64(Settings::getHashSalt() . $account_by_name->id())] = $account_by_name; } } if (!empty($accounts)) { + if (count($accounts) == 1) { + $account = reset($accounts); + // Blocked accounts cannot request a new password. + if (!$account->isActive()) { + $form_state->setErrorByName('name', $this->t('%name is blocked or has not been activated yet.', array('%name' => $account->getUsername()))); + } + } $form_state->setValue('accounts', $accounts); } else { $form_state->setErrorByName('name', t('Sorry, %name is not recognized as a username or an e-mail address.', array('%name' => $name))); } } + else if ($form_state->getValue('step') == 2) { + $chosen_account = $form_state->getValue('choose_account'); + $account = $form_state->getStorage()['accounts'][$chosen_account]; + // Blocked accounts cannot request a new password. + if (!$account->isActive()) { + $form_state->setErrorByName('choose_account', $this->t('%name is blocked or has not been activated yet.', array('%name' => $account->getUsername()))); + } + } } /** diff --git a/core/modules/user/src/Tests/UserPasswordResetTest.php b/core/modules/user/src/Tests/UserPasswordResetTest.php index 7f9e0ae..af56e30 100644 --- a/core/modules/user/src/Tests/UserPasswordResetTest.php +++ b/core/modules/user/src/Tests/UserPasswordResetTest.php @@ -136,7 +136,7 @@ function testUserPasswordReset() { $edit = array('name' => $this->randomMachineName(32)); $this->drupalPostForm(NULL, $edit, t('Submit')); - $this->assertText(t('Sorry, @name is not recognized as a username or an email address.', array('@name' => $edit['name'])), 'Validation error message shown when trying to request password for invalid account.'); + $this->assertRaw(t('Sorry, %name is not recognized as a username or an email address.', array('%name' => $edit['name'])), 'Validation error message shown when trying to request password for invalid account.'); $this->assertEqual(count($this->drupalGetMails(array('id' => 'user_password_reset'))), 0, 'No email was sent when requesting a password for an invalid account.'); // Reset the password by username via the password reset page.