From 43d6ae7476bbf4d08991b405a63a0f8dbc2ac25a Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Tue, 20 Nov 2018 13:28:40 +0100
Subject: [PATCH] Respect the disabled setting for lost_password_link

Fixes #11146
As documented when it is set to disabled the user can't request a lost
password.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 core/Controller/LoginController.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index d34f243f15f..40e13b43c80 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -232,7 +232,9 @@ class LoginController extends Controller {
 		$parameters['resetPasswordLink'] = $this->config
 			->getSystemValue('lost_password_link', '');
 
-		if (!$parameters['resetPasswordLink'] && $userObj !== null) {
+		if ($parameters['resetPasswordLink'] === 'disabled') {
+			$parameters['canResetPassword'] = false;
+		} else if (!$parameters['resetPasswordLink'] && $userObj !== null) {
 			$parameters['canResetPassword'] = $userObj->canChangePassword();
 		} else if ($userObj !== null && $userObj->isEnabled() === false) {
 			$parameters['canResetPassword'] = false;
-- 
GitLab