Merge branch 'MDL-71068-protectusername-confirmed-MOODLE_39_STABLE' of https://github.com/brendanheywood/moodle into MOODLE_39_STABLE

lang/en/moodle.php

@@ -674,7 +674,7 @@ line at the top of your web browser window.
 If you need help, please contact the site administrator,
 {$a->admin}';
 $string['emailpasswordconfirmationsubject'] = '{$a}: Change password confirmation';
-$string['emailpasswordconfirmmaybesent'] = '<p>If you supplied a correct username or email address then an email should have been sent to you.</p>
+$string['emailpasswordconfirmmaybesent'] = '<p>If you supplied a correct username or unique email address then an email should have been sent to you.</p>
    <p>It contains easy instructions to confirm and complete this password change.
 If you continue to have difficulty, please contact the site administrator.</p>';
 $string['emailpasswordconfirmnoemail'] = '<p>The user account you specified does not have a recorded email address.</p>

login/lib.php

@@ -387,7 +387,9 @@ function core_login_validate_forgot_password_data($data) {
                 $user = get_complete_user_data('email', $data['email'], null, true);
                 if (empty($user->confirmed)) {
                     send_confirmation_email($user);
-                    $errors['email'] = get_string('confirmednot');
+                    if (empty($CFG->protectusernames)) {
+                        $errors['email'] = get_string('confirmednot');
+                    }
                 }
             } catch (dml_missing_record_exception $missingexception) {
                 // User not found. Show error when $CFG->protectusernames is turned off.
@@ -396,7 +398,9 @@ function core_login_validate_forgot_password_data($data) {
                 }
             } catch (dml_multiple_records_exception $multipleexception) {
                 // Multiple records found. Ask the user to enter a username instead.
-                $errors['email'] = get_string('forgottenduplicate');
+                if (empty($CFG->protectusernames)) {
+                    $errors['email'] = get_string('forgottenduplicate');
+                }
             }
         }
 
@@ -404,7 +408,9 @@ function core_login_validate_forgot_password_data($data) {
         if ($user = get_complete_user_data('username', $data['username'])) {
             if (empty($user->confirmed)) {
                 send_confirmation_email($user);
-                $errors['email'] = get_string('confirmednot');
+                if (empty($CFG->protectusernames)) {
+                    $errors['username'] = get_string('confirmednot');
+                }
             }
         }
         if (!$user and empty($CFG->protectusernames)) {

login/tests/lib_test.php

@@ -257,24 +257,34 @@ class core_login_lib_testcase extends advanced_testcase {
                 ['username' => get_string('usernamenotfound')],
                 ['protectusernames' => 0]
             ],
-            'Valid username, unconfirmed username' => [
+            'Valid username, unconfirmed username, username protection on' => [
                 ['username' => 's1'],
-                ['email' => get_string('confirmednot')],
+                [],
                 ['confirmed' => 0]
             ],
             'Invalid email' => [
                 ['email' => 's1-example.com'],
                 ['email' => get_string('invalidemail')]
             ],
-            'Multiple accounts with the same email' => [
+            'Multiple accounts with the same email, username protection on' => [
                 ['email' => 's1@example.com'],
-                ['email' => get_string('forgottenduplicate')],
+                [],
                 ['allowaccountssameemail' => 1]
             ],
-            'Multiple accounts with the same email but with different case' => [
+            'Multiple accounts with the same email, username protection off' => [
+                ['email' => 's1@example.com'],
+                ['email' => get_string('forgottenduplicate')],
+                ['allowaccountssameemail' => 1, 'protectusernames' => 0]
+            ],
+            'Multiple accounts with the same email but with different case, username protection is on' => [
+                ['email' => 'S1@EXAMPLE.COM'],
+                [],
+                ['allowaccountssameemail' => 1]
+            ],
+            'Multiple accounts with the same email but with different case, username protection is off' => [
                 ['email' => 'S1@EXAMPLE.COM'],
                 ['email' => get_string('forgottenduplicate')],
-                ['allowaccountssameemail' => 1]
+                ['allowaccountssameemail' => 1, 'protectusernames' => 0]
             ],
             'Non-existent email, username protection on' => [
                 ['email' => 's2@example.com']
@@ -290,10 +300,15 @@ class core_login_lib_testcase extends advanced_testcase {
             'Valid email, different case' => [
                 ['email' => 'S1@EXAMPLE.COM']
             ],
-            'Valid email, unconfirmed user' => [
+            'Valid email, unconfirmed user, username protection is on' => [
+                ['email' => 's1@example.com'],
+                [],
+                ['confirmed' => 0]
+            ],
+            'Valid email, unconfirmed user, username protection is off' => [
                 ['email' => 's1@example.com'],
                 ['email' => get_string('confirmednot')],
-                ['confirmed' => 0]
+                ['confirmed' => 0, 'protectusernames' => 0]
             ],
         ];
     }