added check for "recoverable" option

dektrium · Dec 12, 2013 · 41296e2 · 41296e2
1 parent 37d3d34
commit 41296e2
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/controllers/RecoveryController.php b/controllers/RecoveryController.php
@@ -15,9 +15,13 @@ class RecoveryController extends Controller
 	 * Displays page where user can request new recovery message.
 	 *
 	 * @return string
+	 * @throws \yii\web\NotFoundHttpException
 	 */
 	public function actionRequest()
 	{
+		if (!$this->module->recoverable) {
+			throw new NotFoundHttpException();
+		}
 		/** @var \dektrium\user\forms\Recovery $model */
 		$model = \Yii::createObject([
 			'class' => $this->module->recoveryForm,
@@ -43,6 +47,9 @@ public function actionRequest()
 	 */
 	public function actionReset($id, $token)
 	{
+		if (!$this->module->recoverable) {
+			throw new NotFoundHttpException();
+		}
 		/** @var \dektrium\user\models\User $user */
 		$query = new ActiveQuery(['modelClass' => \Yii::$app->getUser()->identityClass]);
 		$user = $query->where(['id' => $id, 'recovery_token' => $token])->one();

diff --git a/models/Recoverable.php b/models/Recoverable.php
@@ -16,17 +16,25 @@ trait Recoverable
 	 * Checks if the password recovery happens before the token becomes invalid.
 	 *
 	 * @return bool
+	 * @throws \RuntimeException Whether dektrium\user\Module.recoverable is false.
 	 */
 	public function getIsRecoveryPeriodExpired()
 	{
+		if (!\Yii::$app->getModule('user')->recoverable) {
+			throw new \RuntimeException('You must enable dektrium\user\Module.recoverable to use method this method');
+		}
 		return ($this->recovery_sent_time + \Yii::$app->getModule('user')->recoverWithin) < time();
 	}
 
 	/**
 	 * @return string Recovery url
+	 * @throws \RuntimeException Whether dektrium\user\Module.recoverable is false.
 	 */
 	public function getRecoveryUrl()
 	{
+		if (!\Yii::$app->getModule('user')->recoverable) {
+			throw new \RuntimeException('You must enable dektrium\user\Module.recoverable to use method this method');
+		}
 		return \Yii::$app->getUrlManager()->createAbsoluteUrl('/user/recovery/reset', [
 			'id' => $this->id,
 			'token' => $this->recovery_token
@@ -53,9 +61,13 @@ public function sendRecoveryMessage()
 
 	/**
 	 * Generates recovery data.
+	 * @throws \RuntimeException Whether dektrium\user\Module.recoverable is false.
 	 */
 	protected function generateRecoveryData()
 	{
+		if (!\Yii::$app->getModule('user')->recoverable) {
+			throw new \RuntimeException('You must enable dektrium\user\Module.recoverable to use method this method');
+		}
 		$this->recovery_token = Security::generateRandomKey();
 		$this->recovery_sent_time = time();
 		$this->save(false);