From 41296e2f66e6ae481ad68c6037fa6614c9cef370 Mon Sep 17 00:00:00 2001
From: Dmitry Erofeev <dmeroff@gmail.com>
Date: Thu, 12 Dec 2013 19:10:27 +0400
Subject: [PATCH] added check for "recoverable" option

---
 controllers/RecoveryController.php |  7 +++++++
 models/Recoverable.php             | 12 ++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/controllers/RecoveryController.php b/controllers/RecoveryController.php
index ef3900a26..53d9c40d2 100644
--- a/controllers/RecoveryController.php
+++ b/controllers/RecoveryController.php
@@ -15,9 +15,13 @@ class RecoveryController extends Controller
 	 * Displays page where user can request new recovery message.
 	 *
 	 * @return string
+	 * @throws \yii\web\NotFoundHttpException
 	 */
 	public function actionRequest()
 	{
+		if (!$this->module->recoverable) {
+			throw new NotFoundHttpException();
+		}
 		/** @var \dektrium\user\forms\Recovery $model */
 		$model = \Yii::createObject([
 			'class' => $this->module->recoveryForm,
@@ -43,6 +47,9 @@ public function actionRequest()
 	 */
 	public function actionReset($id, $token)
 	{
+		if (!$this->module->recoverable) {
+			throw new NotFoundHttpException();
+		}
 		/** @var \dektrium\user\models\User $user */
 		$query = new ActiveQuery(['modelClass' => \Yii::$app->getUser()->identityClass]);
 		$user = $query->where(['id' => $id, 'recovery_token' => $token])->one();
diff --git a/models/Recoverable.php b/models/Recoverable.php
index d4dd65cec..518379aa6 100644
--- a/models/Recoverable.php
+++ b/models/Recoverable.php
@@ -16,17 +16,25 @@ trait Recoverable
 	 * Checks if the password recovery happens before the token becomes invalid.
 	 *
 	 * @return bool
+	 * @throws \RuntimeException Whether dektrium\user\Module.recoverable is false.
 	 */
 	public function getIsRecoveryPeriodExpired()
 	{
+		if (!\Yii::$app->getModule('user')->recoverable) {
+			throw new \RuntimeException('You must enable dektrium\user\Module.recoverable to use method this method');
+		}
 		return ($this->recovery_sent_time + \Yii::$app->getModule('user')->recoverWithin) < time();
 	}
 
 	/**
 	 * @return string Recovery url
+	 * @throws \RuntimeException Whether dektrium\user\Module.recoverable is false.
 	 */
 	public function getRecoveryUrl()
 	{
+		if (!\Yii::$app->getModule('user')->recoverable) {
+			throw new \RuntimeException('You must enable dektrium\user\Module.recoverable to use method this method');
+		}
 		return \Yii::$app->getUrlManager()->createAbsoluteUrl('/user/recovery/reset', [
 			'id' => $this->id,
 			'token' => $this->recovery_token
@@ -53,9 +61,13 @@ public function sendRecoveryMessage()
 
 	/**
 	 * Generates recovery data.
+	 * @throws \RuntimeException Whether dektrium\user\Module.recoverable is false.
 	 */
 	protected function generateRecoveryData()
 	{
+		if (!\Yii::$app->getModule('user')->recoverable) {
+			throw new \RuntimeException('You must enable dektrium\user\Module.recoverable to use method this method');
+		}
 		$this->recovery_token = Security::generateRandomKey();
 		$this->recovery_sent_time = time();
 		$this->save(false);