Ensure spammers cannot be re-enabled by accident

Seldaek · Seldaek · commit 3a7071ac9d3e · 2025-12-10T17:10:23.000+01:00
diff --git a/src/Controller/ResetPasswordController.php b/src/Controller/ResetPasswordController.php
@@ -97,9 +97,7 @@ public function reset(Request $request, UserPasswordHasherInterface $passwordHas
 
         if ($form->isSubmitted() && $form->isValid()) {
             $user->resetPasswordRequest();
-            if (!$user->hasRole('ROLE_SPAMMER')) {
-                $user->setEnabled(true);
-            }
+            $user->setEnabled(true);
 
             // Encode the plain password, and set it.
             $encodedPassword = $passwordHasher->hashPassword(
diff --git a/src/Entity/User.php b/src/Entity/User.php
@@ -465,6 +465,10 @@ public function setEmailCanonical(string $emailCanonical): void
 
     public function setEnabled(bool $boolean): void
     {
+        if ($this->hasRole('ROLE_SPAMMER')) {
+            $boolean = false;
+        }
+
         $this->enabled = $boolean;
     }
 
diff --git a/src/Security/EmailVerifier.php b/src/Security/EmailVerifier.php
@@ -66,10 +66,7 @@ public function handleEmailConfirmation(Request $request, UserInterface $user):
         }
 
         $this->verifyEmailHelper->validateEmailConfirmationFromRequest($request, (string) $user->getId(), $user->getEmail());
-
-        if (!$user->hasRole('ROLE_SPAMMER')) {
-            $user->setEnabled(true);
-        }
+        $user->setEnabled(true);
 
         $this->getEM()->persist($user);
         $this->getEM()->flush();

Original file line number	Diff line number	Diff line change
`@@ -465,6 +465,10 @@ public function setEmailCanonical(string $emailCanonical): void`
`465`	`465`
`466`	`466`	`public function setEnabled(bool $boolean): void`
`467`	`467`	`{`
	`468`	`+ if ($this->hasRole('ROLE_SPAMMER')) {`
	`469`	`+ $boolean = false;`
	`470`	`+ }`
	`471`	`+`
`468`	`472`	`$this->enabled = $boolean;`
`469`	`473`	`}`
`470`	`474`