From 0c103255065ab527c5dc2c2fb08cc29519ac759a Mon Sep 17 00:00:00 2001
From: Anna Sidwell <anna@takkaria.org>
Date: Tue, 14 Aug 2018 11:37:23 +0100
Subject: [PATCH] add_user_auth: Warn if user doesn't exist when adding w/o
 password (#46)

---
 group_model.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/group_model.php b/group_model.php
index d2587a4..55679f6 100644
--- a/group_model.php
+++ b/group_model.php
@@ -203,6 +203,10 @@ public function add_user_auth($admin_userid, $groupid, $username, $password, $ro
         // We only allow adding without a password if the capabilities module is loaded
         if (class_exists('Capabilities') && user_has_capability('group_add_member_no_auth')) {
             $add_userid = $this->user->get_id($username);
+            if (!$add_userid) {
+                $this->log->error("Error adding user to group: user $username doesn't exist");
+                return [ 'success' => false, 'message' => _("User doesn't exist") ];
+            }
         } else {
             $result = $this->user->get_apikeys_from_login($username, $password);
             if (!$result["success"]) {