diff --git a/core/modules/entity_reference/src/Tests/EntityReferenceAutocompleteTest.php b/core/modules/entity_reference/src/Tests/EntityReferenceAutocompleteTest.php
index ff59b8b04910f558a0695c4eadecf37c482aafca..1a3d934c1af6bf62e0351eb351143ed05e93c98d 100644
--- a/core/modules/entity_reference/src/Tests/EntityReferenceAutocompleteTest.php
+++ b/core/modules/entity_reference/src/Tests/EntityReferenceAutocompleteTest.php
@@ -140,9 +140,9 @@ protected function getAutocompleteResult($type, $input) {
*/
public function testBaseField() {
// Add two users.
- $user_1 = entity_create('user', array('name' => 'auto1'));
+ $user_1 = entity_create('user', array('name' => 'auto1', 'status' => TRUE));
$user_1->save();
- $user_2 = entity_create('user', array('name' => 'auto2'));
+ $user_2 = entity_create('user', array('name' => 'auto2', 'status' => TRUE));
$user_2->save();
$request = Request::create('entity_reference/autocomplete/single/user_id/entity_test/entity_test/NULL');
diff --git a/core/modules/user/src/Entity/User.php b/core/modules/user/src/Entity/User.php
index 06e1ad1eea88a879fb5d869dd1dd42d9a0ae79c5..3cc77b730fdd78a9d9ab3d3f716144ea27ae441d 100644
--- a/core/modules/user/src/Entity/User.php
+++ b/core/modules/user/src/Entity/User.php
@@ -504,10 +504,7 @@ public static function baseFieldDefinitions(EntityTypeInterface $entity_type) {
$fields['status'] = FieldDefinition::create('boolean')
->setLabel(t('User status'))
->setDescription(t('Whether the user is active or blocked.'))
- // @todo As the status has access implications users should be created as
- // blocked by default and activated explicitly if needed. See
- // https://drupal.org/node/2248969.
- ->setSetting('default_value', TRUE);
+ ->setSetting('default_value', FALSE);
$fields['created'] = FieldDefinition::create('created')
->setLabel(t('Created'))
diff --git a/core/modules/user/src/RegisterForm.php b/core/modules/user/src/RegisterForm.php
index 30f3018077d37b40d6670df6fa79896234cb6e58..2acbcd36b7225930bfa516827e122788864152b4 100644
--- a/core/modules/user/src/RegisterForm.php
+++ b/core/modules/user/src/RegisterForm.php
@@ -29,6 +29,7 @@ public function __construct(EntityManagerInterface $entity_manager, LanguageMana
*/
public function form(array $form, array &$form_state) {
$user = $this->currentUser();
+ /** @var \Drupal\user\UserInterface $account */
$account = $this->entity;
$admin = $user->hasPermission('administer users');
// Pass access information to the submit handler. Running an access check
@@ -47,6 +48,14 @@ public function form(array $form, array &$form_state) {
$form['#attached']['library'][] = 'core/jquery.cookie';
$form['#attributes']['class'][] = 'user-info-from-cookie';
+ // Because the user status has security implications, users are blocked by
+ // default when created programmatically and need to be actively activated
+ // if needed. When administrators create users from the user interface,
+ // however, we assume that they should be created as activated by default.
+ if ($admin) {
+ $account->activate();
+ }
+
// Start with the default user account fields.
$form = parent::form($form, $form_state, $account);
diff --git a/core/modules/user/src/Tests/UserCacheTagsTest.php b/core/modules/user/src/Tests/UserCacheTagsTest.php
index a80be506178ca725ddc0900e1517ff7ac40490b9..1d8155328a2371fdf1188163f1adef67380e36f6 100644
--- a/core/modules/user/src/Tests/UserCacheTagsTest.php
+++ b/core/modules/user/src/Tests/UserCacheTagsTest.php
@@ -46,6 +46,7 @@ protected function createEntity() {
// Create a "Llama" user.
$user = entity_create('user', array(
'name' => 'Llama',
+ 'status' => TRUE,
));
$user->save();
diff --git a/core/modules/user/user.install b/core/modules/user/user.install
index e0658c5045f6b0118f2fba750527b0d9bcd3d33f..eca1692cbec69fa13c3c3b291398b8cfc7e6eb19 100644
--- a/core/modules/user/user.install
+++ b/core/modules/user/user.install
@@ -84,6 +84,7 @@ function user_install() {
'uid' => 1,
'name' => 'placeholder-for-uid-1',
'mail' => 'placeholder-for-uid-1',
+ 'status' => TRUE,
'langcode' => $langcode,
))
->save();