Update to Drupal 8.2.4. For more information, see https://www.drupal.org/project/drupal/releases/8.2.4

core/modules/comment/migration_templates/d6_comment.yml

@@ -7,6 +7,8 @@ source:
   constants:
     entity_type: node
 process:
+  # If you are using this file to build a custom migration consider removing
+  # the cid field to allow incremental migrations.
   cid: cid
   pid:
     plugin: migration

core/modules/comment/migration_templates/d6_comment_field.yml

@@ -13,7 +13,10 @@ process:
   type: 'constants/type'
   'settings/comment_type': comment_type
 destination:
-  plugin: md_entity:field_storage_config
+  plugin: entity:field_storage_config
+  dependencies:
+    module:
+      - comment
 migration_dependencies:
   required:
     - d6_comment_type

core/modules/comment/migration_templates/d7_comment.yml

@@ -7,6 +7,8 @@ source:
   constants:
     entity_type: node
 process:
+  # If you are using this file to build a custom migration consider removing
+  # the cid field to allow incremental migrations.
   cid: cid
   pid:
     plugin: migration

core/modules/comment/src/CommentAccessControlHandler.php

@@ -110,12 +110,13 @@ class CommentAccessControlHandler extends EntityAccessControlHandler {
           // access.
           return AccessResult::forbidden();
         }
+        $is_name = $field_definition->getName() === 'name';
         /** @var \Drupal\comment\CommentInterface $entity */
         $entity = $items->getEntity();
         $commented_entity = $entity->getCommentedEntity();
         $anonymous_contact = $commented_entity->get($entity->getFieldName())->getFieldDefinition()->getSetting('anonymous');
         $admin_access = AccessResult::allowedIfHasPermission($account, 'administer comments');
-        $anonymous_access = AccessResult::allowedIf($entity->isNew() && $account->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT && $account->hasPermission('post comments'))
+        $anonymous_access = AccessResult::allowedIf($entity->isNew() && $account->isAnonymous() && ($anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT || $is_name) && $account->hasPermission('post comments'))
           ->cachePerPermissions()
           ->addCacheableDependency($entity)
           ->addCacheableDependency($field_definition->getConfig($commented_entity->bundle()))

core/modules/comment/src/Tests/CommentAnonymousTest.php

@@ -65,6 +65,16 @@ class CommentAnonymousTest extends CommentTestBase {
     $anonymous_comment1 = $this->postComment($this->node, $this->randomMachineName(), $this->randomMachineName());
     $this->assertTrue($this->commentExists($anonymous_comment1), 'Anonymous comment without contact info found.');
 
+    // Ensure anonymous users cannot post in the name of registered users.
+    $edit = array(
+      'name' => $this->adminUser->getUsername(),
+      'comment_body[0][value]' => $this->randomMachineName(),
+    );
+    $this->drupalPostForm('comment/reply/node/' . $this->node->id() . '/comment', $edit, t('Save'));
+    $this->assertRaw(t('The name you used (%name) belongs to a registered user.', [
+      '%name' => $this->adminUser->getUsername(),
+    ]));
+
     // Allow contact info.
     $this->drupalLogin($this->adminUser);
     $this->setCommentAnonymous(COMMENT_ANONYMOUS_MAY_CONTACT);