|
user = self.get_user(**kwargs) |
|
self.send_reset_password_instructions(user) |
Between these two lines a check should be added that the user's account is active:
if not user.is_active:
_abort(get_message("DISABLED_ACCOUNT")[0])With the current behaviour, a disabled user is still sent an email enabling them to reset their password, after which a message is displayed "You successfully reset your password and you have been logged in automatically" although they are not logged in.
invenio-accounts/invenio_accounts/views/rest.py
Lines 395 to 396 in 345abfc
Between these two lines a check should be added that the user's account is active:
With the current behaviour, a disabled user is still sent an email enabling them to reset their password, after which a message is displayed "You successfully reset your password and you have been logged in automatically" although they are not logged in.