From c399d6edfbe4025347cd8552f572cdc163ea3fc7 Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Mon, 27 Sep 2021 09:29:13 -0700 Subject: [PATCH] Prevent password reset for inactive users --- bookwyrm/views/password.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bookwyrm/views/password.py b/bookwyrm/views/password.py index baf1b3ff4..1b8228a90 100644 --- a/bookwyrm/views/password.py +++ b/bookwyrm/views/password.py @@ -27,7 +27,9 @@ class PasswordResetRequest(View): """create a password reset token""" email = request.POST.get("email") try: - user = models.User.objects.get(email=email, email__isnull=False) + user = models.User.viewer_aware_objects(request.user).get( + email=email, email__isnull=False + ) except models.User.DoesNotExist: data = {"error": _("No user with that email address was found.")} return TemplateResponse(request, "password_reset_request.html", data)