Checks for user availability before accessing the registration key

2019-09-02 13:50:39 +02:00
parent 4191d4c48c
commit 1dec1b4358
1 changed files with 2 additions and 2 deletions
@@ -3171,12 +3171,12 @@ class Auth(AuthAPI):
                        formname='retrieve_password', dbio=False,
                        onvalidation=onvalidation, hideerror=self.settings.hideerror):
            user = table_user(email=form.vars.email)
-            key = user.registration_key
            if not user:
                current.session.flash = \
                    self.messages.invalid_email
                redirect(self.url(args=request.args))
-            elif key in ('pending', 'disabled', 'blocked') or (key or '').startswith('pending'):
+            key = user.registration_key
+            if key in ('pending', 'disabled', 'blocked') or (key or '').startswith('pending'):
                current.session.flash = \
                    self.messages.registration_pending
                redirect(self.url(args=request.args))