From 1dec1b4358d271815a0fa8fbba8d466b1a9010f1 Mon Sep 17 00:00:00 2001
From: Mirko Galimberti <me@mirkogalimberti.com>
Date: Mon, 2 Sep 2019 13:50:39 +0200
Subject: [PATCH] Checks for user availability before accessing the
 registration key

---
 gluon/tools.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gluon/tools.py b/gluon/tools.py
index e6421b88..a6d79678 100644
--- a/gluon/tools.py
+++ b/gluon/tools.py
@@ -3171,12 +3171,12 @@ class Auth(AuthAPI):
                         formname='retrieve_password', dbio=False,
                         onvalidation=onvalidation, hideerror=self.settings.hideerror):
             user = table_user(email=form.vars.email)
-            key = user.registration_key
             if not user:
                 current.session.flash = \
                     self.messages.invalid_email
                 redirect(self.url(args=request.args))
-            elif key in ('pending', 'disabled', 'blocked') or (key or '').startswith('pending'):
+            key = user.registration_key
+            if key in ('pending', 'disabled', 'blocked') or (key or '').startswith('pending'):
                 current.session.flash = \
                     self.messages.registration_pending
                 redirect(self.url(args=request.args))