Prevent _banned users from resetting their password.

2026-01-28 16:28:01 -05:00 · 2013-01-19 18:11:42 -08:00
parent 53d358bc61
commit eeb32ec12a
1 changed files with 4 additions and 0 deletions
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -2263,6 +2263,10 @@ class ApiController(RedditController, OAuth2ResourceController):
            form.redirect('/password?expired=true')
            return

+        # Prevent banned users from resetting, and thereby logging in
+        if user._banned:
+            return
+
        # successfully entered user name and valid new password
        change_password(user, password)
        g.log.warning("%s did a password reset for %s via %s",