From eeb32ec12a3ca1965e585bf5054bb9580a278d33 Mon Sep 17 00:00:00 2001
From: Jason Harvey <alienth@reddit.com>
Date: Sat, 19 Jan 2013 18:11:42 -0800
Subject: [PATCH] Prevent _banned users from resetting their password.

---
 r2/r2/controllers/api.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py
index e829cf8a1..fc93e0120 100755
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -2263,6 +2263,10 @@ class ApiController(RedditController, OAuth2ResourceController):
             form.redirect('/password?expired=true')
             return
 
+        # Prevent banned users from resetting, and thereby logging in
+        if user._banned:
+            return
+
         # successfully entered user name and valid new password
         change_password(user, password)
         g.log.warning("%s did a password reset for %s via %s",