Code cleanup.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9943 e93f8b46-1217-0410-a6f0-8f06a7374b81

1 files changed, 11 insertions, 5 deletions

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 7d57b45da..c9cefe8c7 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -63,11 +63,17 @@ class AccountController < ApplicationController
       return
     else
       if request.post?
-        user = User.find_by_mail(params[:mail])
-        # user not found in db
-        (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
-        # user uses an external authentification
-        (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
+        user = User.find_by_mail(params[:mail].to_s)
+        # user not found or not active
+        unless user && user.active?
+          flash.now[:error] = l(:notice_account_unknown_email)
+          return
+        end
+        # user cannot change its password
+        unless user.change_password_allowed?
+          flash.now[:error] = l(:notice_can_t_change_password)
+          return
+        end
         # create a new token for password recovery
         token = Token.new(:user => user, :action => "recovery")
         if token.save