diff --git a/lib/galaxy/managers/users.py b/lib/galaxy/managers/users.py index 59dc13184c3b..2196857cf479 100644 --- a/lib/galaxy/managers/users.py +++ b/lib/galaxy/managers/users.py @@ -615,7 +615,7 @@ def get_reset_token(self, trans, email): reset_user = get_user_by_email(trans.sa_session, email, self.app.model.User) if not reset_user and email != email.lower(): reset_user = self._get_user_by_email_case_insensitive(trans.sa_session, email) - if reset_user: + if reset_user and not reset_user.deleted: prt = self.app.model.PasswordResetToken(reset_user) trans.sa_session.add(prt) with transaction(trans.sa_session): diff --git a/test/unit/app/managers/test_UserManager.py b/test/unit/app/managers/test_UserManager.py index 871daac25c8f..b8286838d103 100644 --- a/test/unit/app/managers/test_UserManager.py +++ b/test/unit/app/managers/test_UserManager.py @@ -232,6 +232,16 @@ def validate_send_email(frm, to, subject, body, config, html=None): mock_unique_id.assert_called_once() assert result is None + def test_reset_email_user_deleted(self): + self.trans.app.config.allow_user_deletion = True + self.log("should not produce the password reset email if user is deleted") + user_email = "user@nopassword.com" + user = self.user_manager.create(email=user_email, username="nopassword") + self.user_manager.delete(user) + assert user.deleted is True + message = self.user_manager.send_reset_email(self.trans, {"email": user_email}) + assert message == "Failed to produce password reset token. User not found." + def test_get_user_by_identity(self): # return None if username/email not found assert self.user_manager.get_user_by_identity("xyz") is None