Fixed reset password

In case user is unverified and one-time use is enabled

rest_registration/api/views/reset_password.py

@@ -31,7 +31,7 @@ def get_valid_period(self):
     def _calculate_salt(self, data):
         if registration_settings.RESET_PASSWORD_VERIFICATION_ONE_TIME_USE:
             user_id = data['user_id']
-            user = get_user_by_id(user_id)
+            user = get_user_by_id(user_id, require_verified=False)
             # Use current user password hash as a part of the salt.
             # If the password gets changed, then assume that the change
             # was caused by previous password reset and the signature

tests/api/test_reset_password.py

@@ -121,6 +121,24 @@ def test_send_link_unverified_user(self):
         sent_email = sent_emails[0]
         self._assert_valid_send_link_email(sent_email, user, timer)
 
+    @override_settings(
+        REST_REGISTRATION=shallow_merge_dicts(
+            REST_REGISTRATION_WITH_RESET_PASSWORD, {
+                'RESET_PASSWORD_VERIFICATION_ONE_TIME_USE': True,
+            }
+        ),
+    )
+    def test_send_link_unverified_user_one_time_use(self):
+        user = self.create_test_user(username='testusername', is_active=False)
+        request = self.create_post_request({
+            'login': user.username,
+        })
+        with self.assert_one_mail_sent() as sent_emails, self.timer() as timer:
+            response = self.view_func(request)
+            self.assert_valid_response(response, status.HTTP_200_OK)
+        sent_email = sent_emails[0]
+        self._assert_valid_send_link_email(sent_email, user, timer)
+
     @override_settings(
         REST_REGISTRATION=shallow_merge_dicts(
             REST_REGISTRATION_WITH_RESET_PASSWORD, {