As of 2.0.0, passlib no longer correctly identifies bcrypt as bcrypt (instead, it mistakenly applies pybcrypt logic to bcrypt). This results in all Python 3 logic involving bcrypt failing. As a hotfix, we should require users to be on a version of bcrypt that passlib can handle a fix can be pushed into passlib.
The user may have been invited via a social network or an invitation system.
Check that the previous password is the same as it was when this password reset request was generated.
If you've just been invited, or are using social auth, you have no password set, so the reset password feature causes a crash. This doesn't need to happen.