Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[#1178] perform_reset uses the received id as the context's user
When performing a password reset, the user is probably (always?) not logged in. So c.user is an empty string. So, the auth functions have no way to tell which user is trying to reset his/her password. This worked fine before, because everyone was able to reset the password. But now that we've got users in DELETED state, it's not the case anymore.
- Loading branch information