diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py index ec70da2910..b13131fc94 100644 --- a/django/contrib/auth/forms.py +++ b/django/contrib/auth/forms.py @@ -238,8 +238,9 @@ class PasswordResetForm(forms.Form): from django.core.mail import send_mail UserModel = get_user_model() email = self.cleaned_data["email"] - users = UserModel._default_manager.filter(email__iexact=email) - for user in users: + active_users = UserModel._default_manager.filter( + email__iexact=email, is_active=True) + for user in active_users: # Make sure that no email is sent to a user that actually has # a password marked as unusable if not user.has_usable_password(): diff --git a/django/contrib/auth/tests/test_forms.py b/django/contrib/auth/tests/test_forms.py index de58641226..bf9a002770 100644 --- a/django/contrib/auth/tests/test_forms.py +++ b/django/contrib/auth/tests/test_forms.py @@ -436,6 +436,7 @@ class PasswordResetFormTest(TestCase): user.save() form = PasswordResetForm({'email': email}) self.assertTrue(form.is_valid()) + form.save() self.assertEqual(len(mail.outbox), 0) def test_unusable_password(self):