From 25097bce31d2f2d7ef9930dfc8c41fe1a12f1497 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 14 Aug 2018 18:04:27 -0700
Subject: [PATCH] Only allow activated users to reset their password

---
 app/Http/Controllers/Auth/ForgotPasswordController.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php
index 0282bbeb5d..c64710ac38 100644
--- a/app/Http/Controllers/Auth/ForgotPasswordController.php
+++ b/app/Http/Controllers/Auth/ForgotPasswordController.php
@@ -55,7 +55,10 @@ class ForgotPasswordController extends Controller
         // to send the link, we will examine the response then see the message we
         // need to show to the user. Finally, we'll send out a proper response.
         $response = $this->broker()->sendResetLink(
-            $request->only('email')
+            array_merge(
+                $request->only('email'),
+                ['activated' => '1']
+            )
         );
 
         if ($response === \Password::RESET_LINK_SENT) {