Enable password reset for active users only (#52)

Author: sven1103

core/src/main/java/life/qbic/identityaccess/application/user/UserRegistrationService.java

@@ -166,8 +166,13 @@ public ApplicationResponse requestPasswordReset(String userEmailAddress) {
       return ApplicationResponse.failureResponse(new UserNotFoundException());
     }
 
-    // trigger password reset
+    // get user
     var user = optionalUser.get();
+
+    // We only allow password reset for users with confirmed email address
+    if (!user.isActive()) {
+      return ApplicationResponse.failureResponse(new ServiceException("User not active"));
+    }
     DomainEventPublisher.instance().subscribe(new DomainEventSubscriber<PasswordReset>() {
       @Override
       public Class<? extends DomainEvent> subscribedToEventType() {