diff --git a/pkg/api/forget_passwords.go b/pkg/api/forget_passwords.go
index 2117b61f..39ad23ce 100644
--- a/pkg/api/forget_passwords.go
+++ b/pkg/api/forget_passwords.go
@@ -46,9 +46,14 @@ func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.Context) (
 		return nil, errs.ErrUserNotFound
 	}
 
+	if user.Disabled {
+		log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" is disabled", user.Uid)
+		return nil, errs.ErrUserIsDisabled
+	}
+
 	if !user.EmailVerified {
 		log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" has not verified email", user.Uid)
-		return nil, errs.ErrEmptyIsNotVerified
+		return nil, errs.ErrEmailIsNotVerified
 	}
 
 	token, _, err := a.tokens.CreatePasswordResetToken(c, user)
@@ -89,6 +94,16 @@ func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.Context) (interfac
 		return nil, errs.ErrUserNotFound
 	}
 
+	if user.Disabled {
+		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] user \"uid:%d\" is disabled", user.Uid)
+		return nil, errs.ErrUserIsDisabled
+	}
+
+	if !user.EmailVerified {
+		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] user \"uid:%d\" has not verified email", user.Uid)
+		return nil, errs.ErrEmailIsNotVerified
+	}
+
 	if user.Email != request.Email {
 		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] request email not equals the user email")
 		return nil, errs.ErrEmptyIsInvalid
diff --git a/pkg/errs/user.go b/pkg/errs/user.go
index dc40fa8d..67ea747d 100644
--- a/pkg/errs/user.go
+++ b/pkg/errs/user.go
@@ -26,5 +26,5 @@ var (
 	ErrEmptyIsInvalid               = NewNormalError(NormalSubcategoryUser, 17, http.StatusBadRequest, "email is invalid")
 	ErrEmailIsEmptyOrInvalid        = NewNormalError(NormalSubcategoryUser, 18, http.StatusBadRequest, "email is empty or invalid")
 	ErrNewPasswordEqualsOldInvalid  = NewNormalError(NormalSubcategoryUser, 19, http.StatusBadRequest, "new password equals old password")
-	ErrEmptyIsNotVerified           = NewNormalError(NormalSubcategoryUser, 20, http.StatusBadRequest, "email is not verified")
+	ErrEmailIsNotVerified           = NewNormalError(NormalSubcategoryUser, 20, http.StatusBadRequest, "email is not verified")
 )