feat: don't allow to emit otp when user isn't active

Signed-off-by: romanetar <roman_ag@hotmail.com>

Author: romanetar

app/Http/Controllers/UserController.php

@@ -303,6 +303,11 @@ public function emitOTP()
                 throw new ValidationException("empty username.");
             }
 
+            $user = $this->auth_service->getUserByUsername($username);
+
+            if (!$user->isActive())
+                throw new ValidationException("user is not active.");
+
             $client = null;
 
             // check if we have a former oauth2 request