Works on Laravel 7
Note that you should also add the 'is_active' check in the ForgotPasswordController. Otherwise the user will be able to login by requesting a new password without the 'is_active' flag is verified
class ForgotPasswordController extends Controller{ //... protected function credentials(Request $request) { // is_active field in user model must be true. $request->merge(['is_active' => true]); return $request->only('email', 'is_active'); }}