disable sending email or show presence when forgot system user password

app/controllers/session_controller.rb

@@ -120,14 +120,15 @@ class SessionController < ApplicationController
     RateLimiter.new(nil, "forgot-password-min-#{request.remote_ip}", 3, 1.minute).performed!
 
     user = User.find_by_username_or_email(params[:login])
-    if user.present?
+    user_presence = user.present? && user.id != -1
+    if user_presence
       email_token = user.email_tokens.create(email: user.email)
       Jobs.enqueue(:user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token)
     end
 
     json = { result: "ok" }
     unless SiteSetting.forgot_password_strict
-      json[:user_found] = user.present?
+      json[:user_found] = user_presence
     end
 
     render json: json

spec/controllers/session_controller_spec.rb

@@ -134,7 +134,7 @@ describe SessionController do
         @sso.name = @reversed_name
 
         @suggested_username = UserNameSuggester.suggest(@sso.username || @sso.name || @sso.email)
-        @suggested_name = User.suggest_name(@sso.name || @sso.username || @sso.email) 
+        @suggested_name = User.suggest_name(@sso.name || @sso.username || @sso.email)
         @user.create_single_sign_on_record(external_id: '997', last_payload: '')
       end
 
@@ -431,6 +431,18 @@ describe SessionController do
       end
     end
 
+    context 'do nothing to system username' do
+      let(:user) { User.find(-1) }
+
+      it 'generates no token for system username' do
+        lambda { xhr :post, :forgot_password, login: user.username}.should_not change(EmailToken, :count)
+      end
+
+      it 'enqueues no email' do
+        Jobs.expects(:enqueue).never
+        xhr :post, :forgot_password, login: user.username
+      end
+    end
   end
 
   describe '.current' do