My comments in red
* When a disabled user attempts to login with their correct credentials
* The authentication must fail (implemented, the authenticate method now throws a DisabledUserException in that case)
* A user friendly message should be presented to him: this is a best effort and sometimes it may not be possible to present him the message (not implemented as it is UI related but a new method has been added to cover this need which is Authenticator.getLastExceptionOnValidateUser)
* A disabled user must not receive anymore email messages: the message is lost and will not be resent later (Cannot do anything at eXo JCR level as the MailService is generic and is not aware of the OrganizationService, it needs to be implemented on top app level)
* An attempt to reset the credentials of a disabled user will fail (implemented, the saveUser method now throws a DisabledUserException in that case)
* The organization service API
* must be augmented for enabling and disabling an user (implemented, the method setEnabled(String userName, boolean enabled, boolean broadcast has been added for this purpose)
* queries returning users must be filtered
* the behavior of the existing method changes to remove the disabled users (implemented, old methods now call new ones with enabledOnly set to true as already described)
* an overloaded query method is added with a boolean argument to control the filtering of the query (implemented, new methods have been added with an additional parameter which is enabledOnly)
* must sent a new type of event upon enabled status changes (implemented, new methods have been added to cover this need which are preSetEnabled(User user) and postSetEnabled(User user))
* From the user interface perspective disabled users
* must not be listed in user selector components (not implemented as it is UI related)
* must appear in the community management portlet (not implemented as it is UI related)