Allow to distinguish between inactive and unverified user

Because of the issue #34, we need to allow unverified users to be able to reset the password. By default we are using the `is_active` user attribute to hold the information whether the user is verified or not.
If someone is using this field to disable (block) the users, the user could easily unblock himself by using the "reset password" endpoint.