From 05b6dbec1e5b4d1cb5bf6514f0d81279b530457e Mon Sep 17 00:00:00 2001
From: Samuel Young <samuel.young@softwire.com>
Date: Mon, 8 Sep 2025 15:04:38 +0100
Subject: [PATCH 1/4] CLDC-4044: Reset last_sign_at fields on reactivation

this is to ensure that the code considers them a fresh user

specifically, ensures that the "Resend invite link" button will show
---
 app/models/user.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/models/user.rb b/app/models/user.rb
index b504db9bc..dfbc8ed79 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -167,6 +167,11 @@ class User < ApplicationRecord
     update!(
       active: true,
       reactivate_with_organisation: false,
+      # resetting these fields ensures that the 'resend confirmation instructions' button shows
+      # we have this button be based on sign in date than confirmation status to ensure that the
+      # user has successfully completed the entire login flow before we hide the button
+      last_sign_in_at: nil,
+      last_sign_in_ip: nil,
     )
   end
 

From 28cd42ed3ef8df985985f9dda7d72d432347446f Mon Sep 17 00:00:00 2001
From: Samuel Young <samuel.young@softwire.com>
Date: Tue, 9 Sep 2025 11:48:57 +0100
Subject: [PATCH 2/4] CLDC-4044: Allow sending activation emails for
 unconfirmed users that have logged in

looks like CORE treats this state functionally for reconfirmed users & has a unique email sent out

so instead, change code to account for this and allow for sending emails to unconfirmed but signed in users
---
 app/models/user.rb            | 5 -----
 app/views/users/show.html.erb | 2 +-
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index dfbc8ed79..b504db9bc 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -167,11 +167,6 @@ class User < ApplicationRecord
     update!(
       active: true,
       reactivate_with_organisation: false,
-      # resetting these fields ensures that the 'resend confirmation instructions' button shows
-      # we have this button be based on sign in date than confirmation status to ensure that the
-      # user has successfully completed the entire login flow before we hide the button
-      last_sign_in_at: nil,
-      last_sign_in_ip: nil,
     )
   end
 
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 78f2a06d3..e9f5855bb 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -154,7 +154,7 @@
       <div class="govuk-button-group">
         <% if @user.active? %>
           <%= govuk_button_link_to "Deactivate user", deactivate_user_path(@user), warning: true %>
-          <% if current_user.support? && @user.last_sign_in_at.nil? %>
+          <% if current_user.support? && (@user.last_sign_in_at.nil? || !@user.confirmed?) %>
             <%= govuk_button_to "Resend invite link", resend_invite_user_path(@user), secondary: true %>
           <% end %>
         <% else %>

From 091af770fc1035e95fadf318fd3ecd00162aae6d Mon Sep 17 00:00:00 2001
From: Samuel Young <samuel.young@softwire.com>
Date: Tue, 9 Sep 2025 11:49:52 +0100
Subject: [PATCH 3/4] CLDC-4044: Add verifying test

---
 spec/features/user_spec.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb
index de3f2cbc5..cea3f14e9 100644
--- a/spec/features/user_spec.rb
+++ b/spec/features/user_spec.rb
@@ -608,6 +608,19 @@ RSpec.describe "User Features" do
         click_button("Resend invite link")
       end
     end
+
+    context "when reactivating a user" do
+      let!(:other_user) { create(:user, name: "Other name", active: false, organisation: user.organisation, last_sign_in_at: Time.zone.now, confirmed_at: nil) }
+
+      it "allows for reactivation email to be resent" do
+        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
+        sign_in(user)
+        visit(user_path(other_user))
+        click_link("Reactivate user")
+        click_button("I’m sure – reactivate this user")
+        expect(page).to have_button("Resend invite link")
+      end
+    end
   end
 
   context "when the user is a customer support person" do

From dd13a4a58515561da44e12d7c481e6249f7c05e8 Mon Sep 17 00:00:00 2001
From: Samuel Young <samuel.young@softwire.com>
Date: Tue, 9 Sep 2025 11:56:57 +0100
Subject: [PATCH 4/4] CLDC-4044: Add clarifying comment

---
 app/views/users/show.html.erb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index e9f5855bb..a1f104b10 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -154,6 +154,9 @@
       <div class="govuk-button-group">
         <% if @user.active? %>
           <%= govuk_button_link_to "Deactivate user", deactivate_user_path(@user), warning: true %>
+          <%# Some users are confirmed but have no sign in date, since logging in is a separate step that happens after confirmation %>
+          <%# Some users are unconfirmed but have a sign in date, since deactivating an account will unconfirm but not reset login date %>
+          <%# So, allow both cases to receive invite links %>
           <% if current_user.support? && (@user.last_sign_in_at.nil? || !@user.confirmed?) %>
             <%= govuk_button_to "Resend invite link", resend_invite_user_path(@user), secondary: true %>
           <% end %>