fixup! CLDC-4330: Update confirmation comment

1 week ago · 839d3ccc02
1 changed files with 4 additions and 3 deletions
--- a/app/controllers/auth/confirmations_controller.rb
+++ b/app/controllers/auth/confirmations_controller.rb
@ -5,9 +5,10 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
    yield resource if block_given?

    if resource.errors.empty?
-      # previously we reset sign_in_count to indicate that a user was deactivated and so needs to reset their password on confirming their email post reactivation.
-      # now we have a specific flag for this as resetting sign in count was difficult for auditing.
-      # though for backwards compatability we need to ensure previous users with a reset sign in count still will see the password reset screen
+      # previously we reset sign_in_count on deactivation and had only the .zero? check here.
+      # this would force a password reset both if it was your very first log in, and on your first login after reactivation.
+      # now we have a specific flag for the latter case as resetting sign_in_count was difficult for auditing.
+      # note that some deactivated users will have a sign_in_count of 0 and not have this flag set if they were deactivated before we made this change.
      if resource.reset_password_on_confirmation || resource.sign_in_count.zero?
        token = resource.send(:set_reset_password_token)
        redirect_to "#{edit_user_password_url}?reset_password_token=#{token}&confirmation=true"