From 839d3ccc027e823c01f3e6c89ee289e338c37265 Mon Sep 17 00:00:00 2001 From: samyou-softwire Date: Wed, 22 Apr 2026 17:08:50 +0100 Subject: [PATCH] fixup! CLDC-4330: Update confirmation comment --- app/controllers/auth/confirmations_controller.rb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb index c08af04bf..a13ce1e6b 100644 --- a/app/controllers/auth/confirmations_controller.rb +++ b/app/controllers/auth/confirmations_controller.rb @@ -5,9 +5,10 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController yield resource if block_given? if resource.errors.empty? - # previously we reset sign_in_count to indicate that a user was deactivated and so needs to reset their password on confirming their email post reactivation. - # now we have a specific flag for this as resetting sign in count was difficult for auditing. - # though for backwards compatability we need to ensure previous users with a reset sign in count still will see the password reset screen + # previously we reset sign_in_count on deactivation and had only the .zero? check here. + # this would force a password reset both if it was your very first log in, and on your first login after reactivation. + # now we have a specific flag for the latter case as resetting sign_in_count was difficult for auditing. + # note that some deactivated users will have a sign_in_count of 0 and not have this flag set if they were deactivated before we made this change. if resource.reset_password_on_confirmation || resource.sign_in_count.zero? token = resource.send(:set_reset_password_token) redirect_to "#{edit_user_password_url}?reset_password_token=#{token}&confirmation=true"