From d29e25350d2d5d2d41ffa632d6eec16b5f183a61 Mon Sep 17 00:00:00 2001 From: Samuel Date: Mon, 2 Jun 2025 15:29:20 +0100 Subject: [PATCH 1/5] send confirmation if user is unconfirmed on password reset --- app/models/user.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/models/user.rb b/app/models/user.rb index b504db9bc..23dbc196b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -358,6 +358,14 @@ class User < ApplicationRecord end end + def send_reset_password_instructions + if confirmed? + super + else + send_confirmation_instructions + end + end + protected # Checks whether a password is needed or not. For validations only. From a52898dd481a33e873e0cb019e41029d374ff823 Mon Sep 17 00:00:00 2001 From: Samuel Young Date: Mon, 14 Jul 2025 16:14:43 +0100 Subject: [PATCH 2/5] update copy on password reset page if user is unconfirmed --- app/controllers/auth/passwords_controller.rb | 3 ++- .../devise/passwords/reset_resend_confirmation.html.erb | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb index 9a281df16..7db9cfb48 100644 --- a/app/controllers/auth/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -4,6 +4,7 @@ class Auth::PasswordsController < Devise::PasswordsController def reset_confirmation self.resource = resource_class.new @email = params["email"] + @unconfirmed = params["unconfirmed"] == "true" if @email.blank? resource.errors.add :email, I18n.t("validations.email.blank") render "devise/passwords/new", status: :unprocessable_entity @@ -66,7 +67,7 @@ protected end def after_sending_reset_password_instructions_path_for(_resource) - account_password_reset_confirmation_path(email: params.dig("user", "email")) + account_password_reset_confirmation_path(email: params.dig("user", "email"), unconfirmed: !resource.confirmed?) end def after_resetting_password_path_for(resource) diff --git a/app/views/devise/passwords/reset_resend_confirmation.html.erb b/app/views/devise/passwords/reset_resend_confirmation.html.erb index b89717844..106f4d87e 100644 --- a/app/views/devise/passwords/reset_resend_confirmation.html.erb +++ b/app/views/devise/passwords/reset_resend_confirmation.html.erb @@ -6,7 +6,11 @@ <%= content_for(:title) %> -

We’ve sent a link to reset your password to <%= @email %>.

+ <% if @unconfirmed %> +

We’ve sent a link to confirm your email address to <%= @email %>. This will complete your registration onto the CORE service.

+ <% else %> +

We’ve sent a link to reset your password to <%= @email %>.

+ <% end %>

You’ll only receive this link if your email address already exists in our system.

If you don’t receive the email within 5 minutes, check your spam or junk folders. Try again if you still haven’t received the email.

From 78689057e0e0d80a8c9a099ac1b8f90f6a2821fe Mon Sep 17 00:00:00 2001 From: Samuel Young Date: Wed, 16 Jul 2025 16:32:56 +0100 Subject: [PATCH 3/5] fixup! update copy on password reset page if user is unconfirmed also check if they've been sent a confirmation email otherwise, this text shows if the user doesn't exist --- app/controllers/auth/passwords_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb index 7db9cfb48..0ff4b9414 100644 --- a/app/controllers/auth/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -67,7 +67,7 @@ protected end def after_sending_reset_password_instructions_path_for(_resource) - account_password_reset_confirmation_path(email: params.dig("user", "email"), unconfirmed: !resource.confirmed?) + account_password_reset_confirmation_path(email: params.dig("user", "email"), unconfirmed: resource.initial_confirmation_sent && !resource.confirmed?) end def after_resetting_password_path_for(resource) From c3929bc10db059b3e8f2d12eaaba775365b3c02c Mon Sep 17 00:00:00 2001 From: David May-Miller Date: Mon, 21 Jul 2025 17:31:05 +0100 Subject: [PATCH 4/5] CLDC-4033 Fix name of variable --- app/controllers/auth/passwords_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb index 0ff4b9414..c321c2009 100644 --- a/app/controllers/auth/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -66,7 +66,7 @@ protected resource.need_two_factor_authentication?(request) ? :updated_2FA : :updated end - def after_sending_reset_password_instructions_path_for(_resource) + def after_sending_reset_password_instructions_path_for(resource) account_password_reset_confirmation_path(email: params.dig("user", "email"), unconfirmed: resource.initial_confirmation_sent && !resource.confirmed?) end From d79ec2aca169893780813bf9ef88ccb5e2278e97 Mon Sep 17 00:00:00 2001 From: Samuel Young Date: Thu, 28 Aug 2025 12:10:10 +0100 Subject: [PATCH 5/5] CLDC-4033: Correct name of resource variable this override function is passed a resource symbol, not a resource object --- app/controllers/auth/passwords_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb index c321c2009..e4a21675b 100644 --- a/app/controllers/auth/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -66,7 +66,7 @@ protected resource.need_two_factor_authentication?(request) ? :updated_2FA : :updated end - def after_sending_reset_password_instructions_path_for(resource) + def after_sending_reset_password_instructions_path_for(_resource_name) account_password_reset_confirmation_path(email: params.dig("user", "email"), unconfirmed: resource.initial_confirmation_sent && !resource.confirmed?) end