diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb index a13ce1e6b..cd09d7bb6 100644 --- a/app/controllers/auth/confirmations_controller.rb +++ b/app/controllers/auth/confirmations_controller.rb @@ -9,7 +9,7 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController # this would force a password reset both if it was your very first log in, and on your first login after reactivation. # now we have a specific flag for the latter case as resetting sign_in_count was difficult for auditing. # note that some deactivated users will have a sign_in_count of 0 and not have this flag set if they were deactivated before we made this change. - if resource.reset_password_on_confirmation || resource.sign_in_count.zero? + if resource.force_reset_password_on_confirmation || resource.sign_in_count.zero? token = resource.send(:set_reset_password_token) redirect_to "#{edit_user_password_url}?reset_password_token=#{token}&confirmation=true" else diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb index 7561ab129..80f0feb5e 100644 --- a/app/controllers/auth/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -37,7 +37,7 @@ class Auth::PasswordsController < Devise::PasswordsController if resource.errors.empty? resource.unlock_access! if resource.respond_to?(:unlock_access!) - resource.reset_password_on_confirmation = false if resource.reset_password_on_confirmation + resource.force_reset_password_on_confirmation = false if resource.force_reset_password_on_confirmation if Devise.sign_in_after_reset_password set_flash_message!(:notice, password_update_flash_message) resource.after_database_authentication diff --git a/app/models/user.rb b/app/models/user.rb index 0ff8f56e2..92fd37dc8 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -179,7 +179,7 @@ class User < ApplicationRecord update!( active: false, confirmed_at: nil, - reset_password_on_confirmation: true, + force_reset_password_on_confirmation: true, initial_confirmation_sent: false, reactivate_with_organisation:, unconfirmed_email: nil, diff --git a/db/migrate/20260420151627_add_force_reset_password_on_confirmation_to_users.rb b/db/migrate/20260420151627_add_force_reset_password_on_confirmation_to_users.rb new file mode 100644 index 000000000..ad8a18980 --- /dev/null +++ b/db/migrate/20260420151627_add_force_reset_password_on_confirmation_to_users.rb @@ -0,0 +1,5 @@ +class AddForceResetPasswordOnConfirmationToUsers < ActiveRecord::Migration[7.2] + def change + add_column :users, :force_reset_password_on_confirmation, :boolean, default: false + end +end diff --git a/db/migrate/20260420151627_add_reset_password_on_confirmation_to_users.rb b/db/migrate/20260420151627_add_reset_password_on_confirmation_to_users.rb deleted file mode 100644 index 72bfa6785..000000000 --- a/db/migrate/20260420151627_add_reset_password_on_confirmation_to_users.rb +++ /dev/null @@ -1,5 +0,0 @@ -class AddResetPasswordOnConfirmationToUsers < ActiveRecord::Migration[7.2] - def change - add_column :users, :reset_password_on_confirmation, :boolean, default: false - end -end diff --git a/db/schema.rb b/db/schema.rb index 9ab58bf62..4af47a53f 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -924,7 +924,7 @@ ActiveRecord::Schema[7.2].define(version: 2026_04_20_151627) do t.datetime "discarded_at" t.string "phone_extension" t.datetime "values_updated_at" - t.boolean "reset_password_on_confirmation", default: false + t.boolean "force_reset_password_on_confirmation", default: false t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true t.index ["email"], name: "index_users_on_email", unique: true t.index ["encrypted_otp_secret_key"], name: "index_users_on_encrypted_otp_secret_key", unique: true