CLDC-4330: Use this new flag to determine when to show password reset

app/controllers/auth/confirmations_controller.rb

@@ -5,7 +5,10 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
     yield resource if block_given?
 
     if resource.errors.empty?
-      if resource.sign_in_count.zero?
+      # previously we reset sign in count to indicate that a user was deactivated and so needs to reset their password on confirming their email post reactivation.
+      # now we have a specific flag for this.
+      # though for backwards compatability we need to ensure previous users with a reset sign in count still will see the password reset screen
+      if resource.reset_password_on_confirmation || resource.sign_in_count.zero?
         token = resource.send(:set_reset_password_token)
         redirect_to "#{edit_user_password_url}?reset_password_token=#{token}&confirmation=true"
       else

app/controllers/auth/passwords_controller.rb

@@ -37,6 +37,7 @@ class Auth::PasswordsController < Devise::PasswordsController
 
     if resource.errors.empty?
       resource.unlock_access! if resource.respond_to?(:unlock_access!)
+      resource.reset_password_on_confirmation = false if resource.reset_password_on_confirmation
       if Devise.sign_in_after_reset_password
         set_flash_message!(:notice, password_update_flash_message)
         resource.after_database_authentication

app/models/user.rb

@@ -179,7 +179,7 @@ class User < ApplicationRecord
     update!(
       active: false,
       confirmed_at: nil,
-      sign_in_count: 0,
+      reset_password_on_confirmation: true,
       initial_confirmation_sent: false,
       reactivate_with_organisation:,
       unconfirmed_email: nil,