diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb index d3f617822..c9586fb73 100644 --- a/app/controllers/auth/confirmations_controller.rb +++ b/app/controllers/auth/confirmations_controller.rb @@ -5,7 +5,10 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController yield resource if block_given? if resource.errors.empty? - if resource.sign_in_count.zero? + # previously we reset sign in count to indicate that a user was deactivated and so needs to reset their password on confirming their email post reactivation. + # now we have a specific flag for this. + # though for backwards compatability we need to ensure previous users with a reset sign in count still will see the password reset screen + if resource.reset_password_on_confirmation || resource.sign_in_count.zero? token = resource.send(:set_reset_password_token) redirect_to "#{edit_user_password_url}?reset_password_token=#{token}&confirmation=true" else diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb index e4a21675b..7561ab129 100644 --- a/app/controllers/auth/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -37,6 +37,7 @@ class Auth::PasswordsController < Devise::PasswordsController if resource.errors.empty? resource.unlock_access! if resource.respond_to?(:unlock_access!) + resource.reset_password_on_confirmation = false if resource.reset_password_on_confirmation if Devise.sign_in_after_reset_password set_flash_message!(:notice, password_update_flash_message) resource.after_database_authentication diff --git a/app/models/user.rb b/app/models/user.rb index ea8289e53..0ff8f56e2 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -179,7 +179,7 @@ class User < ApplicationRecord update!( active: false, confirmed_at: nil, - sign_in_count: 0, + reset_password_on_confirmation: true, initial_confirmation_sent: false, reactivate_with_organisation:, unconfirmed_email: nil,