From 3dea09ee9bbab3c2e87b41f4d279ae979e6fc8da Mon Sep 17 00:00:00 2001
From: Jesus Federico <jesus@123it.ca>
Date: Wed, 10 Apr 2019 10:56:01 -0400
Subject: [PATCH]  GRN-94: Make sure reset-password also works on non-verified
 accounts (#448)

* Fix for issue with excesive requests to lb

* Fixed issue with rspec on users not passing when run alone

* Include dotenv in production

* GRN-94: Make sure reset-password also works on non-verified accounts
---
 app/controllers/password_resets_controller.rb | 3 ++-
 app/models/user.rb                            | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/controllers/password_resets_controller.rb b/app/controllers/password_resets_controller.rb
index a3e5c037..4e84024c 100644
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@@ -84,7 +84,8 @@ class PasswordResetsController < ApplicationController
 
   # Confirms a valid user.
   def valid_user
-    unless current_user&.activated? && current_user.authenticated?(:reset, params[:id])
+    unless current_user.authenticated?(:reset, params[:id])
+      current_user&.activate unless current_user&.activated?
       redirect_to root_url
     end
   end
diff --git a/app/models/user.rb b/app/models/user.rb
index 4a4611bf..521bf671 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -127,6 +127,7 @@ class User < ApplicationRecord
   def activate
     update_attribute(:email_verified, true)
     update_attribute(:activated_at, Time.zone.now)
+    save
   end
 
   def activated?