GRN-94: Make sure reset-password also works on non-verified accounts (#448)

* Fix for issue with excesive requests to lb

* Fixed issue with rspec on users not passing when run alone

* Include dotenv in production

* GRN-94: Make sure reset-password also works on non-verified accounts

app/controllers/password_resets_controller.rb

@@ -84,7 +84,8 @@ class PasswordResetsController < ApplicationController
 
   # Confirms a valid user.
   def valid_user
-    unless current_user&.activated? && current_user.authenticated?(:reset, params[:id])
+    unless current_user.authenticated?(:reset, params[:id])
+      current_user&.activate unless current_user&.activated?
       redirect_to root_url
     end
   end

app/models/user.rb

@@ -127,6 +127,7 @@ class User < ApplicationRecord
   def activate
     update_attribute(:email_verified, true)
     update_attribute(:activated_at, Time.zone.now)
+    save
   end
 
   def activated?