We have occasional email deliverability issues. Sometimes users (claim to) never receive an email verification email. When they try to log in, the get the following message:
- You haven’t confirmed your email address. Please check your email and click the confirmation link, or reset your password.
So, they click ‘Forgot your password?’, and go through the password reset process. They follow the link in that email (which they DO receive) and enter their new password. However, when they try to log in, they get the same error:
- You haven’t confirmed your email address. Please check your email and click the confirmation link, or reset your password.
From the users table, I can confirm that the confirmed_email flag is not being set through the forgot your password process, despite the prompt to go through that process. They are evidencing ownership of the email through the password reset, so I think this flag SHOULD be getting set.