From 51b7f4d90026b8d3950f762997a7c19d41ddc1c4 Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Wed, 28 Aug 2019 14:43:25 +0100
Subject: [PATCH] FIX: When activating via omniauth, create tokens after
 password reset

Resetting a password invalidates all email tokens, so we need to create the tokens after the password reset.
---
 .../users/omniauth_callbacks_controller.rb         | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
index 72341c97217..9facb573b2f 100644
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -121,15 +121,15 @@ class Users::OmniauthCallbacksController < ApplicationController
       user.unstage
       user.save
 
-      # ensure there is an active email token
-      unless EmailToken.where(email: user.email, confirmed: true).exists? ||
-        user.email_tokens.active.where(email: user.email).exists?
-
-        user.email_tokens.create!(email: user.email)
-      end
-
       if !user.active || !user.email_confirmed?
         user.update!(password: SecureRandom.hex)
+
+        # Ensure there is an active email token
+        unless EmailToken.where(email: user.email, confirmed: true).exists? ||
+          user.email_tokens.active.where(email: user.email).exists?
+          user.email_tokens.create!(email: user.email)
+        end
+
         user.activate
       end
       user.update!(registration_ip_address: request.remote_ip) if user.registration_ip_address.blank?