Resetting password should confirm implicitly

lib/devise/models/recoverable.rb

@@ -29,7 +29,11 @@ module Devise
       def reset_password!(new_password, new_password_confirmation)
         self.password = new_password
         self.password_confirmation = new_password_confirmation
-        clear_reset_password_token if valid?
+        if valid?
+          clear_reset_password_token
+          confirm! if respond_to?(:confirmed?) && !confirmed?
+        end
+
         save
       end
 

test/integration/recoverable_test.rb

@@ -174,8 +174,8 @@ class PasswordTest < ActionController::IntegrationTest
     assert warden.authenticated?(:user)
   end
 
-  test 'does not sign in user automatically after changing its password if its not active' do
-    user = create_user(:confirm => false)
+  test 'does not sign in user automatically after changing its password if its locked' do
+    user = create_user(:locked => true)
     request_forgot_password
     reset_password :reset_password_token => user.reload.reset_password_token
 
@@ -183,6 +183,15 @@ class PasswordTest < ActionController::IntegrationTest
     assert !warden.authenticated?(:user)
   end
 
+  test 'sign in user automatically and confirm after changing its password if its not confirmed' do
+    user = create_user(:confirm => false)
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert warden.authenticated?(:user)
+    assert user.reload.confirmed?
+  end
+
   test 'reset password request with valid E-Mail in XML format should return valid response' do
     create_user
     post user_password_path(:format => 'xml'), :user => {:email => "user@test.com"}