ONSdigital · arroyoAle · Sep 8, 2023 · Aug 30, 2023 · Sep 1, 2023 · Sep 1, 2023
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -2,4 +2,4 @@
 
 # How to test?
 
-# Trello
+# Jira
diff --git a/_infra/helm/party/Chart.yaml b/_infra/helm/party/Chart.yaml
@@ -14,9 +14,8 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 2.4.30
+version: 2.4.31
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 2.4.30
-
+appVersion: 2.4.31
diff --git a/ras_party/controllers/account_controller.py b/ras_party/controllers/account_controller.py
@@ -726,6 +726,10 @@ def put_email_verification(token, tran, session):
 
         if respondent:
             update_verified_email_address(respondent, tran)
+            if respondent.password_verification_token:
+                # Reset password token fields in the database since they are linked to the old email
+                delete_respondent_password_verification_token(respondent.party_uuid, session)
+                reset_password_reset_counter(respondent.party_uuid, session)
         else:
             logger.info("Unable to find respondent by pending email")
             raise NotFound("Unable to find user while checking email verification token")

diff --git a/test/test_respondent_controller.py b/test/test_respondent_controller.py
@@ -106,7 +106,7 @@ def populate_with_respondent(self, session, respondent=None):
             "mark_for_deletion": respondent["mark_for_deletion"],
             "status": respondent.get("status") or RespondentStatus.CREATED,
             "password_verification_token": self.generate_valid_token_from_email(respondent["emailAddress"]),
-            "password_reset_counter": 0,
+            "password_reset_counter": 1,
         }
         self.respondent = Respondent(**translated_party)
         session.add(self.respondent)
@@ -1215,6 +1215,14 @@ def test_put_email_verification_uses_case_insensitive_email_query(self):
             account_controller.put_email_verification(token)
             query.assert_called_once_with("[email protected]", db.session())
 
+    def test_token_removed_on_email_update(self):
+        respondent = self.populate_with_respondent(respondent=self.mock_respondent_with_pending_email)
+        token = self.generate_valid_token_from_email(respondent.pending_email_address)
+        self.put_email_verification(token, 200)
+        respondent = respondents()[0]
+        self.assertIsNone(respondent.password_verification_token)
+        self.assertEqual(respondent.password_reset_counter, 0)
+
     def test_post_respondent_with_payload_returns_200(self):
         self.populate_with_business()
         self.post_to_respondents(self.mock_respondent, 200)