Given that the user is either waiting for a confirmation email , or received it, how can I make sure that they do not use the reset password process and force them to go through the standard confirmation forms (using the confirmation email).
confirmation email
reset password
In my case, the user must select the username after confirmation and the reset password annoyingly bypasses this.
You need to disable: the restored module in the User model, as this means that the password is reset.
You will also want to remove the Forgot Password link in devise / sessions / new.html.erb if you have not configured this page yet.