Email confirmation required despite being disabled

I’m trying to set up a new gitlab server.

I have it running, and I have created an API token for root, and with that I have created a lot of users and made sure email address verification for new users is turned off i.e.
curl --insecure --header 'PRIVATE-TOKEN: <token removed - you don't need to know>' 'https://localhost/api/v4/application/settings' | jq . | grep confirmation
returns
"send_user_confirmation_email": false,

But after using the password recovery feature (“Forgot your password?” on the login page) to set a new password for my ordinary user, I can’t login, but gets “You have to confirm your email address before continuing.” on every attempt. If I log in to the database, and change the confirmed_at field in the users table for my user to actually contain a date, I can login, but that can’t be the right way.

What have I done wrong?

I checked the script that was used to create all the users, and it specifies '"confirm": false' in the API request. Which was correct in V3 of the API (for which that script was originally written), but the guy who maintained our gitlab before me (or rather the guy before that) said he updated things to V4, so ever since that script was changed to connect to /api/v4/, user creation has required users to confirm their email addresses (pointlessly as that they don’t set it). So I’ll have to remove all the users from the new gitlab server, write a better script and recreate everybody.

Now the question just is why I didn’t receive an email about that verification?