From 9a5506a5e962f0bffc98cf3dbb8400d0c0524a06 Mon Sep 17 00:00:00 2001
From: danstowell <danstowell+github@gmail.com>
Date: Mon, 20 Jul 2015 14:59:11 +0100
Subject: [PATCH] Do not re-send confirmation email (nor leak email address) if
 user already active. Fixes #1010

---
 app/controllers/user_controller.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 3a0e0a1493..8cc5ab80b7 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -324,8 +324,13 @@ def confirm
 
   def confirm_resend
     if user = User.find_by_display_name(params[:display_name])
-      Notifier.signup_confirm(user, user.tokens.create).deliver_now
-      flash[:notice] = t "user.confirm_resend.success", :email => user.email
+      if user.active?
+        flash[:error] = t("user.confirm.already active")
+        redirect_to :action => "login"
+      else
+        Notifier.signup_confirm(user, user.tokens.create).deliver_now
+        flash[:notice] = t "user.confirm_resend.success", :email => user.email
+      end
     else
       flash[:error] = t "user.confirm_resend.failure", :name => params[:display_name]
     end