Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Clearing confirmation token #2544

Closed
markturner opened this Issue Aug 2, 2013 · 8 comments

Comments

Projects
None yet
3 participants

Why does confirm! clear the confirmation token?

This means that if a user clicks the confirmation link in their email for a second time, they are shown the rather unintuitive "Confirmation token invalid" error, instead of the more helpful "Email was already confirmed, please try signing in" error which is shown when I put the confirmation token back.

So wouldn't it make more sense to keep the confirmation token in the database record?

@markturner markturner closed this Aug 2, 2013

@markturner markturner reopened this Aug 2, 2013

Owner

josevalim commented Aug 2, 2013

Maybe we could improve the "Confirmation token invalid" message to say: it is invalid or the e-mail was already confirmed? The confirmation token provides full access to a given user in the application, we don't want to leave them in the table longer than they are supposed to be.

I see your point, but the confirmation token can't be used to access that user if they are already confirmed can it?

Owner

josevalim commented Aug 2, 2013

You are right. Yes, I think this issue could be addressed them. @plataformatec/devise what do you think?

Thanks. Would be ideal if it could redirect to sign-in rather than the 'resend confirmation email' prompt in this case.

Collaborator

rafaelfranca commented Aug 2, 2013

I don't see any problem in changing this behavior. 👍

Have opened a pull request with my solution for this, feel free to use it or not 😃

Owner

josevalim commented Aug 8, 2013

Closing this in favor of the pull request, thanks @markturner!

@josevalim josevalim closed this Aug 8, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment