Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Clearing confirmation token #2544

Closed
markturner opened this Issue · 8 comments

3 participants

Mark Turner José Valim Rafael Mendonça França
Mark Turner

Why does confirm! clear the confirmation token?

This means that if a user clicks the confirmation link in their email for a second time, they are shown the rather unintuitive "Confirmation token invalid" error, instead of the more helpful "Email was already confirmed, please try signing in" error which is shown when I put the confirmation token back.

So wouldn't it make more sense to keep the confirmation token in the database record?

Mark Turner markturner closed this
Mark Turner markturner reopened this
José Valim
Owner

Maybe we could improve the "Confirmation token invalid" message to say: it is invalid or the e-mail was already confirmed? The confirmation token provides full access to a given user in the application, we don't want to leave them in the table longer than they are supposed to be.

Mark Turner

I see your point, but the confirmation token can't be used to access that user if they are already confirmed can it?

José Valim
Owner

You are right. Yes, I think this issue could be addressed them. @plataformatec/devise what do you think?

Mark Turner

Thanks. Would be ideal if it could redirect to sign-in rather than the 'resend confirmation email' prompt in this case.

Rafael Mendonça França
Owner

I don't see any problem in changing this behavior. :+1:

Mark Turner

Have opened a pull request with my solution for this, feel free to use it or not :smiley:

José Valim
Owner

Closing this in favor of the pull request, thanks @markturner!

José Valim josevalim closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.