You can clone with
HTTPS or Subversion.
Why does confirm! clear the confirmation token?
This means that if a user clicks the confirmation link in their email for a second time, they are shown the rather unintuitive "Confirmation token invalid" error, instead of the more helpful "Email was already confirmed, please try signing in" error which is shown when I put the confirmation token back.
So wouldn't it make more sense to keep the confirmation token in the database record?
Maybe we could improve the "Confirmation token invalid" message to say: it is invalid or the e-mail was already confirmed? The confirmation token provides full access to a given user in the application, we don't want to leave them in the table longer than they are supposed to be.
I see your point, but the confirmation token can't be used to access that user if they are already confirmed can it?
You are right. Yes, I think this issue could be addressed them. @plataformatec/devise what do you think?
/cc @carlosantoniodasilva @rafaelfranca
Thanks. Would be ideal if it could redirect to sign-in rather than the 'resend confirmation email' prompt in this case.
I don't see any problem in changing this behavior.
Have opened a pull request with my solution for this, feel free to use it or not
Closing this in favor of the pull request, thanks @markturner!