Redirect to url so we don't bypass authenticity token

3 years ago · 3701b3ceed
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/auth/confirmations_controller.rb
+++ b/app/controllers/auth/confirmations_controller.rb
@ -7,7 +7,7 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
    if resource.errors.empty?
      if resource.sign_in_count.zero?
        token = resource.send(:set_reset_password_token)
-        redirect_to controller: "auth/passwords", action: "edit", reset_password_token: token, confirmation: true
+        redirect_to "#{edit_user_password_url}?reset_password_token=#{token}&confirmation=true"
      else
        respond_with_navigational(resource) { redirect_to after_confirmation_path_for(resource_name, resource) }
      end