From 3701b3ceed0500b5fcf5ff7c090cbb5bbebd66be Mon Sep 17 00:00:00 2001
From: baarkerlounger <db@slothlife.xyz>
Date: Wed, 18 May 2022 13:57:10 +0100
Subject: [PATCH] Redirect to url so we don't bypass authenticity token

---
 app/controllers/auth/confirmations_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb
index 0eafb4cf5..8f8a480b8 100644
--- a/app/controllers/auth/confirmations_controller.rb
+++ b/app/controllers/auth/confirmations_controller.rb
@@ -7,7 +7,7 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
     if resource.errors.empty?
       if resource.sign_in_count.zero?
         token = resource.send(:set_reset_password_token)
-        redirect_to controller: "auth/passwords", action: "edit", reset_password_token: token, confirmation: true
+        redirect_to "#{edit_user_password_url}?reset_password_token=#{token}&confirmation=true"
       else
         respond_with_navigational(resource) { redirect_to after_confirmation_path_for(resource_name, resource) }
       end