Browse Source

Redirect to url so we don't bypass authenticity token

pull/580/head
baarkerlounger 3 years ago
parent
commit
3701b3ceed
  1. 2
      app/controllers/auth/confirmations_controller.rb

2
app/controllers/auth/confirmations_controller.rb

@ -7,7 +7,7 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
if resource.errors.empty? if resource.errors.empty?
if resource.sign_in_count.zero? if resource.sign_in_count.zero?
token = resource.send(:set_reset_password_token) token = resource.send(:set_reset_password_token)
redirect_to controller: "auth/passwords", action: "edit", reset_password_token: token, confirmation: true redirect_to "#{edit_user_password_url}?reset_password_token=#{token}&confirmation=true"
else else
respond_with_navigational(resource) { redirect_to after_confirmation_path_for(resource_name, resource) } respond_with_navigational(resource) { redirect_to after_confirmation_path_for(resource_name, resource) }
end end

Loading…
Cancel
Save