From de6707dc1ed890d25db59a311be9b93d0d937ad8 Mon Sep 17 00:00:00 2001
From: baarkerlounger <db@slothlife.xyz>
Date: Tue, 17 May 2022 13:24:36 +0100
Subject: [PATCH] Only redirect to set password if not previously set

---
 .../auth/confirmations_controller.rb           | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb
index 9da8a5689..90d764881 100644
--- a/app/controllers/auth/confirmations_controller.rb
+++ b/app/controllers/auth/confirmations_controller.rb
@@ -7,18 +7,16 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
 
     if resource.errors.empty?
       set_flash_message!(:notice, :confirmed)
-      token = resource.send(:set_reset_password_token)
-      base = public_send("edit_#{resource_class.name.underscore}_password_url")
-      url = "#{base}?reset_password_token=#{token}"
-      redirect_to url
+      if resource.sign_in_count.zero?
+        token = resource.send(:set_reset_password_token)
+        base = public_send("edit_#{resource_class.name.underscore}_password_url")
+        url = "#{base}?reset_password_token=#{token}"
+        redirect_to url
+      else
+        respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
+      end
     else
       respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
     end
   end
-
-protected
-
-  def after_confirmation_path_for(resource_name, resource)
-    edit_user_password_path(email: resource.email)
-  end
 end