From e0242ad1cedc184604d404adb278b2cd41dfc628 Mon Sep 17 00:00:00 2001 From: MadeTech Dushan Date: Wed, 10 Nov 2021 12:22:05 +0000 Subject: [PATCH] make a step to protect emails --- app/controllers/users/passwords_controller.rb | 4 ++-- app/views/devise/confirmations/reset.html.erb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb index 989521c29..b28c53d18 100644 --- a/app/controllers/users/passwords_controller.rb +++ b/app/controllers/users/passwords_controller.rb @@ -1,13 +1,13 @@ class Users::PasswordsController < Devise::PasswordsController def reset_confirmation - @user = User.find(params["id"]) + @email = params["email"] render "devise/confirmations/reset" end protected def after_sending_reset_password_instructions_path_for(resource) - confirmations_reset_path(id: @user.id) if is_navigational_format? + confirmations_reset_path(email: params.dig("user", "email")) if is_navigational_format? end end \ No newline at end of file diff --git a/app/views/devise/confirmations/reset.html.erb b/app/views/devise/confirmations/reset.html.erb index 8bbdeb8a8..2932d21bd 100644 --- a/app/views/devise/confirmations/reset.html.erb +++ b/app/views/devise/confirmations/reset.html.erb @@ -1,7 +1,7 @@

Check your email

-

We’ve sent a link to reset your password to <%= @user.email %>.

+

We’ve sent a link to reset your password to <%= @email %>.

You’ll only this receive this link if your email address already exists in our system.

If you don’t receive the email within 5 minutes, check your spam or junk folders. Try again if you still haven’t received the email.