Automatically sign in after confirm with devise

Question

I am using devise confirmable. I have some custom things that i need to override from devise's confirm! method, so in my user model i have the following method that overrides it:

def confirm!
  super
  gb = Gibbon::API.new(ENV['MAILCHIMP_API_KEY'])
  gb.lists.subscribe({:id => ENV['MAILCHIMP_ID'], :email => {:email => self.email }})
end

This works perfectly. Now I am trying to have it so the user is automatically signed in after confirming, but cannot figure out how. I know that this is considered a security flaw, but I have weighed the risks and it is worth it for user experience in my site. I do not want to do anything with the routes file because this method is already working, so i should be able to do it from here. I have tried putting the following into my configuration file:

config.allow_insecure_sign_in_after_confirmation = true

but it does not sign the user in.

I've looked at the stack overflow page at Avoid sign-in after confirmation link click using devise gem? and it does not help so please don't mark this as a duplicate.

Thanks everyone.

Answer 1

You would change routes.rb and controllers/users/confirmations_controller.rb (maybe default path)

routes.rb to mapping users/confrimations_controller

devise_for :users, controllers: {confirmations: 'users/confirmations'}

confirmations_controller to automatically sign in and redirect to

def after_confirmation_path_for(resource_name, resource)
  sign_in(resource)
  any_path # redirect_to is not necessary
end

Answer 2

Generate the controller:

rails generate devise:controllers users -c=confirmations

Amend routes:

devise_for :users, controllers: {confirmations: 'users/confirmations'}

Then overwrite the show method:

  # app/controllers/users/confirmations_controller.rb
  def show
    super do
      sign_in(resource) if resource.errors.empty?
    end
  end

  def after_confirmation_path_for(resource_name, resource)
    after_sign_in_path_for(resource)
  end