Devise - Confirming after the user edits email

Question

I've been trying to figure this out for 2 days. I'm confirming user accounts with email confirmations (via Devise). I finally got all that working, but the whole point was to validate that a person owns the email they claim they own. Therefore, I need to have it confirm again whenever the user changes their email.

In order to do this, I've created registrations_controller and have over written the update method. Mostly based off what Devise has, but I check to see if I need to send confirmation based on the update.

# registrations_controller.rb
def update
  self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)

  send_confirmation = false
  if params[:user][:email] != resource.email
    send_confirmation = true
  end

  if resource.update_with_password(params[resource_name])
    set_flash_message :notice, :updated if is_navigational_format?
    sign_in resource_name, resource, :bypass => true

    if send_confirmation
      resource.update_attributes(:confirmed_at => nil, :confirmation_sent_at => nil)
      resource.send_confirmation_instructions        
    end

    respond_with resource, :location => after_update_path_for(resource)
  else
    clean_up_passwords(resource)
    respond_with_navigational(resource){ render_with_scope :edit }
  end
end

My problem is I'm not sure where in the process to be able to change where it gets redirected to. I have a page that explains that "an email has been sent in order to confirm your email". But if I try to put it after send_confirmation_instructions when the user clicks "update account" then they are logged out (pushed to the login screen), then when they confirm the account through the email, then they are directed to the page I wanted to show them.

I have a custom Warden Strategy with some puts in it and I also over wrote the before filter that Devise puts in:

# registrations_controller.rb
def authenticate_scope!
  puts "RegistrationsController :: authenticate_scope!"
  puts "action : #{params[:action]}"

  super
end

So it looks like it is trying to authenticate the user. The log reads as follows:

...
Redirected to http://localhost:3000/users/edit
Completed 302 Found in 3537ms
RegistrationsController :: authenticate_scope!
action : edit


Started GET "/users/edit" for 127.0.0.1 at 2011-06-08 11:42:09 -0500
  Processing by RegistrationsController#edit as HTML
  User Load (0.7ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 19 LIMIT 1
Completed   in 83ms
Warden::Strategies authenticate!
Warden::Strategies params: {"action"=>"new", "controller"=>"sessions"}


Started GET "/users/sign_in" for 127.0.0.1 at 2011-06-08 11:42:10 -0500
  Processing by SessionsController#new as HTML
...

So how/where do I control where it gets redirected to? Am I properly resetting the "confirmation" attributes?

Answer 1

We had a similar issue (mainly because a confirmed user is not really an approved user in our system)- and decided to go with a user_status attribute. It has 2 statuses - "pending" which is confirmed but not yet approved, and "approved". If for some reason the user was no longer approved (in your case, they changed their email address), then we change them back to pending.

We have a before_filter on the applicationController to verify where they should be going based on their status.

def check_user_status
if current_user #logged in
 case current_user.status
   when "pending" 
     redirect_to root_path #user hasn't been approved yet
   when "approved"
     #tracking logic here   
  end
 end
end

Hope this helps.

Answer 2

bundle update devise. This has been fixed in current released version (2.0)

Answer 3

You could wait it out until the reconfirmable module is released (they're working on it).

For now it's in a pull request:

https://github.com/plataformatec/devise/pull/1120