Use rails tokens for email changes

[rails.git] / app / controllers / confirmations_controller.rb

diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb
index a482bc96de0da11b52335a7790879fc0155f9ad9..604e6b5b39abc8c07a13635aea40db19579d0a0b 100644 (file)
--- a/app/controllers/confirmations_controller.rb
+++ b/app/controllers/confirmations_controller.rb
@@ -1,5 +1,6 @@
 class ConfirmationsController < ApplicationController
   include SessionMethods
+  include UserMethods
 
   layout "site"
 
@@ -74,9 +75,12 @@ class ConfirmationsController < ApplicationController
 
   def confirm_email
     if request.post?
-      token = UserToken.find_by(:token => params[:confirm_string])
-      if token&.user&.new_email?
-        self.current_user = token.user
+      token = params[:confirm_string]
+
+      self.current_user = User.find_by_token_for(:new_email, token) ||
+                          UserToken.unexpired.find_by(:token => params[:confirm_string])&.user
+
+      if current_user&.new_email?
         current_user.email = current_user.new_email
         current_user.new_email = nil
         current_user.email_valid = true
@@ -93,7 +97,7 @@ class ConfirmationsController < ApplicationController
         current_user.tokens.delete_all
         session[:user] = current_user.id
         session[:fingerprint] = current_user.fingerprint
-      elsif token
+      elsif current_user
         flash[:error] = t ".failure"
       else
         flash[:error] = t ".unknown_token"