Users input a new password BEFORE verifying email. This new password is saved to the account and then a confirmation email is sent out.
Solution
Users hit the new route, users should input their email(posts to create), an email should be sent out to verify. The link should lead to PasswordController#edit (not implemented). The edit should verify the confirmation_token and place it as a hidden field. Update should still use the the confirmation_token for verification hence the hidden field
Problem
Users input a new password BEFORE verifying email. This new password is saved to the account and then a confirmation email is sent out.
Solution
Users hit the
newroute, users should input their email(posts to create), an email should be sent out to verify. The link should lead toPasswordController#edit(not implemented). The edit should verify theconfirmation_tokenand place it as a hidden field. Update should still use the theconfirmation_tokenfor verification hence the hidden field