Devise::Strategies::Authenticatable has a clean_up_csrf? hook, that defaults to true, but can be overridden to retain the CSRF token after each reauthentication (which is what we want to happen in this case)
Overrode the method in the Reauthentication strategy, and wrote tests to ensure that the CSRF token is valid
Have to temporarily enable the forgery proptection for the reauthentication controller concern
This replaces #35
Also major major props to @heliocola for all his work hammering away at this problem, which helped a ton with debugging & finding the eventual solution
Devise::Strategies::Authenticatable
has aclean_up_csrf?
hook, that defaults to true, but can be overridden to retain the CSRF token after each reauthentication (which is what we want to happen in this case)This replaces #35
Also major major props to @heliocola for all his work hammering away at this problem, which helped a ton with debugging & finding the eventual solution