Send informative email for already confirmed users

Currently the application does not send any email to confirm the account for already confirmed users. But we show a notice message that may look like you will recive one: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." In this commit we keep the original message, but send an email to the user informing them that their account is now registered. This way no one can know if someone else's account is confirmed and we don't have to worry about GDPR either. Co-Authored-By: taitus <sebastia.roig@gmail.com>
2022-04-13 13:19:18 +02:00
parent d0571a4a73
commit ad018c6f39
6 changed files with 72 additions and 1 deletions
--- a/app/controllers/users/confirmations_controller.rb
+++ b/app/controllers/users/confirmations_controller.rb
@@ -1,4 +1,17 @@
 class Users::ConfirmationsController < Devise::ConfirmationsController
+  # POST /resource/confirmation
+  def create
+    self.resource = resource_class.send_confirmation_instructions(resource_params)
+    yield resource if block_given?
+
+    if successfully_sent?(resource)
+      Mailer.already_confirmed(resource).deliver_later unless resource.confirmation_required?
+      respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
+    else
+      respond_with(resource)
+    end
+  end
+
  # new action, PATCH does not exist in the default Devise::ConfirmationsController
  # PATCH /resource/confirmation
  def update