Let users resend the confirmation email#35
Merged
Conversation
New users who lose or expire their confirmation email had no recovery path: they cannot sign in until confirmed and cannot re-register because emails are globally unique. Add a dedicated unauthenticated page (and a link from the sign-in page) where they enter their email to re-send the confirmation link, mirroring the existing password-reset flow. Only unconfirmed accounts are sent mail, and the action always shows the same generic notice so it never reveals whether an email exists or is already confirmed. Reuses the existing RegistrationMailer.confirmation and the on-demand email_confirmation token. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a recovery path for users who lose or expire their confirmation email — previously they could neither sign in (blocked until confirmed) nor re-register (emails are globally unique). A new unauthenticated page at
/email_confirmation/new, plus a "Resend confirmation" link on the sign-in page, lets them enter their email to re-send the confirmation link, mirroring the existing password-reset flow. Only unconfirmed accounts are actually mailed, and the action always shows the same generic notice so it never reveals whether an email exists or is already confirmed. It reuses the existingRegistrationMailer.confirmationand the on-demandemail_confirmationtoken, so no model or schema changes were needed. Controller tests cover the form, the unconfirmed send, and the two no-leak cases (already-confirmed and unknown email).🤖 Generated with Claude Code