From c01328c8a0a7f0a9a47b3130b3f0e275dc645fc3 Mon Sep 17 00:00:00 2001
From: Fosco Marotto <f@gab.com>
Date: Fri, 19 Feb 2021 21:29:07 -0500
Subject: [PATCH 1/2] Add require_unconfirmed to the confirmations controller

---
 app/controllers/auth/confirmations_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb
index 089ae5cf..0db2abc1 100644
--- a/app/controllers/auth/confirmations_controller.rb
+++ b/app/controllers/auth/confirmations_controller.rb
@@ -4,8 +4,13 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
   layout 'auth'
 
   before_action :set_body_classes
+  before_action :require_unconfirmed!
   before_action :set_user, only: [:finish_signup]
 
+  def require_unconfirmed!
+    redirect_to edit_user_registration_path if user_signed_in? && current_user.confirmed? && current_user.unconfirmed_email.blank?
+  end
+
   def finish_signup
     return unless request.patch? && params[:user]
 

From 58a8a17bfee9efd890d1bf07150d3ec43529717e Mon Sep 17 00:00:00 2001
From: Developer <>
Date: Fri, 19 Feb 2021 21:57:09 -0500
Subject: [PATCH 2/2] Updated ConfirmationsController to set new email after
 confirmation to unconfirmed email only
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

• Updated:
- ConfirmationsController to set new email after confirmation to unconfirmed email only
---
 app/controllers/auth/confirmations_controller.rb | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb
index 0db2abc1..daa568b1 100644
--- a/app/controllers/auth/confirmations_controller.rb
+++ b/app/controllers/auth/confirmations_controller.rb
@@ -13,14 +13,7 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
 
   def finish_signup
     return unless request.patch? && params[:user]
-
-    if @user.update(user_params)
-      @user.skip_reconfirmation!
-      bypass_sign_in(@user)
-      redirect_to root_path, notice: I18n.t('devise.confirmations.send_instructions')
-    else
-      @show_errors = true
-    end
+    @user.email = current_user.unconfirmed_email || current_user.email if user_signed_in?
   end
 
   private