lynndylanhurley · GAKINDUSTRIES · Apr 17, 2019 · MaicolBen · May 3, 2019
diff --git a/app/controllers/devise_token_auth/confirmations_controller.rb b/app/controllers/devise_token_auth/confirmations_controller.rb
@@ -2,6 +2,20 @@
 
 module DeviseTokenAuth
   class ConfirmationsController < DeviseTokenAuth::ApplicationController
+    def create
+      return head :bad_request if params[:email].blank?
+
+      @resource = resource_class.dta_find_by(uid: params[:email].downcase, provider: provider)
+
+      return head :not_found unless @resource
+
+      @resource.send_confirmation_instructions({
+        redirect_url: redirect_url,
+        client_config: params[:config_name]
+      })
+
+      head :ok
+    end
 
     def show
       @resource = resource_class.confirm_by_token(params[:confirmation_token])
@@ -11,39 +25,21 @@ def show
 
         redirect_header_options = { account_confirmation_success: true }
 
-        if signed_in?(resource_name)
-          client_id, token = signed_in_resource.create_token
+        client_id, token = @resource.create_token
 
-          redirect_headers = build_redirect_headers(token,
-                                                    client_id,
-                                                    redirect_header_options)
+        sign_in(:user, @resource, store: false, bypass: false)
+        @resource.save!
 
-          redirect_to_link = signed_in_resource.build_auth_url(redirect_url, redirect_headers)
-        else
-          redirect_to_link = DeviseTokenAuth::Url.generate(redirect_url, redirect_header_options)
-       end
+        redirect_headers = build_redirect_headers(token,
+                                                  client_id,
+                                                  redirect_header_options)
 
-        redirect_to(redirect_to_link)
+        redirect_to(@resource.build_auth_url(redirect_url, redirect_headers))
       else
         raise ActionController::RoutingError, 'Not Found'
       end
     end
 
-    def create
-      return head :bad_request if params[:email].blank?
-
-      @resource = resource_class.dta_find_by(uid: params[:email].downcase, provider: provider)
-
-      return head :not_found unless @resource
-
-      @resource.send_confirmation_instructions({
-        redirect_url: redirect_url,
-        client_config: params[:config_name]
-      })
-
-      head :ok
-    end
-
     private
 
     # give redirect value from params priority or fall back to default value if provided

diff --git a/test/controllers/devise_token_auth/confirmations_controller_test.rb b/test/controllers/devise_token_auth/confirmations_controller_test.rb
@@ -63,30 +63,6 @@ def token_and_client_config_from(body)
           end
         end
 
-        describe 'when unauthenticated' do
-          before do
-            sign_out(@new_user)
-            get :show,
-                params: { confirmation_token: @token,
-                          redirect_url: @redirect_url },
-                xhr: true
-            @resource = assigns(:resource)
-          end
-
-          test 'user should now be confirmed' do
-            assert @resource.confirmed?
-          end
-
-          test 'should redirect to success url' do
-            assert_redirected_to(/^#{@redirect_url}/)
-          end
-
-          test 'redirect url does not include token params' do
-            refute @token_params.any? { |param| response.body.include?(param) }
-            assert response.body.include?('account_confirmation_success')
-          end
-        end
-
         describe 'resend confirmation' do
           before do
             post :create,