Password reset needs redesign
AndiLavera opened this issue · comments
Andi Lavera commented
Problem
Users input a new password BEFORE verifying email. This new password is saved to the account and then a confirmation email is sent out.
Solution
Users hit the new
route, users should input their email(posts to create), an email should be sent out to verify. The link should lead to PasswordController#edit
(not implemented). The edit should verify the confirmation_token
and place it as a hidden field. Update should still use the the confirmation_token
for verification hence the hidden field