Problem

Users input a new password BEFORE verifying email. This new password is saved to the account and then a confirmation email is sent out.

Solution

Users hit the new route, users should input their email(posts to create), an email should be sent out to verify. The link should lead to PasswordController#edit (not implemented). The edit should verify the confirmation_token and place it as a hidden field. Update should still use the the confirmation_token for verification hence the hidden field