Require a valid session token to resend a confirmation
authorTom Hughes <tom@compton.nu>
Mon, 20 Jul 2015 20:32:34 +0000 (21:32 +0100)
committerTom Hughes <tom@compton.nu>
Mon, 20 Jul 2015 20:32:34 +0000 (21:32 +0100)
commit629ae62b730409b46de6abc8c5166155841b5a00
treeb178716fc2487d914b983ae476c3c5ed696e39bb
parent9fdea1c7398618a99e5b553af2674db7f7326b23
Require a valid session token to resend a confirmation

Make user#confirm_resend require a valid token in the session
that matches the requested user, and ensure trying to login as
an unconfirmed user sets such a token.

Fixes #1010
app/controllers/user_controller.rb
test/controllers/user_controller_test.rb