From 73442abe95a6748d2752ed63c711ba33913128a8 Mon Sep 17 00:00:00 2001
From: "Carlos A. da Silva" <carlosantoniodasilva@gmail.com>
Date: Thu, 15 Oct 2009 17:05:46 -0300
Subject: [PATCH] Refactoring confirmable callbacks and updating TODO

---
 TODO                             | 15 ++++++---------
 lib/devise/models/confirmable.rb | 10 ++++------
 test/models/confirmable_test.rb  |  8 ++++++++
 3 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/TODO b/TODO
index 6e3fb1b4..2d2792e6 100644
--- a/TODO
+++ b/TODO
@@ -1,18 +1,16 @@
-* Add remember me (with customizable time frame)
-
+* Clear perishable_token in :confirmable and :recoverable
+* Remove perishable token and create attributes for confirmation_token and reset_password_token
+* Add confirmation_sent_at for confirmable
 * Store session[:return_to] in session
-
-* Add confirmable filters
+* Use sign_in and sign_out in SessionsController
 
 * Use path_names in routes
-
-* Use sign_in and sign_out in SessionsController
+* Add remember me (with customizable time frame)
+* Add confirmable filters
 
 * Create generators
 * Allow stretches and pepper per model
 * Mailer subjects namespaced by model
-
-* Clear perishable_token in :confirmable and :recoverable
 * Use request_ip in session cookies
 
 * Devise::BruteForceProtection
@@ -35,4 +33,3 @@
 * devise :authenticable, :confirmable, :recoverable
 * Allow multiple models per controller
 * Add mappings
-
diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb
index 8ba303f8..40c5bf1c 100644
--- a/lib/devise/models/confirmable.rb
+++ b/lib/devise/models/confirmable.rb
@@ -25,11 +25,8 @@ module Devise
         base.class_eval do
           extend ClassMethods
 
-          after_create  :send_confirmation_instructions
-          before_update :reset_confirmation, :if => :email_changed?
-          after_update  :send_confirmation_instructions, :if => :email_changed?
-
-          before_create :reset_perishable_token
+          before_save :reset_confirmation, :if => :email_changed?
+          after_save  :send_confirmation_instructions, :if => :email_changed?
         end
       end
 
@@ -61,7 +58,7 @@ module Devise
       def reset_confirmation!
         unless_confirmed do
           reset_confirmation
-          reset_perishable_token!
+          save(false)
           send_confirmation_instructions
         end
       end
@@ -72,6 +69,7 @@ module Devise
         # email, it won't be able to sign in without confirming it.
         #
         def reset_confirmation
+          reset_perishable_token
           self.confirmed_at = nil
         end
 
diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb
index 36743b96..d97b2e99 100644
--- a/test/models/confirmable_test.rb
+++ b/test/models/confirmable_test.rb
@@ -149,6 +149,14 @@ class ConfirmableTest < ActiveSupport::TestCase
     assert_not user.reload.confirmed?
   end
 
+  test 'should reset perishable token when updating email' do
+    user = create_user
+    token = user.perishable_token
+    user.email = 'new_test@example.com'
+    user.save!
+    assert_not_equal token, user.reload.perishable_token
+  end
+
   test 'should not be able to send instructions if the user is already confirmed' do
     user = create_user
     user.confirm!