From aca8d3f34c6c51e4914642cba2a38fefb72f25ad Mon Sep 17 00:00:00 2001
From: Vasiliy Ermolovich <younash@gmail.com>
Date: Sat, 31 Dec 2011 14:22:58 +0300
Subject: [PATCH] regenerate confirmation token on reconfirmation, closes #1530

---
 lib/devise/models/confirmable.rb | 2 ++
 test/models/confirmable_test.rb  | 9 +++++++++
 2 files changed, 11 insertions(+)

diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb
index a2ab1371..9fff20d1 100644
--- a/lib/devise/models/confirmable.rb
+++ b/lib/devise/models/confirmable.rb
@@ -68,7 +68,9 @@ module Devise
 
       # Send confirmation instructions by email
       def send_confirmation_instructions
+        self.confirmation_token = nil if reconfirmation_required?
         @reconfirmation_required = false
+
         generate_confirmation_token! if self.confirmation_token.blank?
         self.devise_mailer.confirmation_instructions(self).deliver
       end
diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb
index d0df31bb..9403fb26 100644
--- a/test/models/confirmable_test.rb
+++ b/test/models/confirmable_test.rb
@@ -252,6 +252,15 @@ class ReconfirmableTest < ActiveSupport::TestCase
     assert_not_nil admin.confirmation_token
   end
 
+  test 'should regenerate confirmation token after changing email' do
+    admin = create_admin
+    assert admin.confirm!
+    assert admin.update_attributes(:email => 'old_test@example.com')
+    token = admin.confirmation_token
+    assert admin.update_attributes(:email => 'new_test@example.com')
+    assert_not_equal token, admin.confirmation_token
+  end
+
   test 'should send confirmation instructions by email after changing email' do
     admin = create_admin
     assert admin.confirm!