From aee533dc3990e2c19a8812c42852af76cbf0e931 Mon Sep 17 00:00:00 2001
From: Birkhoff Lee <git@birkhoff.me>
Date: Thu, 6 Oct 2022 21:40:00 +0800
Subject: [PATCH] fix(confirmation): make strong params match

Fixes #1558
---
 app/controllers/devise_token_auth/confirmations_controller.rb | 2 +-
 app/views/devise/mailer/confirmation_instructions.html.erb    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/devise_token_auth/confirmations_controller.rb b/app/controllers/devise_token_auth/confirmations_controller.rb
index 0acc02b29..baab1fdd9 100644
--- a/app/controllers/devise_token_auth/confirmations_controller.rb
+++ b/app/controllers/devise_token_auth/confirmations_controller.rb
@@ -71,7 +71,7 @@ def render_not_found_error
     private
 
     def resource_params
-      params.permit(:email, :confirmation_token, :config_name)
+      params.permit(:confirmation_token, :config_name, :redirect_url)
     end
 
     # give redirect value from params priority or fall back to default value if provided
diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb
index dba08dc40..1df121d5b 100644
--- a/app/views/devise/mailer/confirmation_instructions.html.erb
+++ b/app/views/devise/mailer/confirmation_instructions.html.erb
@@ -2,4 +2,4 @@
 
 <p><%= t '.confirm_link_msg' %> </p>
 
-<p><%= link_to t('.confirm_account_link'), confirmation_url(@resource, {confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %></p>
+<p><%= link_to t('.confirm_account_link'), confirmation_url(@resource, {confirmation_token: @token, config_name: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %></p>