Ruby On Rails : Devise: Re-Confirmable : Importances and Usages

This feature has been released in version Devise 1.4.4 in 2011 for more detail see this link ( Pull Request ). This is basically designed to make you able to reconfirm the updated email. It is normal to ask me to confirm my new email that I just updated. We can also change the behavior of giving the access with former email address or not.

Note: I expect that you have already installed Devise and using other features

  • Any comment is welcome


Case you want to decide: In the edit profile page, which email you want to display, the older email in ’email’ field or recently updated email in ‘unconfirmed_email‘ field

 Scenario you are gonna need it:

  • User / Resource updates his/her email address.
    • He / she will receive an confirmation link in updated email:
  • Superuser updates the email of other normal user.


# in config/initializers/devise.rb
config.reconfirmable = true
  • If true, requires any email changes to be confirmed (exactly the same way as initial account confirmation) to be applied.
  • It Requires additional `unconfirmed_email` db field (see migrations).
  • Until confirmed, new email is stored in `unconfirmed_email` column, and copied to `email` column on successful confirmation.
# additional migration you need to write
class AddUnconfirmedEmailToUsers < ActiveRecord::Migration
  def change
    add_column :users, :unconfirmed_email, :string

Since reconfirmable is not a separate module, confirmable module handles this feature so no need to add :reconfirmable in user/resource model

What happens under the hood?

When User’s email field is updated ( you do not need to write any extra code, just @user.update with do its job)

  • Looking at the code block we can figure out that
    # File 'lib/devise/models/confirmable.rb', line 110
    def send_confirmation_instructions
      unless @raw_confirmation_token
      opts = pending_reconfirmation? ? { to: unconfirmed_email } : { }
      send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)

Confirmable tracks the following columns:

confirmation_token A unique random token
confirmed_at A timestamp when the user clicked the confirmation link
confirmation_sent_at A timestamp when the confirmation_token was generated (not sent)
unconfirmed_email An email address copied from the email attr. After confirmation

i.e. If email is updated, new updated email is stored in this field instead of the `email` field and confirmation link is sent to the new updated email. If new email is confirmed

  • the unconfirmed_email field is cleared
  • email field is updated with the email just confirmed
  • confirmation_token field is cleared

How to skip sending reconfirmation link?

Well, there are mainly two ways to skip the reconfirmation.

def update
  @user = User.find(params[:id])
  @user.skip_reconfirmation!  # this skips just the reconfirmation notification of `@user` object
  if @user.update_attributes(params[:user])
    flash[:notice] = "User was successfully updated."
    redirect_to edit_admin_user_path(@user)
    render :edit


def update
  @user = User.find(params[:id])
  if @user.update_attributes(params[:user])
    # reconfirmation is not triggered if `update_column` is used, you know why
    @user.update_column(:email, params[:user][:email])
    flash[:notice] = "User was successfully updated."
    redirect_to edit_admin_user_path(@user)
    render :edit
Allowing Unconfirmed Access

If you want to add a “grace period” where unconfirmed users may still login, use the `allow_unconfirmed_access_for` config option (which defaults to 0):

# in Devise Initializer
config.allow_unconfirmed_access_for = 365.days

Alternatively, you may want to skip required confirmation all-together:

# in User.rb
def confirmation_required?

Generate token manually

Devise.token_generator.generate(User, :confirmation_token)
Devise.token_generator.generate(User, :reset_password_token)


One thought on “Ruby On Rails : Devise: Re-Confirmable : Importances and Usages

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s