From dc749ccd2f6bd565a48109a620cf680d189f0e31 Mon Sep 17 00:00:00 2001
From: natdeanlewissoftwire <nat.dean-lewis@softwire.com>
Date: Thu, 2 Feb 2023 11:23:22 +0000
Subject: [PATCH] feat: show invalid page if token invalid

---
 app/controllers/auth/confirmations_controller.rb |  2 ++
 app/views/devise/confirmations/invalid.html.erb  | 12 ++++++++++++
 app/views/devise/confirmations/new.html.erb      |  4 +---
 3 files changed, 15 insertions(+), 3 deletions(-)
 create mode 100644 app/views/devise/confirmations/invalid.html.erb

diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb
index dc45531da..d1e584b59 100644
--- a/app/controllers/auth/confirmations_controller.rb
+++ b/app/controllers/auth/confirmations_controller.rb
@@ -11,6 +11,8 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
       else
         respond_with_navigational(resource) { redirect_to after_confirmation_path_for(resource_name, resource) }
       end
+    elsif resource.errors.map(&:type).include?(:invalid)
+      render "devise/confirmations/invalid"
     elsif resource.errors.map(&:type).include?(:already_confirmed)
       redirect_to user_session_path
     else
diff --git a/app/views/devise/confirmations/invalid.html.erb b/app/views/devise/confirmations/invalid.html.erb
new file mode 100644
index 000000000..8d3ad96df
--- /dev/null
+++ b/app/views/devise/confirmations/invalid.html.erb
@@ -0,0 +1,12 @@
+<% content_for :title, "Expired link" %>
+
+<div class="govuk-grid-row">
+  <div class="govuk-grid-column-two-thirds">
+    <h1 class="govuk-heading-l">
+      <%= content_for(:title) %>
+    </h1>
+
+    <p class="govuk-body">It looks like you have requested a newer join link than this one. Check your emails and follow the most recent link instead.</p>
+
+  </div>
+</div>
diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb
index 4c1df84c9..0b013b3e7 100644
--- a/app/views/devise/confirmations/new.html.erb
+++ b/app/views/devise/confirmations/new.html.erb
@@ -1,14 +1,12 @@
 <% content_for :title, "Expired link" %>
 
 <div class="govuk-grid-row">
-  <div class="govuk-grid-column-full">
+  <div class="govuk-grid-column-two-thirds">
     <h1 class="govuk-heading-l">
       <%= content_for(:title) %>
     </h1>
     <%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
 
-      <%= f.govuk_error_summary %>
-
       <p class="govuk-body">For security reasons, your join link expired - get another one using the button below (valid for 3 hours).</p>