feat: show invalid page if token invalid

app/controllers/auth/confirmations_controller.rb

@@ -11,6 +11,8 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
       else
         respond_with_navigational(resource) { redirect_to after_confirmation_path_for(resource_name, resource) }
       end
+    elsif resource.errors.map(&:type).include?(:invalid)
+      render "devise/confirmations/invalid"
     elsif resource.errors.map(&:type).include?(:already_confirmed)
       redirect_to user_session_path
     else

app/views/devise/confirmations/invalid.html.erb

@@ -0,0 +1,12 @@
+<% content_for :title, "Expired link" %>
+
+<div class="govuk-grid-row">
+  <div class="govuk-grid-column-two-thirds">
+    <h1 class="govuk-heading-l">
+      <%= content_for(:title) %>
+    </h1>
+
+    <p class="govuk-body">It looks like you have requested a newer join link than this one. Check your emails and follow the most recent link instead.</p>
+
+  </div>
+</div>

app/views/devise/confirmations/new.html.erb

@@ -1,14 +1,12 @@
 <% content_for :title, "Expired link" %>
 
 <div class="govuk-grid-row">
-  <div class="govuk-grid-column-full">
+  <div class="govuk-grid-column-two-thirds">
     <h1 class="govuk-heading-l">
       <%= content_for(:title) %>
     </h1>
     <%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
 
-      <%= f.govuk_error_summary %>
-
       <p class="govuk-body">For security reasons, your join link expired - get another one using the button below (valid for 3 hours).</p>