heartcombo
Add additional step for unlocking account
Some email clients automatically visit links inside of emails to check that the link isn't malware. This can cause the GET resource/unlock?unlock_token=abcdef link to be visited almost instantly for some users when the unlock_strategy is set to :email or :both, which unlocks the user and effectively makes the lockable process redundant.
This PR adds an extra_step config varaible, which when set to true will cause the original GET resource/unlock?unlock_token=abcdef link to render a new page, keeping the resource locked. This new page contains a different link (GET resource/unlock/confirm?unlock_token=abcdef), which when clicked will unlock the resource. When extra_step is false, the app will behave as normal.
Fixes issue: https://github.com/heartcombo/devise/issues/5342
