Apply suggestion from @runephilosof-abtion

grantcox · runephilosof-abtion · web-flow · commit 9ee7a887d64c · 2025-08-08T04:24:22.000+10:00
Co-authored-by: Rune Philosof &lt;57357936+runephilosof-abtion@users.noreply.github.com&gt;
diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb
@@ -363,7 +363,8 @@ def visit_admin_confirmation_with_token(confirmation_token)
       confirmation_token: "different token"
     )
 
-    # now we update to the same prior unconfirmed email address, and confirm
+    # Now the attacker updates to the same prior unconfirmed email address, and confirm.
+    # This should update the `unconfirmed_email` in the database, even though it is unchanged from the models point of view.
     attacker.update(email: attacker_email)
     attacker_token = attacker.raw_confirmation_token
     visit_admin_confirmation_with_token(attacker_token)

Original file line number	Diff line number	Diff line change
`@@ -363,7 +363,8 @@ def visit_admin_confirmation_with_token(confirmation_token)`
`363`	`363`	`confirmation_token: "different token"`
`364`	`364`	`)`
`365`	`365`
`366`		`- # now we update to the same prior unconfirmed email address, and confirm`
	`366`	`+ # Now the attacker updates to the same prior unconfirmed email address, and confirm.`
	`367`	+ # This should update the `unconfirmed_email` in the database, even though it is unchanged from the models point of view.
`367`	`368`	`attacker.update(email: attacker_email)`
`368`	`369`	`attacker_token = attacker.raw_confirmation_token`
`369`	`370`	`visit_admin_confirmation_with_token(attacker_token)`