哪个版本您正在使用什么设计？如果您使用的是 3.1.0 或更高版本，则可能会出现以下情况：

Which version of devise are you using? If you're on 3.1.0 or higher, this behavior is expected:

CHANGELOG.md

存储在数据库中的令牌与您在确认电子邮件中发送的令牌不匹配。参见 devise / lib / devise / models / confirmable.rb ，现在其中包含以下内容：

The tokens that are stored in the database are not supposed to match the tokens that you send in the confirmation e-mails. See devise/lib/devise/models/confirmable.rb, which now contains the following:

def confirm_by_token(confirmation_token)
  original_token     = confirmation_token
  confirmation_token = Devise.token_generator.digest(self, :confirmation_token, confirmation_token)

  confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token)

如您所见，通过查询字符串参数传递的令牌由 Devise.token_generator 消耗，其结果将该操作与数据库中的令牌进行比较以发现用户记录。

As you can see, the token that you pass in via query string params is consumed by the Devise.token_generator, and the result of that operation is what's compared with the token in the database to discover the user record.

似乎暂时有可能（在3.1中而不是在3.2中）将其关闭通过设置

It looks like it's temporarily possible (in 3.1 but not 3.2) to turn this off by setting

config.allow_insecure_token_lookup = true

在哟我们设计初始化程序。但是，默认行为已更改为使设计更安全。请参阅此博客文章完整记录设计​​3.1中的安全性改进，包括此更改。

in your devise initializer. But the default behavior has been changed to make devise more secure. See this blog post for a complete rundown of the security improvements in devise 3.1, including this change.