diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index f6358c8..e44b64f 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -38,6 +38,9 @@ class UsersController < ApplicationController
   def update
     respond_to do |format|
       if @user.update(user_params)
+        if @user.unconfirmed? && params.fetch(:user, {}).fetch(:confirm, "0") == "1"
+          @user.confirm!
+        end
         format.html { redirect_to user_url(@user), notice: "User was successfully updated." }
         format.json { render :show, status: :ok, location: @user }
       else
@@ -65,6 +68,6 @@ class UsersController < ApplicationController
 
     # Only allow a list of trusted parameters through.
     def user_params
-      params.fetch(:user, {})
+      params.require(:user).permit(:name, :email)
     end
 end
diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb
index dbe91dc..91d8585 100644
--- a/app/views/users/_form.html.erb
+++ b/app/views/users/_form.html.erb
@@ -11,6 +11,24 @@
     </div>
   <% end %>
 
+  <% if user.confirmed? %>
+    <div>
+      <%= form.label :email, "Confirmed Email" %>
+      <%= form.text_field :email %>
+    </div>
+  <% else %>
+    <div>
+      <%= form.label :email, "Unconfirmed Email" %>
+      <%= text_field_tag :email, user.confirmable_email, disabled: true %>
+      <br /><%= form.label :confirm, "Confirm?" %>
+      <%= form.check_box :confirm %>
+    </div>
+  <% end %>
+  <div>
+    <%= form.label :name %>
+    <%= form.text_field :name %>
+  </div>
+
   <div class="inline">
     <%= form.submit class: "rounded-lg py-3 px-5 bg-blue-600 text-white inline-block font-medium cursor-pointer" %>
   </div>