diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php index 2b47f374e..ba44a73f5 100644 --- a/src/Authentication/Actions/EmailActivator.php +++ b/src/Authentication/Actions/EmailActivator.php @@ -118,9 +118,7 @@ public function verify(IncomingRequest $request) // No match - let them try again. if (! $authenticator->checkAction($identity, $postedToken)) { - session()->setFlashdata('error', lang('Auth.invalidActivateToken')); - - return $this->view(setting('Auth.views')['action_email_activate_show']); + return redirect()->back()->with('error', lang('Auth.invalidActivateToken')); } $user = $authenticator->getUser(); diff --git a/tests/Controllers/RegisterTest.php b/tests/Controllers/RegisterTest.php index 03a6587f9..4e53e89c4 100644 --- a/tests/Controllers/RegisterTest.php +++ b/tests/Controllers/RegisterTest.php @@ -331,6 +331,35 @@ public function testRegisterActionWithBadEmailValue(): void ); } + public function testRegisterActionRedirectsIfTokenNotMatch(): void + { + // Ensure our action is defined + $config = config('Auth'); + $config->actions['register'] = EmailActivator::class; + Factories::injectMock('config', 'Auth', $config); + + // Already registered but not yet activated and logged in. + $result = $this->post('/register', [ + 'email' => 'foo@example.com', + 'username' => 'foo', + 'password' => 'abkdhflkjsdflkjasd;lkjf', + 'password_confirm' => 'abkdhflkjsdflkjasd;lkjf', + ]); + + // Should have been redirected to the action's page. + $result->assertRedirectTo('/auth/a/show'); + + // Attempted to send an invalid token. + $result = $this->withSession()->post('/auth/a/verify', [ + 'token' => 'invalid-token', + ]); + + // Should have been redirected to the previous page. + $result->assertStatus(302); + $result->assertRedirect(); + $result->assertSee(lang('Auth.invalidActivateToken')); + } + protected function setupConfig(): void { $config = config('Validation');