Ensure confirmation_code is passed through after confirmation

2026-06-27 14:26:38 +00:00 · 2026-06-06 09:05:17 +10:00
parent 6b01a2dd46
commit 109ee20b16
2 changed files with 8 additions and 5 deletions
--- a/app/Http/Controllers/Traits/VerifiesUserEmail.php
+++ b/app/Http/Controllers/Traits/VerifiesUserEmail.php
@@ -16,6 +16,7 @@ use App\Models\User;
 use App\Utils\Traits\MakesHash;
 use App\Utils\Traits\UserSessionAttributes;
 use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;

@@ -65,7 +66,7 @@ trait VerifiesUserEmail
        }

        if (is_null($user->password) || empty($user->password) || Hash::check('', $user->password)) {
-            return $this->render('auth.confirmation_with_password', ['root' => 'themes', 'user_id' => $user->hashed_id, 'redirect_url' => $react ? config('ninja.react_url') . "/#/" : url('/')]);
+            return $this->render('auth.confirmation_with_password', ['confirmation_code' => request()->confirmation_code, 'root' => 'themes', 'user_id' => $user->hashed_id, 'redirect_url' => $react ? config('ninja.react_url') . "/#/" : url('/')]);
        }

        return $this->render('auth.confirmed', [
@@ -75,11 +76,12 @@ trait VerifiesUserEmail
        ]);
    }

-    public function confirmWithPassword()
+    public function confirmWithPassword(Request $request)
    {
-        $user = User::where('id', $this->decodePrimaryKey(request()->user_id))
-                    ->where('confirmation_code', request()->confirmation_code)
-                    ->whereNull('confirmation_code')
+
+        $user = User::where('id', $this->decodePrimaryKey($request->user_id))
+                    ->where('confirmation_code', $request->confirmation_code)
+                    ->whereNotNull('confirmation_code')
                    ->firstOrFail();

        $react = request()->has('react') ? true : false;
--- a/resources/views/themes/ninja2020/auth/confirmation_with_password.blade.php
+++ b/resources/views/themes/ninja2020/auth/confirmation_with_password.blade.php
@@ -12,6 +12,7 @@
                <form action="{{ url()->current() }}" method="post" class="mt-6">
                    @csrf
                    <input type="hidden" name="user_id" value="{{ $user_id }}">
+                    <input type="hidden" name="confirmation_code" value="{{ $confirmation_code }}">
                    @if(request()->has('react'))
                    <input type="hidden" name="react" value="true">
                    @endif