Is resetting a password implicitly verifying an email address?
clemblanco opened this issue · comments
Clem Blanco commented
Looking at https://github.com/laravel/fortify/blob/1.x/stubs/ResetUserPassword.php
Couldn't we consider that if a user has clicked a link in an email to reset their password they also implicitly verified their email address at the same time?
Could include something like:
// ...
DB::transaction(function () use ($user, $input) {
if ($user instanceof MustVerifyEmail) {
$user->markEmailAsVerified();
}
$user->forceFill([
'password' => Hash::make($input['password']),
])->save();
});
Verified::dispatchIf($user instanceof MustVerifyEmail, $user); // if Dispatchable trait was used
Dries Vints commented
I don't think these two things are the same.