Is resetting a password implicitly verifying an email address?

Question

Is resetting a password implicitly verifying an email address?

clemblanco opened this issue 2 years ago · comments

Looking at https://github.com/laravel/fortify/blob/1.x/stubs/ResetUserPassword.php

Couldn't we consider that if a user has clicked a link in an email to reset their password they also implicitly verified their email address at the same time?

Could include something like:

// ...

DB::transaction(function () use ($user, $input) {
    if ($user instanceof MustVerifyEmail) {
        $user->markEmailAsVerified();
    }

    $user->forceFill([
        'password' => Hash::make($input['password']),
    ])->save();
});

Verified::dispatchIf($user instanceof MustVerifyEmail, $user); // if Dispatchable trait was used

Dries Vints · Answer 1 · Fri Nov 11 2022 17:44:42 GMT+0800 (China Standard Time)

I don't think these two things are the same.