laravel / fortify

Backend controllers and scaffolding for Laravel authentication.

Home Page:https://laravel.com/docs/fortify

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

No error message on expired token

szepeviktor opened this issue · comments

Fortify Version

1.19.0

Laravel Version

10.34.2

PHP Version

8.2.13

Database Driver & Version

MariaDB 10.3.39 on Debian buster amd64

Description

Requesting a new password reset makes the token in the previous one expired.
Clicking on that expired link loads the password reset form but there is no error message.

The "token expired" error message appears only when the user submits the form.
Inspired by @iamgergo

Steps To Reproduce

  1. Request password reset
  2. Request password reset again
  3. Click the link in the first email (that contains the expired token)

Thank you for reporting this issue!

As Laravel is an open source project, we rely on the community to help us diagnose and fix issues as it is not possible to research and fix every issue reported to us via GitHub.

If possible, please make a pull request fixing the issue you have described, along with corresponding tests. All pull requests are promptly reviewed by the Laravel team.

Thank you!

We'd appreciate a PR to make this more clear, thanks.

@driesvints Could you ensure me that a PR displaying an error message will get merged?

No. Everything depends on the code involved and the complexity. If you really need this and want to be sure, you can always fork the library.