No error message on expired token

Question

No error message on expired token

szepeviktor opened this issue 5 months ago · comments

Viktor Szépe commented 5 months ago

Fortify Version

1.19.0

Laravel Version

10.34.2

PHP Version

8.2.13

Database Driver & Version

MariaDB 10.3.39 on Debian buster amd64

Description

Requesting a new password reset makes the token in the previous one expired.
Clicking on that expired link loads the password reset form but there is no error message.

The "token expired" error message appears only when the user submits the form.
Inspired by @iamgergo

Steps To Reproduce

Request password reset
Request password reset again
Click the link in the first email (that contains the expired token)

github-actions · Answer 1 · Wed Jan 17 2024 19:28:59 GMT+0800 (China Standard Time)

Thank you for reporting this issue!

As Laravel is an open source project, we rely on the community to help us diagnose and fix issues as it is not possible to research and fix every issue reported to us via GitHub.

If possible, please make a pull request fixing the issue you have described, along with corresponding tests. All pull requests are promptly reviewed by the Laravel team.

Thank you!

Dries Vints · Answer 2 · Fri Jan 26 2024 18:27:56 GMT+0800 (China Standard Time)

We'd appreciate a PR to make this more clear, thanks.

Viktor Szépe · Answer 3 · Fri Jan 26 2024 18:50:58 GMT+0800 (China Standard Time)

@driesvints Could you ensure me that a PR displaying an error message will get merged?

Dries Vints · Answer 4 · Fri Jan 26 2024 18:52:03 GMT+0800 (China Standard Time)

No. Everything depends on the code involved and the complexity. If you really need this and want to be sure, you can always fork the library.