A referral token should only be claimed by a logged in user whose email matches the email in the referral token. Currently the code checks for a logged in user but does not verify whether the token is intended for that user. This results in referral tokens that get claimed by the sender rather than the intended recipient.
This error was never happening since exceptions caused by #1132 were masking this.
A referral token should only be claimed by a logged in user whose email matches the email in the referral token. Currently the code checks for a logged in user but does not verify whether the token is intended for that user. This results in referral tokens that get claimed by the sender rather than the intended recipient.
This error was never happening since exceptions caused by #1132 were masking this.