No error message on expired token

laravel / fortify

Backend controllers and scaffolding for Laravel authentication.

https://laravel.com/docs/fortify

MIT License

1.62k stars 295 forks source link

No error message on expired token #516

Closed szepeviktor closed 9 months ago

szepeviktor commented 10 months ago

Fortify Version

1.19.0

Laravel Version

10.34.2

PHP Version

8.2.13

Database Driver & Version

MariaDB 10.3.39 on Debian buster amd64

Description

Requesting a new password reset makes the token in the previous one expired. Clicking on that expired link loads the password reset form but there is no error message.

The "token expired" error message appears only when the user submits the form. Inspired by @iamgergo

Steps To Reproduce

Request password reset
Request password reset again
Click the link in the first email (that contains the expired token)

github-actions[bot] commented 10 months ago

Thank you for reporting this issue!

As Laravel is an open source project, we rely on the community to help us diagnose and fix issues as it is not possible to research and fix every issue reported to us via GitHub.

If possible, please make a pull request fixing the issue you have described, along with corresponding tests. All pull requests are promptly reviewed by the Laravel team.

Thank you!

driesvints commented 9 months ago

We'd appreciate a PR to make this more clear, thanks.

szepeviktor commented 9 months ago

@driesvints Could you ensure me that a PR displaying an error message will get merged?

driesvints commented 9 months ago

No. Everything depends on the code involved and the complexity. If you really need this and want to be sure, you can always fork the library.