v2-hub icon indicating copy to clipboard operation
v2-hub copied to clipboard

Published 20 hours ago verified publisher icon statamic

Password reset form doesn't set `url_invalid` variable

Open aerni opened this issue 5 years ago • 0 comments

Describe the bug The password reset form doesn't actually set a url_invalid variable when the request doesn't contain the user and code parameters.

The docs say it should:

Visiting the URL containing this form directly will set a url_invalid invalid variable you can use to check if they’ve actually come from the form in their previous request.

To Reproduce Steps to reproduce the behavior:

  1. Add a password reset form to a page
  2. Visit the page directly

Expected behavior Always return the url_invalid variable when visiting a page with the form

Potential Fix This fixed the problem for me:

// UserTags.php

if (! $user = User::find($id)) {
  // dd('Invalid user'); // @todo make better.
  return $this->parse(['url_invalid' => true]);
}

Environment details (please complete the following information):

  • Statamic Version 2.11.19
  • Fresh Install
  • OS: macOS 10.15.4
  • Browser: Chrome
  • Web Server: Valet
  • PHP Version: 7.3

aerni avatar Mar 27 '20 11:03 aerni