Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.x] Updated EmailVerificationRequest.php to check if user is not already verified #35174

Merged
merged 2 commits into from
Nov 10, 2020

Conversation

ScriptingBeating
Copy link
Contributor

This PR solves issue #35168 It adds the condition to check if the user's email is not already verified before updating it in the database and does not fire the Verified event

@ScriptingBeating ScriptingBeating changed the title updated EmailVerificationRequest.php to check if user is not already … updated EmailVerificationRequest.php to check if user is not already verified Nov 10, 2020
@GrahamCampbell
Copy link
Member

This code will suffer from race conditions, so won't actually work in the way you expect.

@GrahamCampbell GrahamCampbell changed the title updated EmailVerificationRequest.php to check if user is not already verified [8.x] Updated EmailVerificationRequest.php to check if user is not already verified Nov 10, 2020
@paras-malhotra
Copy link
Contributor

I don't think there are any race conditions here. It's a simple check on the user object.

@GrahamCampbell
Copy link
Member

The race condition is the user double opens the verify link. Both requests get a user that has not been verified yet. The event still fires twice. On those grounds, I don't think it makes sense to merge this PR, since it indicates the event will always fire exactly once, when it won't.

@ScriptingBeating
Copy link
Contributor Author

since it indicates the event will always fire exactly once

Where it is indicated? The description just says that it adds a condition before updating the database and firing the event.

@GrahamCampbell
Copy link
Member

Where it is indicated? The description just says that it adds a condition before updating the database and firing the event.

Yep, but the whole point of that is to "only fire the verification event once".

@taylorotwell taylorotwell merged commit c1f6591 into laravel:8.x Nov 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants