From 392b74846ced2853e6723953c19a5856ba35549a Mon Sep 17 00:00:00 2001
From: Aselsan <syamsuddine9@gmail.com>
Date: Wed, 17 Jul 2024 22:41:35 +0700
Subject: [PATCH 1/4] fix: if the code does not match it will redirect to the
 auth/a/show page

---
 src/Authentication/Actions/EmailActivator.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index 2b47f374e..ba44a73f5 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -118,9 +118,7 @@ public function verify(IncomingRequest $request)
 
         // No match - let them try again.
         if (! $authenticator->checkAction($identity, $postedToken)) {
-            session()->setFlashdata('error', lang('Auth.invalidActivateToken'));
-
-            return $this->view(setting('Auth.views')['action_email_activate_show']);
+            return redirect()->back()->with('error', lang('Auth.invalidActivateToken'));
         }
 
         $user = $authenticator->getUser();

From ca137a36feedac49a09df65eccbc8da2f7179470 Mon Sep 17 00:00:00 2001
From: Aselsan <syamsuddine9@gmail.com>
Date: Thu, 18 Jul 2024 17:04:41 +0700
Subject: [PATCH 2/4] add test case

---
 tests/Controllers/RegisterTest.php | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/tests/Controllers/RegisterTest.php b/tests/Controllers/RegisterTest.php
index 03a6587f9..facd1ce9f 100644
--- a/tests/Controllers/RegisterTest.php
+++ b/tests/Controllers/RegisterTest.php
@@ -331,6 +331,35 @@ public function testRegisterActionWithBadEmailValue(): void
         );
     }
 
+    public function testRegisterActionRedirectsIfTokenNotMatch(): void
+    {
+        // Ensure our action is defined
+        $config                      = config('Auth');
+        $config->actions['register'] = EmailActivator::class;
+        Factories::injectMock('config', 'Auth', $config);
+        
+        // Already registered but not yet activated and logged in.
+        $result = $this->post('/register', [
+            'email'            => 'foo@example.com',
+            'username'         => 'foo',
+            'password'         => 'abkdhflkjsdflkjasd;lkjf',
+            'password_confirm' => 'abkdhflkjsdflkjasd;lkjf',
+        ]);
+
+        // Should have been redirected to the action's page.
+        $result->assertRedirectTo('/auth/a/show');
+
+        // Attempted to send an invalid token.
+        $result = $this->withSession()->post('/auth/a/verify', [
+            'token' => 'invalid-token',
+        ]);
+        
+        // Should have been redirected to the previous page.
+        $result->assertStatus(302);
+        $result->assertRedirect();
+        $result->assertRedirectTo('/auth/a/show');
+    }
+
     protected function setupConfig(): void
     {
         $config             = config('Validation');

From 941b72e0baac181db9f34b12de5b064da3b0044a Mon Sep 17 00:00:00 2001
From: Aselsan <syamsuddine9@gmail.com>
Date: Thu, 18 Jul 2024 17:10:05 +0700
Subject: [PATCH 3/4] update test case

---
 tests/Controllers/RegisterTest.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/Controllers/RegisterTest.php b/tests/Controllers/RegisterTest.php
index facd1ce9f..c80e6c46d 100644
--- a/tests/Controllers/RegisterTest.php
+++ b/tests/Controllers/RegisterTest.php
@@ -358,6 +358,7 @@ public function testRegisterActionRedirectsIfTokenNotMatch(): void
         $result->assertStatus(302);
         $result->assertRedirect();
         $result->assertRedirectTo('/auth/a/show');
+        $result->assertSee(lang('Auth.invalidActivateToken'));
     }
 
     protected function setupConfig(): void

From e0d8963e95c1de54efc82e36e779ec1832f008f5 Mon Sep 17 00:00:00 2001
From: Aselsan <syamsuddine9@gmail.com>
Date: Thu, 18 Jul 2024 18:02:38 +0700
Subject: [PATCH 4/4] update test case

---
 tests/Controllers/RegisterTest.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tests/Controllers/RegisterTest.php b/tests/Controllers/RegisterTest.php
index c80e6c46d..4e53e89c4 100644
--- a/tests/Controllers/RegisterTest.php
+++ b/tests/Controllers/RegisterTest.php
@@ -337,7 +337,7 @@ public function testRegisterActionRedirectsIfTokenNotMatch(): void
         $config                      = config('Auth');
         $config->actions['register'] = EmailActivator::class;
         Factories::injectMock('config', 'Auth', $config);
-        
+
         // Already registered but not yet activated and logged in.
         $result = $this->post('/register', [
             'email'            => 'foo@example.com',
@@ -353,11 +353,10 @@ public function testRegisterActionRedirectsIfTokenNotMatch(): void
         $result = $this->withSession()->post('/auth/a/verify', [
             'token' => 'invalid-token',
         ]);
-        
+
         // Should have been redirected to the previous page.
         $result->assertStatus(302);
         $result->assertRedirect();
-        $result->assertRedirectTo('/auth/a/show');
         $result->assertSee(lang('Auth.invalidActivateToken'));
     }