diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index 2b47f374e..ba44a73f5 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -118,9 +118,7 @@ public function verify(IncomingRequest $request)
// No match - let them try again.
if (! $authenticator->checkAction($identity, $postedToken)) {
- session()->setFlashdata('error', lang('Auth.invalidActivateToken'));
-
- return $this->view(setting('Auth.views')['action_email_activate_show']);
+ return redirect()->back()->with('error', lang('Auth.invalidActivateToken'));
}
$user = $authenticator->getUser();
diff --git a/tests/Controllers/RegisterTest.php b/tests/Controllers/RegisterTest.php
index 03a6587f9..4e53e89c4 100644
--- a/tests/Controllers/RegisterTest.php
+++ b/tests/Controllers/RegisterTest.php
@@ -331,6 +331,35 @@ public function testRegisterActionWithBadEmailValue(): void
);
}
+ public function testRegisterActionRedirectsIfTokenNotMatch(): void
+ {
+ // Ensure our action is defined
+ $config = config('Auth');
+ $config->actions['register'] = EmailActivator::class;
+ Factories::injectMock('config', 'Auth', $config);
+
+ // Already registered but not yet activated and logged in.
+ $result = $this->post('/register', [
+ 'email' => 'foo@example.com',
+ 'username' => 'foo',
+ 'password' => 'abkdhflkjsdflkjasd;lkjf',
+ 'password_confirm' => 'abkdhflkjsdflkjasd;lkjf',
+ ]);
+
+ // Should have been redirected to the action's page.
+ $result->assertRedirectTo('/auth/a/show');
+
+ // Attempted to send an invalid token.
+ $result = $this->withSession()->post('/auth/a/verify', [
+ 'token' => 'invalid-token',
+ ]);
+
+ // Should have been redirected to the previous page.
+ $result->assertStatus(302);
+ $result->assertRedirect();
+ $result->assertSee(lang('Auth.invalidActivateToken'));
+ }
+
protected function setupConfig(): void
{
$config = config('Validation');