Resolved #1421

craftcms · Mar 1, 2017 · c91f618 · c91f618
1 parent d759830
commit c91f618
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 6 deletions.
diff --git a/CHANGELOG-v3.md b/CHANGELOG-v3.md
@@ -25,6 +25,7 @@ Craft CMS 3.0 Working Changelog
 - Asset focal point coordinates are now stored as decimal fractions instead of absolute coordinates.
 - #1420: Craft now does fuzzy searching on the right side of a keyword by default.
 - It’s now possible to add columns to an element query’s `select` clause without completely replacing all of the default columns, by calling its `addSelect()` method.
+- #1421: Users are no longer logged out when verifying a new email address on their own account.
 - `craft\base\Volume::filesystem()` now accepts a config parameter.
 - `craft\base\Volume::getFileList()` now returns the file list array indexed by the file URIs.
 - `craft\base\Volume::getMissingFiles()` no longer accepts a list of volume IDs and returns all missing files for that session,

diff --git a/src/controllers/UsersController.php b/src/controllers/UsersController.php
@@ -418,6 +418,11 @@ public function actionVerifyEmail()
 
         Craft::$app->getUsers()->verifyEmailForUser($userToProcess);
 
+        // If they're logged in, give them a success notice
+        if (!Craft::$app->getUser()->getIsGuest()) {
+            Craft::$app->getSession()->setNotice(Craft::t('app', 'Email verified'));
+        }
+
         if ($userIsPending) {
             // They were just activated, so treat this as an activation request
             if (($response = $this->_onAfterActivateUser($userToProcess)) !== null) {
@@ -1715,10 +1720,6 @@ private function _processUserGroupsPermissions(User $user)
      */
     private function _processTokenRequest(): array
     {
-        if (!Craft::$app->getUser()->getIsGuest()) {
-            Craft::$app->getUser()->logout();
-        }
-
         $id = Craft::$app->getRequest()->getRequiredParam('id');
         $code = Craft::$app->getRequest()->getRequiredParam('code');
         $isCodeValid = false;
@@ -1729,15 +1730,20 @@ private function _processTokenRequest(): array
             ->addSelect(['users.password', 'users.unverifiedEmail'])
             ->one();
 
+        // If someone is logged in and it's not this person, log them out
+        $userService = Craft::$app->getUser();
+        if (($identity = $userService->getIdentity()) !== null && $identity->id != $userToProcess->id) {
+            $userService->logout();
+        }
+
         if ($userToProcess) {
             // Fire a 'beforeVerifyUser' event
             Craft::$app->getUsers()->trigger(Users::EVENT_BEFORE_VERIFY_EMAIL,
                 new UserTokenEvent([
                     'user' => $userToProcess
                 ]));
 
-            $isCodeValid = Craft::$app->getUsers()->isVerificationCodeValidForUser($userToProcess,
-                $code);
+            $isCodeValid = Craft::$app->getUsers()->isVerificationCodeValidForUser($userToProcess, $code);
         }
 
         if (!$userToProcess || !$isCodeValid) {