From 0508f60214230cced99f6223be2fa04ef799ffe3 Mon Sep 17 00:00:00 2001 From: sebastian marcet Date: Wed, 15 Apr 2026 18:51:35 -0300 Subject: [PATCH 1/2] fix(ui): unverified user (#122) * fix(ui): unverified user * fix(auth): null check before calling getId() in verifyEmail Split combined null/inactive check into separate guards to prevent "Call to a member function getId() on null" when no user is found for the verification token. --- app/Services/Auth/UserService.php | 7 ++++++- resources/js/login/login.js | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/app/Services/Auth/UserService.php b/app/Services/Auth/UserService.php index 4910a878..f4df159d 100644 --- a/app/Services/Auth/UserService.php +++ b/app/Services/Auth/UserService.php @@ -225,7 +225,12 @@ public function verifyEmail(string $token): User return $this->tx_service->transaction(function () use ($token) { $user = $this->user_repository->getByVerificationEmailToken($token); - if (is_null($user) || !$user->isActive()) { + if (is_null($user)) { + Log::warning("UserService::verifyEmail no user found for token"); + throw new EntityNotFoundException(); + } + + if (!$user->isActive()) { Log::warning(sprintf("UserService::verifyEmail user with id %s is not active", $user->getId())); throw new EntityNotFoundException(); } diff --git a/resources/js/login/login.js b/resources/js/login/login.js index c55a4b91..a5f0ea06 100644 --- a/resources/js/login/login.js +++ b/resources/js/login/login.js @@ -617,7 +617,7 @@ class LoginPage extends React.Component { }, function () { //Once the state is updated, it's now possible to trigger emitOtpAction. //No need to wait for the component to update. - if (!response.has_password_set) { + if (!response.has_password_set && response.is_verified !== false) { this.emitOtpAction(); } }); From 5076ed2e1f846f8797b6a58d58ed83c7ec5942b5 Mon Sep 17 00:00:00 2001 From: smarcet Date: Tue, 23 Jun 2026 13:53:12 -0300 Subject: [PATCH 2/2] fix: allow CORS on .well-known/openid-configuration endpoint --- config/cors.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/cors.php b/config/cors.php index 0a699749..8a9a2596 100644 --- a/config/cors.php +++ b/config/cors.php @@ -15,7 +15,7 @@ | */ - 'paths' => ['api/*', 'oauth2/*'], + 'paths' => ['api/*', 'oauth2/*', '.well-known/openid-configuration'], 'allowed_methods' => [ 'POST',