From 521a592d4360be0b21f5664259c976e5df0416f1 Mon Sep 17 00:00:00 2001
From: Franz Liedke <franz@develophp.org>
Date: Thu, 29 Nov 2018 00:33:42 +0100
Subject: [PATCH] Always invalidate all user email tokens

Reported by B. Dhiyaneshwaran of Geek Freak.
---
 .../core/src/User/Command/ConfirmEmailHandler.php      |  3 ++-
 framework/core/src/User/User.php                       | 10 ++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/framework/core/src/User/Command/ConfirmEmailHandler.php b/framework/core/src/User/Command/ConfirmEmailHandler.php
index cef9f70b8..feb80a11f 100644
--- a/framework/core/src/User/Command/ConfirmEmailHandler.php
+++ b/framework/core/src/User/Command/ConfirmEmailHandler.php
@@ -53,7 +53,8 @@ class ConfirmEmailHandler
         $user->save();
         $this->dispatchEventsFor($user);
 
-        $token->delete();
+        // Delete *all* tokens for the user, in case other ones were sent first
+        $user->emailTokens()->delete();
 
         return $user;
     }
diff --git a/framework/core/src/User/User.php b/framework/core/src/User/User.php
index 13d55dd1a..3fc2f2110 100644
--- a/framework/core/src/User/User.php
+++ b/framework/core/src/User/User.php
@@ -614,6 +614,16 @@ class User extends AbstractModel
         return $this->hasMany('Flarum\Notification\Notification');
     }
 
+    /**
+     * Define the relationship with the user's email tokens.
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\HasMany
+     */
+    public function emailTokens()
+    {
+        return $this->hasMany(EmailToken::class);
+    }
+
     /**
      * Define the relationship with the permissions of all of the groups that
      * the user is in.