laravel · taylorotwell · Oct 12, 2020 · Oct 12, 2020
diff --git a/src/Http/Controllers/EmailVerificationNotificationController.php b/src/Http/Controllers/EmailVerificationNotificationController.php
@@ -19,7 +19,7 @@ public function store(Request $request)
         if ($request->user()->hasVerifiedEmail()) {
             return $request->wantsJson()
                         ? new JsonResponse('', 204)
-                        : redirect(config('fortify.home'));
+                        : redirect()->intended(config('fortify.home'));
         }
 
         $request->user()->sendEmailVerificationNotification();

diff --git a/src/Http/Controllers/EmailVerificationPromptController.php b/src/Http/Controllers/EmailVerificationPromptController.php
@@ -17,7 +17,7 @@ class EmailVerificationPromptController extends Controller
     public function __invoke(Request $request)
     {
         return $request->user()->hasVerifiedEmail()
-                    ? redirect(config('fortify.home'))
+                    ? redirect()->intended(config('fortify.home'))
                     : app(VerifyEmailViewResponse::class);
     }
 }
diff --git a/src/Http/Controllers/VerifyEmailController.php b/src/Http/Controllers/VerifyEmailController.php
@@ -18,13 +18,13 @@ class VerifyEmailController extends Controller
     public function __invoke(VerifyEmailRequest $request): RedirectResponse
     {
         if ($request->user()->hasVerifiedEmail()) {
-            return redirect(config('fortify.home').'?verified=1');
+            return redirect()->intended(config('fortify.home').'?verified=1');
         }
 
         if ($request->user()->markEmailAsVerified()) {
             event(new Verified($request->user()));
         }
 
-        return redirect(config('fortify.home').'?verified=1');
+        return redirect()->intended(config('fortify.home').'?verified=1');
     }
 }
diff --git a/tests/EmailVerificationNotificationControllerTest.php b/tests/EmailVerificationNotificationControllerTest.php
@@ -36,4 +36,20 @@ public function test_user_is_redirect_if_already_verified()
 
         $response->assertRedirect('/home');
     }
+
+    public function test_user_is_redirect_to_intended_url_if_already_verified()
+    {
+        $user = Mockery::mock(Authenticatable::class);
+
+        $user->shouldReceive('hasVerifiedEmail')->andReturn(true);
+        $user->shouldReceive('getAuthIdentifier')->andReturn(1);
+        $user->shouldReceive('sendEmailVerificationNotification')->never();
+
+        $response = $this->from('/email/verify')
+                        ->actingAs($user)
+                        ->withSession(['url.intended' => 'http://foo.com/bar'])
+                        ->post('/email/verification-notification');
+
+        $response->assertRedirect('http://foo.com/bar');
+    }
 }
diff --git a/tests/EmailVerificationPromptControllerTest.php b/tests/EmailVerificationPromptControllerTest.php
@@ -22,4 +22,34 @@ public function test_the_email_verification_prompt_view_is_returned()
         $response->assertStatus(200);
         $response->assertSeeText('hello world');
     }
+
+    public function test_user_is_redirect_home_if_already_verified()
+    {
+        $this->mock(VerifyEmailViewResponse::class)
+                ->shouldReceive('toResponse')
+                ->andReturn(response('hello world'));
+
+        $user = Mockery::mock(Authenticatable::class);
+        $user->shouldReceive('hasVerifiedEmail')->andReturn(true);
+
+        $response = $this->actingAs($user)->get('/email/verify');
+
+        $response->assertRedirect('/home');
+    }
+
+    public function test_user_is_redirect_to_intended_url_if_already_verified()
+    {
+        $this->mock(VerifyEmailViewResponse::class)
+                ->shouldReceive('toResponse')
+                ->andReturn(response('hello world'));
+
+        $user = Mockery::mock(Authenticatable::class);
+        $user->shouldReceive('hasVerifiedEmail')->andReturn(true);
+
+        $response = $this->actingAs($user)
+            ->withSession(['url.intended' => 'http://foo.com/bar'])
+            ->get('/email/verify');
+
+        $response->assertRedirect('http://foo.com/bar');
+    }
 }
diff --git a/tests/VerifyEmailControllerTest.php b/tests/VerifyEmailControllerTest.php
@@ -26,9 +26,11 @@ public function test_the_email_can_be_verified()
         $user->shouldReceive('hasVerifiedEmail')->andReturn(false);
         $user->shouldReceive('markEmailAsVerified')->once();
 
-        $response = $this->actingAs($user)->get($url);
+        $response = $this->actingAs($user)
+            ->withSession(['url.intended' => 'http://foo.com/bar'])
+            ->get($url);
 
-        $response->assertStatus(302);
+        $response->assertRedirect('http://foo.com/bar');
     }
 
     public function test_redirected_if_email_is_already_verified()