laravel · taylorotwell · Nov 16, 2018 · Nov 15, 2018 · Nov 15, 2018 · Nov 15, 2018
diff --git a/src/Illuminate/Foundation/Auth/VerifiesEmails.php b/src/Illuminate/Foundation/Auth/VerifiesEmails.php
@@ -4,6 +4,7 @@
 
 use Illuminate\Http\Request;
 use Illuminate\Auth\Events\Verified;
+use Illuminate\Auth\Access\AuthorizationException;
 
 trait VerifiesEmails
 {
@@ -25,13 +26,17 @@ public function show(Request $request)
     /**
      * Mark the authenticated user's email address as verified.
      *
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \Illuminate\Http\Request $request
      * @return \Illuminate\Http\Response
+     * @throws AuthorizationException
      */
     public function verify(Request $request)
     {
-        if ($request->route('id') == $request->user()->getKey() &&
-            $request->user()->markEmailAsVerified()) {
+        if ($request->route('id') != $request->user()->getKey()) {
+            throw new AuthorizationException();
+        }
+
+        if ($request->user()->markEmailAsVerified()) {
             event(new Verified($request->user()));
         }