I am using Laravel 8 with Fortify.
Everything is working Fine so far apart from email verification.
The Issue
When a user registers successfully they receive an email containing a signed url.
When the url is clicked, the user is redirected to the login page.
The user signs in.
verified_at field in db is not updated
Here is a generated link from the email
https://certhub.test/email/verify/1/7c9f29d87b505da773415b7e0369368e6eaf5fa6?expires=1643801371&signature=a255a0f05fcdb9a23cb7dba392e39317db3cd6657b69d7799c4840008d1633e0
Has anyone experienced this issue?
I spent a good 2 days to fix mine and my problem was I had 'same_site' set to strict in my sessions.php and changing to lax did the job for me.
Related
I set up a user registration in Laravel 8, with the help of Fortify.
I works pretty much as I expected, except that I would like to trigger a specific action when a user clicks the verification link. (When verification succeeded, that is.)
I know I can specify a redirection url through the home parameter in config/fortify.php, but this also applies to regular sign-in action. I would like something specific to email verification.
Any idea how I could at least check if the email has just been verified ?
You have to Listen to an event, that way you can know when someone got verified and do something.
This is the source code, so you can see it is dispatching event(new Verified($request->user()));, so you have to listen to Illuminate\Auth\Events\Verified event.
I was wondering what the best practices for allowing users to automatically login after registration.
In particular does anyone know any php applications auto login after registering.
Honestly, I think it is a horrible idea, but was wondering if anyone knew why the majority of websites don't automatically login newly registered users.
By default, Laravel's Auth scaffolding logs you in automatically after registration, unless (only in Laravel 5.7) requiring email verification is enabled.
In Laravel 5.7, if you do have email verification enabled, you can still log the user in but only allow certain pages to be accessed only if they have verified their email. So, while the user would still be technically logged in, they haven't verified their email yet thus disabling them from accessing certain content.
An example might be allowing them to log in to be presented with a "Must verify your email" prompt.
In general, I think it's a good idea to require user verification.
The server, Ubuntu 16.04, with Nginx webserver.
I am running 2 virtual hosts, both have Laravel apps running. One is Laravel 5.1, the other is 5.4.
I have the same contact us form under both Laravel instances. The sendmail function on the controller is the same for both (I know I need to refactor this functionality off of the controller :-) ) Both have the same config/mail.php settings. .env is the same on both, other than the username and password. Both gmail accounts have insecure applications enabled / allowed.
The one running under Laravel 5.1 works perfectly. The one under 5.4 gives a timeout error when trying to connect to gmail.
Any ideas on what the fix should be?
The solution appears to be related to the Gmail password. The client insisted on an easily remembered password. I changed to a more complex password, and everything worked.
I did read a post that said that Google does not like automated accesses with insecure passwords. Sorry, I cannot reference that post - can't find it again.
Apparently, the solution is to use a secure password. I merely added special characters to the client's desired password.
I hope this helps someone else.
I am working on a Laravel 4.2 project.
I already have implemented an email activation module for new user registration. Whenever a new user registers, I provide an activation link to him in an email and clicking on link, I compare the token (a random string with 30 characters) I have provided with link and user's email address with database records. If found to be matching, I just set is_active field of users table to true and redirect him to login page with a Congratulations message for successful activation.
But now, I DON'T want him to redirect to login page, but if successful activation, I want him logged in directly to his account.
But I believe that authenticate an user with just a string token and email address is not a secure way.
There must be something that I can trust on. Many sites do this including stackoverflow itself but I am not sure how?
Can you please guide me how to do this?
I'm working on a reasonably fresh install of umbraco (7.1.8). I've only installed three plugins at the moment, so I don't believe they are the issue.
If I login using the id created during the install process, I can login fine. But now I want to start adding other users to allow them to add content, and I can't seem to get the users created so they can get access to the back end.
I've double and triple checked the passwords (even using the reset password and copy/pasting from one browser to the next). I've tried using both the email address and the login, but no joy in either scenario. I've tried to just make this first account an admin - no joy.
I opened the console and found this error on the console:
POST /umbraco/backoffice/UmbracoApi/Authentication/PostLogin 400 Bad Request 114ms
I'm hoping it's something glaringly obvious, but I can't see it for the life of me.
Had a similar issue a while back in version 6 where members created programmatically would not be able to login once they updated their email address. Had to ensure that the login was the same as the email address in order for them to login the next time. It is rather confusing I must admit.
Ensure login field value of user = email address field value of user