I'm trying to use laravel's 5.7 email verification to send an email when an account is registered. I have an event that fires that send the url when a user is registered. The event dispatch can be seen here.
protected function registered(Request $request, $user)
{
UserRegistered::dispatch($user);
}
The event fires and a listener sends an email by using the following code.
public function handle(UserRegistered $event)
{
$event->user->notify(new VerifyEmail);
}
This then does send the email verification mail to my email address so the event is working. However the issue I'm having is the verification email link that is contained in the email is incorrect.
http://localhost/email/verify/19?expires=1544182945&signature=b4337e1c7e07a7e7117a8696a30b456ab2a304cdea563ca7aea6c90bb9a2541f
Here is what is being sent by email. However the app url should not be localhost and instead by core-site.test. e.g. http://core-site.test/email/verify etc...
Does anyone know why the url is incorrect and how I can fix it?
Related
I'm currently making an API for a mobile app but I think I'm a bit confused with how email verification and authentication is meant to work. I'm attempting to implement the following flow:
User registers in the mobile app and it sends a request to the API
Laravel creates the user and fires off an email
User receives the email and clicks on the link
Laravel verifies the user and redirects them to the mobile app via deep-link
However when the user clicks the email link a "route login not defined" error is rendered.
Which makes sense, because the user is not authenticated at the time. But am I getting this wrong?
Should I authenticate the user prior to sending the email? And will that work, given that we're using Sanctum rather than "regular" authentication?
Currently this is what I'm doing:
// web.php
Route::get('/email/verify/{id}/{hash}', [EmailVerificationController::class, 'verify'])
->middleware('signed') //note that I don't use the auth or auth:sanctum middlewares
->name('verification.verify');
// EmailVerificationController.php
public function verify(Request $request)
{
$user = User::findOrFail($request->id);
if ($user->email_verified_at) {
return '';
}
if ($user->markEmailAsVerified()) {
event(new Verified($user));
}
return redirect()->away('app://open'); // The deep link
}
Is there any security risk here? Should I at any point authenticate the user before or after they click the link?
I wanted to avoid rendering "web views" as much as possible.
I think that the best way is to implement two different paths based on the source of the user.
Regular email validation for users coming from a browser
The user will just follow the link delivered by email, you can do that with or without authentication (maybe with transparent cookie authentication). If the validation is fulfilled redirect them back to the home page.
Mobile users coming from the mobile application
I would send a PIN (with some kind of expire mechanism) via email and ask them to put it inside the APP to verify the account. This can even be protected with auth middleware using the JWT token with the verification API call.
I don't see any security issue with this last one.
I am trying to add verify email function in Laravel 5.8 i have 2 custom guards and need email verification for both guards. I am successfully verifying it for first guard but for 2nd guard verify email is not working.
Here is my verification controller.
public function __construct()
{
$this->middleware('auth:guard1');
$this->middleware('signed')->only('verify');
$this->middleware('throttle:6,1')->only('verify', 'resend');
}
If i add another line of $this->middleware('auth:guard2'); in construct function both of my verifications are not working. can anyone help me here how to send verification email for multiple guards and verify their emails?
Thanks!
I am using this function in laravel to send a mail.
Mail::send('blah', $data, function($message) {
// content
});
I want to check whether the email successfully sent or rejected.
I tried mail:failures() but it always show successfully sent.
Trying to figure out why ForgotPassword is not sending an email after upgrading to 5.3. I've traced it through PasswordBroker, User, CanResetPassword, and finally to RoutesNotifications::notify where it dips into the Service Container, and apparently sends the email instance on line 21 app(Dispatcher::class)->send([$this], $instance);, but no email is sent... any ideas?
I'm using the MailGun driver, and using the old mail API all the ported code is still working just reset password using the new notifications API is not.
I stuck a stub in ResetPassword::toMail, but it never invokes this method:
public function toMail()
{
Log::info('toMail');
return (new MailMessage)
->line('You are receiving this email because we received a password reset request for your account.')
->action('Reset Password', url('password/reset', $this->token))
->line('If you did not request a password reset, no further action is required.');
}
Okay, I found out why it doesn't invoke ResetPassword::toMail the RoutesNotifications::routeNotificationFor mail key returns $this->email, and we're using $this->username.
Reading the docs again after flipping through the code paid off since I recognized a bit more in the docs that I had already seen and now the heading caught my eye a bit more so just look at this to quickly solve this issue Customizing The Recipient
Im having trouble understanding how to process the data sent to my post route from the mandrill webhook.
I have set up my route and registered it in the mandrill settings. Sending a test from the dashboard works fine (webhook is triggered on send, open, and hard_bounce):
Route::post('/mailApi/webhooks', 'ContactController#postMandrill');
Currently, I'm just trying to ensure that I can receive the webhook and make sure that I understand the format.
I have created a function for in my ContactController for testing purposes:
public function postMandrill(){
$data = Input::get("mandrill_events");
$mandrill = new Mandrillemail;
$mandrill->event = $data;
$mandrill->msg_subject = 'test';
$mandrill->save();
}
When I send an email to trigger the webhook, I get no errors and nothing is saved in the database. It seems like the route isn't touched at all. What do I need to do to access the webhook?