Trying to figure out why ForgotPassword is not sending an email after upgrading to 5.3. I've traced it through PasswordBroker, User, CanResetPassword, and finally to RoutesNotifications::notify where it dips into the Service Container, and apparently sends the email instance on line 21 app(Dispatcher::class)->send([$this], $instance);, but no email is sent... any ideas?
I'm using the MailGun driver, and using the old mail API all the ported code is still working just reset password using the new notifications API is not.
I stuck a stub in ResetPassword::toMail, but it never invokes this method:
public function toMail()
{
Log::info('toMail');
return (new MailMessage)
->line('You are receiving this email because we received a password reset request for your account.')
->action('Reset Password', url('password/reset', $this->token))
->line('If you did not request a password reset, no further action is required.');
}
Okay, I found out why it doesn't invoke ResetPassword::toMail the RoutesNotifications::routeNotificationFor mail key returns $this->email, and we're using $this->username.
Reading the docs again after flipping through the code paid off since I recognized a bit more in the docs that I had already seen and now the heading caught my eye a bit more so just look at this to quickly solve this issue Customizing The Recipient
Related
I'm currently making an API for a mobile app but I think I'm a bit confused with how email verification and authentication is meant to work. I'm attempting to implement the following flow:
User registers in the mobile app and it sends a request to the API
Laravel creates the user and fires off an email
User receives the email and clicks on the link
Laravel verifies the user and redirects them to the mobile app via deep-link
However when the user clicks the email link a "route login not defined" error is rendered.
Which makes sense, because the user is not authenticated at the time. But am I getting this wrong?
Should I authenticate the user prior to sending the email? And will that work, given that we're using Sanctum rather than "regular" authentication?
Currently this is what I'm doing:
// web.php
Route::get('/email/verify/{id}/{hash}', [EmailVerificationController::class, 'verify'])
->middleware('signed') //note that I don't use the auth or auth:sanctum middlewares
->name('verification.verify');
// EmailVerificationController.php
public function verify(Request $request)
{
$user = User::findOrFail($request->id);
if ($user->email_verified_at) {
return '';
}
if ($user->markEmailAsVerified()) {
event(new Verified($user));
}
return redirect()->away('app://open'); // The deep link
}
Is there any security risk here? Should I at any point authenticate the user before or after they click the link?
I wanted to avoid rendering "web views" as much as possible.
I think that the best way is to implement two different paths based on the source of the user.
Regular email validation for users coming from a browser
The user will just follow the link delivered by email, you can do that with or without authentication (maybe with transparent cookie authentication). If the validation is fulfilled redirect them back to the home page.
Mobile users coming from the mobile application
I would send a PIN (with some kind of expire mechanism) via email and ask them to put it inside the APP to verify the account. This can even be protected with auth middleware using the JWT token with the verification API call.
I don't see any security issue with this last one.
I'm trying to use laravel's 5.7 email verification to send an email when an account is registered. I have an event that fires that send the url when a user is registered. The event dispatch can be seen here.
protected function registered(Request $request, $user)
{
UserRegistered::dispatch($user);
}
The event fires and a listener sends an email by using the following code.
public function handle(UserRegistered $event)
{
$event->user->notify(new VerifyEmail);
}
This then does send the email verification mail to my email address so the event is working. However the issue I'm having is the verification email link that is contained in the email is incorrect.
http://localhost/email/verify/19?expires=1544182945&signature=b4337e1c7e07a7e7117a8696a30b456ab2a304cdea563ca7aea6c90bb9a2541f
Here is what is being sent by email. However the app url should not be localhost and instead by core-site.test. e.g. http://core-site.test/email/verify etc...
Does anyone know why the url is incorrect and how I can fix it?
I have mailgun set up and working just fine. The problem occurs when I try to send an email to an email which doesn't exists. Use can put any email so if the email is correct mailgun sends it perfectly. But if it is incorrect it generates an error in laravel applications
Swift_TransportException (554)
Expected response code 250 but got code "554", with message "554 Free
accounts are for test purposes only. Please upgrade or add the address to
authorized recipients in Account Settings.
How can I catcth this exception in laravel without generating errors?
I have mailgun setup and working with my custom domain name, as in, I can send test emails to me#mydomain.com but when I try to send to gmail I get the following error.
ClientException in RequestException.php line 107:
Client error: `POST https://api.mailgun.net/v3/mydomain.com/messages.mime` resulted in a `400 BAD REQUEST` response:
{
"message": "Please activate your Mailgun account. Check your inbox or log in to your control panel to resend the act (truncated...)
My mailgun account is setup to work with my domain name correctly and my custom email address doesn't match my site domain name and mail gets delivered to it from mailgun no problems...
MAIL_DRIVER=mailgun
MAILGUN_DOMAIN=mydomain.com
MAIL_HOST=smtp.mailgun.org
MAIL_PORT=587
MAIL_USERNAME=postmaster#mydomain.com
MAIL_PASSWORD=ljhasdlkfhklahsdfklhklasdhflkhasdlkfhkhasdkflh
MAILGUN_SECRET=key-asdflkhjaklsdfkljaslkdfjlkjasdfkj
MAIL_FROM=postmaster#mydomain.com
MAIL_ENCRYPTION=tls
Its weird that when trying to send to a gmail address it gives tells me I need to activate my mailgun account but when sending to a custom domain name address its works perfectly, anyone have any ideas.. Here is the function I am using to send the emails
Mail::send('emails.recontact', ['title' => $title, 'content' => $content], function ($message) use ($request){
$message->from( 'me#mysite.ie', $request->input('name') );
$message->to('myname#gmail.com');
$message->subject("Website Enquiry");
});
You may need to activate you account.
Please login to your mailgun account and make sure there is no a yellow message on the top of the screen that said:
"Please activate your account to start sending emails. We sent an activation email to {your_email}. Resend activation. Update email address."
This solved my problem :)
I am working on mailgun but i faced different problem when recipient reply mail stores instead of delivered
I am using Okta C# sdk. when I use Okta userclient.forgotpassword then it sending reset password mail to user but as a response it returns null.
Can anyone help how will I sure that it has sent reset email to user?
Dinesh,
This is the expected behavior: when you specify sendEmail=true with the Okta API, the response is empty if the email was sent (otherwise, you get an exception).
If you specify sendEmail=false, then the response provides the unique password reset url.
There can be a multitude of reasons why your users do not receive the password reset email that are beyond Okta's control, but if you get a null response, you should expect the email has indeed been successfully sent by Okta.
I hope this helps.