Search code examples
laravelauthenticationverification

Laravel stuck on email/verify

I just applied the laravel email-verification and wanted to make sure my users are verified, before entering page behind the login.

I added the follwing code:

class User extends Authenticatable implements MustVerifyEmail
...
Auth::routes(['verify' => true]);
...
Route::get('management', function () {
    // Only verified users may enter...
})->middleware('verified');

If a user registers he gets a note and an email to verify his mail. He clicks the button in the mail, gets verified and everything works perfectly well.

But I discovered another case:
If the user registers and won't verify his mail, he will always get redirected to email/verify.

For example if accidentally having entered a wrong email, he can't even visit the register page, because even on mypage.com/register he gets redirected to mypage.com/email/verify!

Is this done on purpose by Laravel? Did I miss something? Do I have to / is it possible to exclude the login/register pages from verification?

Thank you in advance

Solution

  • I have this issue before, I have this way to resolve that, if you want to customize it you can consider this way.

    In LoginController.php you can add this a little bit code, I overwriting the default login method:

    public function login(Request $request)
{
    $this->validateLogin($request);
    $user = User::where($this->username(), $request->{$this->username()})->first();

    // If the class is using the ThrottlesLogins trait, we can automatically throttle
    // the login attempts for this application. We'll key this by the username and
    // the IP address of the client making these requests into this application.
    if (method_exists($this, 'hasTooManyLoginAttempts') &&
        $this->hasTooManyLoginAttempts($request)) {
        $this->fireLockoutEvent($request);

        return $this->sendLockoutResponse($request);
    }

    if ($user->hasVerifiedEmail()) {
        if ($this->attemptLogin($request)) {
            return $this->sendLoginResponse($request);
        }
    })

    // If the login attempt was unsuccessful we will increment the number of attempts
    // to login and redirect the user back to the login form. Of course, when this
    // user surpasses their maximum number of attempts they will get locked out.
    $this->incrementLoginAttempts($request);

    return $this->sendFailedLoginResponse($request);
}

    You can overwrite and add a new parameter to the sendFailedLoginResponse too to let the method know when to redirect to email/verify page or just add else in $user->hasVerifiedEmail() if block to redirect him to email/verify page

    EDIT:

    You can delete $this->middleware('guest') in LoginController and RegisterController to make logged in user can go to register and login page, but it will be weird if someone who already logged in can login or register again.