In my laravel application i am trying to use the verification functionality for newly registered users.
The current functionality is when a user registers they are shown a page prompting them to check their email. The user clicks the link in the email to verify their email they are then redirected to /account which as an Auth protected route. However when the user then tries to navigate to another Authed route they are redirected to the login page!
From some research people are saying this is expected that the user would have to login in again but this is a terrible user experience to me.
I did try to modify the verify method in the VerificationController like this:
public function verify(Request $request)
{
$userId = $request->route('id');
$user = User::findOrFail($userId);
Auth::login($user);
if ($user->markEmailAsVerified()) {
event(new Verified($user));
}
return redirect($this->redirectPath());
}
No such luck!
Ideally i want the user to click the link in the email and they then remain logged in for their session.
Any help would be great!
Related
I am using Laravel make:auth command and email verification of user. Now facing an issue that when any one visiting my web site the authentication will raise and redirect user to login page if the user not register it should register first and verify email before starting to visit my web site. I am wanted to show all my routs to any one without login or without registration. And also i need to verify user email when they register. it showing the routs to only registered and login users, but I am wanted to show every one.
public function __construct()
{
$this->middleware(['auth' => 'verified']);
}
after verifying email it shows the routs.
if I comment this code it will work fine but also i need to verify email.
this depends on how protective are you with the data to be shown to the visitors.
one method you can try is to use no middleware for those routes you want all of the viewers to visit and use a simple if else condition to show the respective view:
public function __construct()
{
// no middleware
}
public funtion index() {
if(Auth::check()) {
return view('logged.blade.php'); // for logged in users
}
return view('general.blade.php'); // for all visitors
}
I need to manually login a user in Laravel 5.7 via Auth. Once I run Auth::loginUsingId($userId, true) I then relocate the user to his Account page.
The point of this is for a user coming through a token can be logged in into the website, without adding his credentials again.
I've tried anything I could find online, including moving the Session from MiddlewareGroup to Middleware, checking the Cookie name and some other things that didn't work.
My Controller looks something like this:
public function loginExternal(Request $request) {
$userId = $request->uid;
Auth::loginUsingId($userId, true);
redirect()->to('/account')->send();
}
and the route for it is pretty simple:
Route::get('/oneclick/{token}', 'Auth\AccountController#loginExternal')->middleware('signed')->name('oneclick');
I would expect the user to be logged in and taken to his account automatically. Now it just sends me to the login page.
What I noticed is that the loginUsingId() method generates a new session id only in this controller, but in other pages of the website, the website is using a different session, the same one (which should happen).
I need to mention that the user does get loggedin in the LoginExternal method. It just doesn't persist to the account page.
Any ideas?
In controller:
public function loginExternal($id) {
$user = User::find($id);
if($user){
\Auth::loginUsingId($id, true);
return redirect('/account');
} else {
return redirect('/')->with('error_message', 'No user found!');
}
}
In route file (web.php)
Route::get('/oneclick/{id}', 'Auth\AccountController#loginExternal')->name('oneclick');
I use php artisan make:auth and laravel MustVerify to make member system work.
I want to change laravel register email verify system from
"Register ->Login ->
Verify email" to "Register -> Verify email -> Login"
Default laravel verify system is :
After user hit register button.
User auto login to system
show verify page
What I want, is :
User hit register button.
User have to verify email before they can login to system
How can I do that.
I think a simple way would be to add a field to the user called active or verified. In case the use did not verify their email they would not be allowed to login to the system (this can be easily achieved by overriding the login function with your own). This way the user can't access the system before he/she validates their email and that field is set to true. This also helps for later if you don't want to delete users and would rather deactivate them.
In Http\Controllers\Auth\RegisterController.php, insert this code on top part
use Illuminate\Http\Request;
use Illuminate\Auth\Events\Registered;
and override the register method in RegistersUsers trait by simply writing this code to your RegisterController.php
public function register(Request $request)
{
$this->validator($request->all())->validate();
event(new Registered($user = $this->create($request->all())));
// $this->guard()->login($user);
return $this->registered($request, $user)
?: redirect($this->redirectPath());
}
Notice the commented code. That's where users auto login after registration.
The answer was already provided in Laracasts
After following the installation for enabling the new built-in email verification, all is working good (sending email after registration and clicking the activation enable the account).
But, I'm faced with the case where the user must be logged-in in order for the verification process to engage. Meaning, if the user is not logged in prior to use the verification link, he will be redirected to the login page and then be presented the /resources/view/auth/verify.blade.php page.
I am reaching out to the community to see if this it intentional, a bug or something I'm doing wrong? Did someone run in the same situation?
The site I'm setting up have public access to most pages, but restricted to some (for now the user portal). I set up the routes/web.php as follow:
// Authentication
Auth::routes(['verify' => true]);
Route::group(['middleware' => ['auth', 'verified'], 'as' => 'portal.', 'prefix' => '/portal'], function () {
Route::get('/', 'PortalController#index');
Route::get('/profile', 'PortalController#index')->name('profile');
Route::get('/orders', 'PortalController#index')->name('orders');
});
By tracing the verification process, I was able to find out the process is forcing a log-in in the VerificationController constructor via the middleware shown below.
public function __construct()
{
$this->middleware('auth');
$this->middleware('signed')->only('verify');
$this->middleware('throttle:6,1')->only('verify', 'resend');
}
By commenting the first line or adding ->except('verify'), the log-in page is not shown but an error is thrown at the Traits VerifiesEmails method Verify like below, since the user is obviously not logged it (the $request->user() is null).
public function verify(Request $request)
{
if ($request->route('id') == $request->user()->getKey() &&
$request->user()->markEmailAsVerified()) {
event(new Verified($request->user()));
}
return redirect($this->redirectPath())->with('verified', true);
}
My question, is there a way to get it to work without being loged-in beforehand, or is this the way the Verification process is implemented in 5.7? ... or what am I doing wrong?
is there a way to get it to work without being loged-in beforehand, or
is this the way the Verification process is implemented in 5.7? ... or
what am I doing wrong?
This is the way the Verification process is implemented in Laravel 5.7. Laravel uses signed URLs for verification. The URL is generated with an id parameter (id as user ID) and when the user clicks on the verification link, 3 checks are done:
Is the signature valid? (signed middleware)
What's the user ID in the signature? That's the ID that would ultimately be validated
Does the currently logged in user have the same ID?
You can always remove the third check by overriding the verify method in your VerificationController like so:
public function verify(Request $request)
{
$userId = $request->route('id');
$user = App\User::findOrFail($userId);
if ($user->markEmailAsVerified()) {
event(new Verified($user));
}
return redirect($this->redirectPath())->with('verified', true);
}
I had implemented entrust for roles and permissions. I have 3 Roles, super-admin, admin and customer.
Super Admin has access to Web-app (eg. www.myurl.com)
Admin has access through api only i.e. mobile app (eg. www.myurl.com/api/login) via api.php route
customer had access through api i.e. mobile app
Now, I found a bug that when admin tries to login via www.myurl.com.login with his credentials he is allowed to log in!!!
On further investigating, I found that I need to change the login method and provide role check while login, but I'm unable to get through. I changed the login function as below, but still admin and customers are able to login!!
public function login(Request $request)
{
$this->validateLogin($request);
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
//I updated the following code of default login function.
$checkAdmin = $this->attemptLogin($request);
$isAdmin = Auth::user();
if ( $checkAdmin && $isAdmin->hasRole('super')) {
//With super-admin if I do dd('hi') here, I am getting control
return $this->sendLoginResponse($request);
}
//But for other roles, it is directly taking them to the super-admin (home) page!!
.
. //Rest of the login function...
I tried to make dd(1) to know the flow, but for super-user I got dd response while for other user, it was not going in that block and redirecting non-super-admin roles to home page!!
I am using Laravel 5.4 and entrust package for Roles.