DEV Community

loading...

Manual auth in Laravel: email verification

jeroenvanrensen profile image Jeroen van Rensen ・3 min read

With the arrival of Laravel 8, new ways for authentication have been added to the Laravel ecosystem. Fortify, Jetstream and Breeze. Although these tools can save you a lot of time, often when you want something more complex they cost you more time.

Fortunately, Laravel allows you to add manual auth without the use of any package, just Laravel's core. In this series, we're going to learn how to add manual auth in Laravel.

These topics will be covered:

Note: For the examples in this series, I've chosen to use controllers and blade views. But you can also use other technologies, like Livewire or Inertia.js.

Preparation

Before adding the verification functionality, we first have to prepare the User model.

Add MustVerifyEmail in your User model:

// app/Models/User.php

use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable implements MustVerifyEmail
{
    //
}
Enter fullscreen mode Exit fullscreen mode

Next, verify that the Registered event is dispatched after registering:

// app/Http/Controllers/Auth/RegisterController.php

use App\Http\Controllers\Controller;
use Illuminate\Auth\Events\Registered;

class RegisterController extends Controller
{
    public function show()
    {
        //
    }

    public function handle()
    {
        //

        event(new Registered($user));
    }
}
Enter fullscreen mode Exit fullscreen mode

Getting started

Now that we've done the preparation, we can get started.

The email verification feature exists of three parts:

  1. A page to tell the user that they have to verify their email address
  2. A button where a user can click to request another link
  3. A route to verify the email address after clicking on a button in an email

1. A page to tell the user that they have to verify their email address

First, we'll create a controller called Auth\EmailVerificationController:

// app/Http/Controllers/Auth/EmailVerificationController.php

use App\Http\Controllers\Controller;

class EmailVerificationController extends Controller
{
    public function show()
    {
        return view('auth.verify-email');
    }
}
Enter fullscreen mode Exit fullscreen mode

Next, we'll create a view to tell the user that they have to verify their email address. For example:

<!-- resources/views/auth/verify-email.blade.php -->

<h1>Verify email</h1>

<p>Please verify your email address by clicking the link in the mail we just sent you. Thanks!</p>
Enter fullscreen mode Exit fullscreen mode

Finally, we'll add the necessary route:

// routes/web.php

use Illuminate\Support\Facades\Route;

Route::get('/verify-email', [EmailVerificationController::class, 'show'])
    ->middleware('auth')
    ->name('verification.notice'); // <-- don't change the route name
Enter fullscreen mode Exit fullscreen mode

2. A button where a user can click to request another link

In case the user can't find the link anymore, or it has expired, the user should be able to request another link.

First, we'll add the logic in the EmailVerificationController:

// app/Http/Controllers/Auth/EmailVerificationController.php

use App\Http\Controllers\Controller;

class EmailVerificationController extends Controller
{
    public function request()
    {
        auth()->user()->sendEmailVerificationNotification();

        return back()
            ->with('success', 'Verification link sent!');
    }
}
Enter fullscreen mode Exit fullscreen mode

Next, we'll add a form in our view to allow the user to request another link:

<!-- resources/views/auth/verify-email.blade.php -->

<form action="{{ route('verification.request') }}" method="post">
    <button type="submit">Request a new link</button>
</form>
Enter fullscreen mode Exit fullscreen mode

And finally, we'll add the necessary route to make this work:

// routes/web.php

use Illuminate\Support\Facades\Route;

Route::post('/verify-email/request', [EmailVerificationController::class, 'request'])
    ->middleware('auth')
    ->name('verification.request');
Enter fullscreen mode Exit fullscreen mode

3. A route to verify the email address after clicking on a button in an email

The last and most important step is to allow the user to click the link in the email we sent.

As always, we'll first add the controller method:

// app/Http/Controllers/Auth/EmailVerificationController.php

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\EmailVerificationRequest;

class EmailVerificationController extends Controller
{
    public function verify(EmailVerificationRequest $request)
    {
        $request->fulfill();

        return redirect()->to('/home'); // <-- change this to whatever you want
    }
}
Enter fullscreen mode Exit fullscreen mode

Afterward, we'll add the routing:

// routes/web.php

use Illuminate\Support\Facades\Route;

Route::post('/verify-email/{id}/{hash}', [EmailVerificationController::class, 'verify'])
    ->middleware(['auth', 'signed']) // <-- don't remove "signed"
    ->name('verification.verify'); // <-- don't change the route name
Enter fullscreen mode Exit fullscreen mode

Protecting routes

For every route that you want to protect from unverified users, add the verified middleware. For example:

// routes/web.php

use Illuminate\Support\Facades\Route;

Route::post('/posts', [PostController::class, 'create'])
    ->middleware(['auth', 'verified']) // <!-- add the "verified" middleware
    ->name('posts.create');
Enter fullscreen mode Exit fullscreen mode

Conclusion

This is the end of this tutorial. Thanks for reading!

Discussion (0)

pic
Editor guide