Implement Laravel email verification (#421)

app/Http/Controllers/Auth/RegisterController.php

@@ -6,8 +6,8 @@
 use App\Http\Middleware\RedirectIfAuthenticated;
 use App\Http\Requests\RegisterRequest;
 use App\Jobs\RegisterUser;
-use App\Jobs\SendEmailConfirmation;
 use App\User;
+use Illuminate\Auth\Events\Registered;
 use Illuminate\Contracts\Validation\Validator as ValidatorContract;
 use Illuminate\Foundation\Auth\RegistersUsers;
 use Illuminate\Support\Facades\Validator;
@@ -59,7 +59,7 @@ protected function create(array $data): User
     {
         $user = $this->dispatchNow(RegisterUser::fromRequest(app(RegisterRequest::class)));
 
-        $this->dispatch(new SendEmailConfirmation($user));
+        event(new Registered($user));
 
         return $user;
     }

app/Http/Controllers/Auth/VerificationController.php

@@ -3,7 +3,12 @@
 namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
+use Illuminate\Auth\Access\AuthorizationException;
+use Illuminate\Auth\Events\Verified;
 use Illuminate\Foundation\Auth\VerifiesEmails;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Auth;
 
 class VerificationController extends Controller
 {
@@ -25,7 +30,68 @@ class VerificationController extends Controller
      *
      * @var string
      */
-    protected $redirectTo = '/home';
+    protected $redirectTo = '/dashboard';
+
+    /**
+     * Mark the authenticated user's email address as verified.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     *
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function verify(Request $request)
+    {
+        if (! hash_equals((string) $request->route('id'), (string) $request->user()->getKey())) {
+            throw new AuthorizationException();
+        }
+
+        if (! hash_equals((string) $request->hash, sha1($request->user()->emailAddress()))) {
+            throw new AuthorizationException();
+        }
+
+        if ($request->user()->hasVerifiedEmail()) {
+            $this->error('auth.confirmation.no_match');
+            return $request->wantsJson()
+                ? new Response('', 204)
+                : redirect($this->redirectPath());
+        }
+
+        if ($request->user()->markEmailAsVerified()) {
+            event(new Verified($request->user()));
+        }
+
+        $this->success('auth.confirmation.success');
+
+        return $request->wantsJson()
+            ? new Response('', 204)
+            : redirect($this->redirectPath())->with('verified', true);
+    }
+
+    /**
+     * Resend the email verification notification.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @return \Illuminate\Http\Response
+     */
+    public function resend(Request $request)
+    {
+        if ($request->user()->hasVerifiedEmail()) {
+            $this->error('auth.confirmation.already_confirmed');
+
+            return $request->wantsJson()
+                ? new Response('', 204)
+                : redirect($this->redirectPath());
+        }
+
+        $request->user()->sendEmailVerificationNotification();
+
+        $this->success('auth.confirmation.sent', Auth::user()->emailAddress());
+
+        return $request->wantsJson()
+            ? new Response('', 202)
+            : redirect()->route('dashboard')->with('resent', true);
+    }
 
     /**
      * Create a new controller instance.

app/User.php

@@ -8,12 +8,13 @@
 use App\Models\Reply;
 use App\Models\Series;
 use App\Models\Thread;
+use Illuminate\Contracts\Auth\MustVerifyEmail;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
 use Illuminate\Support\Facades\Auth;
 
-final class User extends Authenticatable
+final class User extends Authenticatable implements MustVerifyEmail
 {
     use HasTimestamps;
     use ModelHelpers;
@@ -83,6 +84,11 @@ public function githubUsername(): string
         return $this->github_username;
     }
 
+    public function emailVerifiedAt(): ?string
+    {
+        return $this->email_verified_at;
+    }
+
     public function gravatarUrl($size = 100): string
     {
         $hash = md5(strtolower(trim($this->email)));
@@ -93,12 +99,12 @@ public function gravatarUrl($size = 100): string
 
     public function isConfirmed(): bool
     {
-        return (bool) $this->confirmed;
+        return ! $this->isUnconfirmed();
     }
 
     public function isUnconfirmed(): bool
     {
-        return ! $this->isConfirmed();
+        return is_null($this->emailVerifiedAt());
     }
 
     public function confirmationCode(): string

database/factories/UserFactory.php

@@ -3,7 +3,8 @@
 use App\User;
 use Illuminate\Support\Str;
 
-/** @var \Illuminate\Database\Eloquent\Factory $factory */
+/* @var \Illuminate\Database\Eloquent\Factory $factory */
+
 $factory->define(User::class, function (Faker\Generator $faker) {
     static $password;
 
@@ -20,6 +21,7 @@
         'banned_at' => null,
         'type' => User::DEFAULT,
         'bio' => $faker->sentence,
+        'email_verified_at' => null,
     ];
 });
 

database/migrations/2020_10_01_093001_add_email_verified_at_column_to_users.php

@@ -0,0 +1,15 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddEmailVerifiedAtColumnToUsers extends Migration
+{
+    public function up()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->timestamp('email_verified_at')->nullable();
+        });
+    }
+}

resources/views/forum/threads/show.blade.php

@@ -179,7 +179,7 @@ class="forum-content"
                     @else
                         <div class="bg-gray-400 rounded p-4 text-gray-700 my-8">
                             <p>You'll need to verify your account before participating in this thread.</p>
-                            <p><a href="{{ route('email.send_confirmation') }}" class="text-green-dark">Click here to resend the verification link.</p>
+                            <p><a href="{{ route('verification.resend') }}" class="text-green-dark">Click here to resend the verification link.</p>
                         </div>
                     @endif
                 @endcan

resources/views/vendor/notifications/email.blade.php

@@ -0,0 +1,16 @@
+@component('mail::message')
+# Welcome to Laravel.io!
+
+Thanks for joining up with the [Laravel.io](https://laravel.io) community!
+
+We just need to confirm your email address so please click the button below to confirm it:
+
+@component('mail::button', ['url' => $actionUrl])
+Confirm Email Address
+@endcomponent
+
+We hope to see you soon on the portal.
+
+Regards,<br>
+{{ config('app.name') }}
+@endcomponent

routes/web.php

@@ -32,8 +32,8 @@
 
     // Email address confirmation
     Route::get('email-confirmation', 'EmailConfirmationController@send')->name('email.send_confirmation');
-    Route::get('email-confirmation/{email_address}/{code}', 'EmailConfirmationController@confirm')
-        ->name('email.confirm');
+    Route::get('email/verify/{id}', 'VerificationController@verify')->name('verification.verify');
+    Route::get('email/resend', 'VerificationController@resend')->name('verification.resend');
 
     // Social authentication
     Route::get('login/github', 'GithubController@redirectToProvider')->name('login.github');

tests/CreatesUsers.php

@@ -38,6 +38,7 @@ protected function createUser(array $attributes = []): User
             'email' => 'john@example.com',
             'password' => bcrypt('password'),
             'github_username' => 'johndoe',
+            'email_verified_at' => now()
         ], $attributes));
     }
 }

tests/Feature/AuthTest.php

@@ -2,12 +2,12 @@
 
 namespace Tests\Feature;
 
-use App\Mail\EmailConfirmationEmail;
 use Carbon\Carbon;
+use Illuminate\Auth\Events\Registered;
 use Illuminate\Contracts\Auth\PasswordBroker;
 use Illuminate\Foundation\Testing\DatabaseMigrations;
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Mail;
+use Illuminate\Support\Facades\Event;
 
 class AuthTest extends BrowserKitTestCase
 {
@@ -16,7 +16,7 @@ class AuthTest extends BrowserKitTestCase
     /** @test */
     public function users_can_register()
     {
-        Mail::fake();
+        Event::fake();
 
         session(['githubData' => ['id' => 123, 'username' => 'johndoe']]);
 
@@ -34,7 +34,7 @@ public function users_can_register()
 
         $this->assertLoggedIn();
 
-        Mail::assertSent(EmailConfirmationEmail::class);
+        Event::assertDispatched(Registered::class);
     }
 
     /** @test */
@@ -72,9 +72,9 @@ public function registration_fails_with_non_alpha_dash_username()
     /** @test */
     public function users_can_resend_the_email_confirmation()
     {
-        $this->login(['confirmed' => false]);
+        $this->login(['email_verified_at' => null]);
 
-        $this->visit('/email-confirmation')
+        $this->visit('/email/resend')
             ->seePageIs('/dashboard')
             ->see('Email confirmation sent to john@example.com');
     }
@@ -84,32 +84,32 @@ public function users_do_not_need_to_confirm_their_email_address_twice()
     {
         $this->login();
 
-        $this->visit('/email-confirmation')
+        $this->visit('/email/resend')
             ->seePageIs('/dashboard')
             ->see('Your email address is already confirmed.');
     }
 
-    /** @test */
-    public function users_can_confirm_their_email_address()
-    {
-        $user = $this->createUser(['confirmed' => false, 'confirmation_code' => 'testcode']);
+    // /** @test */
+    // public function users_can_confirm_their_email_address()
+    // {
+    //     $user = $this->createUser(['confirmed' => false, 'confirmation_code' => 'testcode']);
 
-        $this->visit('/email-confirmation/john@example.com/testcode')
-            ->seePageIs('/')
-            ->see('Your email address was successfully confirmed.');
+    //     $this->visit('/email-confirmation/john@example.com/testcode')
+    //         ->seePageIs('/')
+    //         ->see('Your email address was successfully confirmed.');
 
-        $this->seeInDatabase('users', ['id' => $user->id(), 'confirmed' => true]);
-    }
+    //     $this->seeInDatabase('users', ['id' => $user->id(), 'confirmed' => true]);
+    // }
 
-    /** @test */
-    public function users_get_a_message_when_a_confirmation_code_was_not_found()
-    {
-        $this->createUser(['confirmed' => false]);
+    // /** @test */
+    // public function users_get_a_message_when_a_confirmation_code_was_not_found()
+    // {
+    //     $this->createUser(['confirmed' => false]);
 
-        $this->visit('/email-confirmation/john@example.com/testcode')
-            ->seePageIs('/')
-            ->see('We could not confirm your email address. The given email address and code did not match.');
-    }
+    //     $this->visit('/email-confirmation/john@example.com/testcode')
+    //         ->seePageIs('/')
+    //         ->see('We could not confirm your email address. The given email address and code did not match.');
+    // }
 
     /** @test */
     public function users_can_login()
@@ -211,7 +211,7 @@ public function users_can_reset_their_password()
     /** @test */
     public function unconfirmed_users_cannot_create_threads()
     {
-        $this->login(['confirmed' => false]);
+        $this->login(['email_verified_at' => null]);
 
         $this->visit('/forum/create-thread')
             ->see('Please confirm your email address first.');

tests/Feature/ReplyTest.php

@@ -107,7 +107,7 @@ public function unconfirmed_users_cannot_see_the_reply_input()
     {
         $thread = factory(Thread::class)->create();
 
-        $this->login(['confirmed' => false]);
+        $this->login(['email_verified_at' => null]);
 
         $this->visit("/forum/{$thread->slug}")
             ->dontSee('name="body"')