Social Authentication with Laravel
This episode is for members only

Sign up to access "Social Authentication with Laravel" right now.

Get started
Already a member? Sign in to continue
Playing
11. Triggering email verification

Episodes

0%
Your progress
  • Total: 1h 4m
  • Played: 0m
  • Remaining: 1h 4m
Join or sign in to track your progress

Transcript

00:00
Okay, so another thing that you might want to add is email verification, even if the user is signing up using a service. So before we do that, let's just add a really simple section down here on our page here, just to click through to log in and register with email, just so we can test this out. Okay, so I'm going to go ahead and create out a anchor in here,
00:21
and this is going to be login or and then I'm going to have another anchor for register with email. So we're going to give our users that option. Now these link through to the standard routes that we get with this starter kit. So we've got login and we have got register and let's just check that out.
00:41
And there we go. So we can click through to register like normal or log in without email and password. Okay, let's just start this up really quickly. So we have this in here. So I'm going to set the text to center text to small and a margin top of six. And then let's just style each of these links up with a text indigo of 500.
01:02
And we'll just copy that over to our register link as well. Okay, so there we go. I can go ahead and register a normal account, which is great. So I'm going to delete the user in here. And just before we register, we're going to head over to the user model. I'm going to enable email verification.
01:18
So I'm going to take the must verify email contract and implement it on here. And what that means is when we sign up, either with a social service that we're using, or if we sign up normally, that's going to not let us into specific sections. So let's just test this out. I'm just going to register a normal account in here.
01:41
And when we go over, we get an error. So this is one of the things we need to figure out, first of all, which is just setting up a mail server. So I'm going to use MailPix. This is pretty much set up, ready to go with Laravel. If you want to test this locally, you'll want to install this,
01:56
or you might have another method of doing this. So I'm going to go and set up a MailPix server. I'm going to go ahead and open this up. And we basically just now have a fake email inbox where Laravel will send all of these emails. So we'll just configure this really quickly by heading over to the mail section
02:16
and just setting this to 127.0.0.1. And that will send that over to MailPix. OK, so let's go over to our database and delete this user. And we'll just try this one more time. And that should send an email like so. Great. So now we're on this verify email route. If we check MailPix, that sent us an email.
02:38
We're not going to click on that just yet. I'm going to try and head over to the dashboard. Now, this is not working. The reason this isn't working, if we head over to our web routes and we find our dashboard, is we have this verified middleware. So that's preventing us to access that dashboard.
02:54
OK, so we've figured out verification, but we need to verify this. So we can go ahead and just hit verify email. And we're signed in. And of course, we can now access our dashboard. Now, that is great. But when we go and sign up with a social provider, this isn't quite going to work.
03:11
And I'll show you why, specifically with Laravel Breeze. So let's go ahead and log out. And let's go over here and get rid of this user. And I'm going to go ahead and sign in with Twitter or GitHub. It doesn't matter too much. When we're redirected back, sure enough, we need to verify our email.
03:26
Now, if we head over to MailPix and look in our inbox, an email address hasn't been sent. Why is that? Well, let's go over to the controllers that we have in Laravel Breeze and see what's happening. So if we go over and look inside of our controllers and see what we have here,
03:44
when we go and create an account, so when we register a user, we use this register users controller, which is what we've just done, which triggered that email. And when we store this, we validate everything. We create the user like we've been doing. But then we fire this registered event.
04:00
So that registered event inside of Laravel by default in the event service provider will go and send a verification email. So basically, when this event is triggered, do this and it will send the email for you. We don't really need to look inside of here, but that takes care of sending that email.
04:17
Now, the problem that we have is we're not using this controller when we are working with social authentication. What we're doing inside of our callback controller is creating the user depending on the service and not doing much else. So what we need to do is figure out how we do the same thing.
04:34
Now, this might seem pretty straightforward. Of course, what we could do is just go ahead and paste this into here. We could go ahead and bring this event in. We could assign this user here and then pass that in. And we could even tweak this around. So we could take this socialite user
04:53
and we could put that directly into there just to tidy stuff up. So get the socialite user, create the user, also grab a variable which contains the user, and then fire this event. Now, that is going to work. But let's look at the problem that we're going to come across.
05:09
So we'll come over to our database, get rid of this user, and let's try this again. So I'm going to go back to login. I'm going to go ahead and sign in with Twitter. That should fire that event. And we should get an email. And then we can verify our account. But let's look at what happens when we
05:29
try and sign in again. So let's keep an eye on our inbox here. And let's go back over, sign out, and log back in with Twitter and see what we get. OK. So we're coming back here. And let's look in MailPip. That is fine. But the email is not being retriggered.
05:47
But if you think about this, what we're doing is we're firing this event again. So when the user comes back to this to log in, not register an account, we're still firing this event. Now, behind the scenes, Laravel's clever enough not to send the email if we're already verified, which is great.
06:05
But we don't really, when the user logs in, want to fire this event. Because you might have other listeners in here which do something else when a user gets registered. So this just floating around here for login functionality is not great. So what we're going to do is just wrap this in a really simple if statement.
06:23
Now, users, when they get created, or any models, when they get created, have a wasRecentlyCreated property, which allows you to work out if they were recently created. So what we can do is we can just wrap this event being fired. And we can only do this if it was recently created,
06:43
e.g. if they were just created when they came back from the app that we're authenticating with. So all we're going to do in here is just say, well, if the user was recently created, then fire a registered event, which means they were just registered. So now this part will only fire when the user was created.
07:04
So just to test this out, I'm going to go ahead and log out registered event in here, just so we can keep an eye on this working. So I'm going to clear my Laravel logout. I'm going to go over to the database and delete this user.
07:18
And we're just going to start again. So let's give that a refresh. And we'll go back over to login. And let's sign in with any of these services.
07:28
And let's take a look. Great. So if we go over to our log, we see registered event. Great.
07:34
So let's go and verify our email address. And let's sign in again. And we shouldn't see that fire. So let's log in with Twitter that we've already registered with.
07:47
And sure enough, if we head over to our log, this has only been fired once. So that's really, really important. We don't want to fire this event if the user's already created. And we can do that with a was recently created property.

Episode summary

In this episode, we dive into implementing email verification for users, whether they sign up using standard email/password or through a social provider like Twitter or GitHub.

We start by adding some simple login and register links to our page so we can test the different registration flows. Then, we enable email verification by adding the necessary contract to our User model, which makes Laravel require an email verification for users before they can access protected routes (like a dashboard).

Next, we set up MailPip as a local fake mail server. This lets Laravel send verification emails to a mailbox we can check during development, making testing much easier.

After verifying that email verification works for standard registration, we notice that it's not working for users signing in through social providers. We dig into why this is the case and discover that the event responsible for sending the verification email (the Registered event) isn’t being triggered in our social login callback.

We update our social login controller to fire the event when a new user is created. However, we realize firing this every time (even on subsequent logins) isn’t ideal – Laravel is smart enough not to send a duplicate email, but other listeners on that event might still cause issues.

So, we wrap the event firing in a condition that only triggers if the user was just created (using the wasRecentlyCreated property). We test everything again and confirm that verification emails are only sent when needed.

By the end of this episode, you'll have a robust setup where new users always get verification emails, no matter how they register, and you avoid unnecessary event triggering or email spamming.

Episode discussion

No comments, yet. Be the first!