如何在不要求用户登录Laravel的情况下验证电子邮件 [英] How to Verify Email Without Asking the User to Login to Laravel

问题描述

我正在开发Laravel应用程序.我的应用程序使用Laravel内置的身份验证功能.当用户注册时，在Laravel身份验证中，将发送验证电子邮件.当用户验证电子邮件时，请单击电子邮件中的链接，如果用户尚未登录，则必须再次登录以确认电子邮件.

I am developing a Laravel application. My application is using Laravel built-in auth feature. In the Laravel auth when a user registers, a verification email is sent. When a user verifies the email click on the link inside the email, the user has to login again to confirm the email if the user is not already logged in.

VerificationController

class VerificationController extends Controller
{
    use VerifiesEmails, RedirectsUsersBasedOnRoles;

    /**
     * Create a new controller instance.
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth');
        $this->middleware('signed')->only('verify');
        $this->middleware('throttle:6,1')->only('verify', 'resend');
    }

    public function redirectPath()
    {
        return $this->getRedirectTo(Auth::guard()->user());
    }
}

我尝试对此行发表评论.

I tried commenting on this line.

$this->middleware('auth');

但是它不起作用，而是抛出一个错误.即使用户未登录，如何使Laravel能够验证电子邮件?

But it's s not working and instead, throwing an error. How can I enable Laravel to be able to verify email even if the user is not logged in?

推荐答案

首先，像您一样删除 $ this-> middleware('auth'); 行.

First, remove the line $this->middleware('auth');, like you did.

接下来，将 verify 方法从 VerifyEmails 特征复制到您的 VerificationController 中，然后进行一些修改.该方法应如下所示:

Next, copy the verify method from the VerifiesEmails trait to your VerificationController and change it up a bit. The method should look like this:

public function verify(Request $request)
{
    $user = User::find($request->route('id'));

    if (!hash_equals((string) $request->route('hash'), sha1($user->getEmailForVerification()))) {
        throw new AuthorizationException;
    }

    if ($user->markEmailAsVerified())
        event(new Verified($user));

    return redirect($this->redirectPath())->with('verified', true);
}

这将覆盖 VerifyUsers 特性中的方法，并删除授权检查.

This overrides the method in the VerifiesUsers trait and removes the authorization check.

安全性(如果我输入错了，请纠正我！)

由于请求已签名并验证，因此它仍然是安全的.如果有人以某种方式访问​​了验证电子邮件，则可以验证另一个用户的电子邮件地址，但是在99％的情况下，这根本没有风险.

It's still secure, as the request is signed and verified. Someone could verify another user's email address if they somehow gain access to the verification email, but in 99% of cases this is hardly a risk at all.

这篇关于如何在不要求用户登录Laravel的情况下验证电子邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！