Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEAT] Add Email Verification to User Registration #620

Open
remioluwatomi opened this issue Feb 26, 2025 · 3 comments
Open

[FEAT] Add Email Verification to User Registration #620

remioluwatomi opened this issue Feb 26, 2025 · 3 comments
Assignees
@remioluwatomi
Labels
mentor approved

Comments

@remioluwatomi
Copy link
Contributor

remioluwatomi commented Feb 26, 2025
edited
Loading

Add Email Verification for New Users

Description

Right now, users can sign up and log in without confirming their email addresses. This can cause security and user problems, such as:

  • Fake sign-ups from bots or bad users.
  • Unauthorized access using fake or wrong email addresses.
  • Trouble recovering accounts if the email is incorrect.

Without email verification, there is no way to confirm if users own the email they provide, which can lead to security issues and make the platform harder to use.

Acceptance Criteria

  • A newly registered user receives an email verification link.
  • Users cannot access protected routes unless their email is verified.
  • Clicking the verification link marks the user as verified in the database.
  • An endpoint exists to resend the verification email if needed.
  • If a user tries to access a protected route without verification, they receive an appropriate error response.
  • Email verification should use Laravel's built-in MustVerifyEmail feature.

Expected Outcome

  • Successful verification response: 
    {
  "message": "Email verified successfully",
  "status": "success",
  "status_code": 200,
  "data": {}
}
  • Failure response (Invalid or Expired Token): 
    {
  "status_code": 403,
  "message": "Email not verified. Please verify your email to 
   continue.",
  "status": "error",
 "data": []
}
  • Users who attempt to access protected routes without verification get a 403 response.
  • Users can request a resend verification email if they haven't received the initial email or they lost access to initial email.
  • The email_verified_at column in the users table is updated after successful verification.

Requirements

Routes Implemented

  1. Send verification email (automatic on registration)

    • Laravel sends this automatically when MustVerifyEmail is implemented on the User model.

  2. Verify email (GET /api/v1/auth/email/verify/{id}/{hash})

    • Laravel handles this with Auth::routes(['verify' => true]).
    • This route updates the email_verified_at column.

  3. Resend verification email (POST /api/v1/auth/email/verification-notification)

    • Users can request a new verification email if they didn't receive the first one.

  4. Protected routes using email.verified middleware:

    Route::middleware(['auth:api', 'email.verified'])->group(function () {
    Route::get('/dashboard', [DashboardController::class, 'index']);
});
    • Users cannot access these routes unless their email is verified.

Email verification improves security, prevents fake registrations, and ensures reliable account recovery.
@remioluwatomi
Copy link
Contributor Author

/assign @remioluwatomi

@remioluwatomi
Copy link
Contributor Author

email: [email protected]
slack display name: badboy_remy

@omotomiwa26
Copy link
Contributor

Use This Issue Template

@remioluwatomi remioluwatomi mentioned this issue Feb 28, 2025
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@remioluwatomi remioluwatomi

Labels
mentor approved
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@omotomiwa26 @remioluwatomi