Laravel-Backpack · tabacitu · Aug 31, 2023 · Aug 28, 2023 · Aug 28, 2023 · Aug 29, 2023
diff --git a/src/BackpackServiceProvider.php b/src/BackpackServiceProvider.php
@@ -131,8 +131,8 @@ public function registerMiddlewareGroup(Router $router)
             $router->aliasMiddleware('backpack.throttle.password.recovery', ThrottlePasswordRecovery::class);
         }
 
-        // register the email verification middleware, if the developer the config is enabled
-        if (config('backpack.base.setup_email_verification_routes', false)) {
+        // register the email verification middleware, if the developer enabled it in the config.
+        if (config('backpack.base.setup_email_verification_routes', false) && config('backpack.base.add_verified_to_backpack_middleware', true)) {
             $router->pushMiddlewareToGroup($middleware_key, EnsureEmailVerification::class);
         }
     }

diff --git a/src/app/Http/Controllers/Auth/RegisterController.php b/src/app/Http/Controllers/Auth/RegisterController.php
@@ -6,6 +6,7 @@
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller;
+use Illuminate\Support\Facades\Cookie;
 use Illuminate\Support\Facades\Validator;
 
 class RegisterController extends Controller
@@ -113,12 +114,13 @@ public function register(Request $request)
         $user = $this->create($request->all());
 
         event(new Registered($user));
-        $this->guard()->login($user);
-
         if (config('backpack.base.setup_email_verification_routes')) {
-            return view(backpack_view('auth.verify_email'));
+            Cookie::queue('backpack_email_verification', $user->{config('backpack.base.email_column')}, 30);
+            return redirect(route('verification.notice'));
         }
 
+        $this->guard()->login($user);
+
         return redirect($this->redirectPath());
     }
 

diff --git a/src/app/Http/Controllers/Auth/VerifyEmailController.php b/src/app/Http/Controllers/Auth/VerifyEmailController.php
@@ -7,7 +7,8 @@
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller;
 use Prologue\Alerts\Facades\Alert;
-use Throwable;
+use Exception;
+use Illuminate\Support\Facades\Cookie;
 
 class VerifyEmailController extends Controller
 {
@@ -20,15 +21,11 @@ class VerifyEmailController extends Controller
      */
     public function __construct()
     {
-        $this->middleware(backpack_middleware());
-
-        try {
-            $signedMiddleware = new (app('router')->getMiddleware()['signed'])();
-        } catch(Throwable) {
+        if(! app('router')->getMiddleware()['signed'] ?? null) {
             throw new Exception('Missing "signed" alias middleware in App/Http/Kernel.php. More info: https://backpackforlaravel.com/docs/6.x/base-how-to#enable-email-verification-in-backpack-routes');
         }
 
-        $this->middleware($signedMiddleware)->only('verifyEmail');
+        $this->middleware('signed')->only('verifyEmail');
         $this->middleware('throttle:'.config('backpack.base.email_verification_throttle_access'))->only('resendVerificationEmail');
 
         if (! backpack_users_have_email()) {
@@ -38,8 +35,14 @@ public function __construct()
         $this->redirectTo = $this->redirectTo !== null ? $this->redirectTo : backpack_url('dashboard');
     }
 
-    public function emailVerificationRequired(): \Illuminate\Contracts\View\View
+    public function emailVerificationRequired(): \Illuminate\Contracts\View\View|\Illuminate\Http\RedirectResponse
     {
+        $user = $this->getUserFromCookie();
+
+        if (! $user) {
+            return redirect()->route('backpack.auth.login');
+        }
+
         return view(backpack_view('auth.verify-email'));
     }
 
@@ -50,6 +53,12 @@ public function emailVerificationRequired(): \Illuminate\Contracts\View\View
      */
     public function verifyEmail(EmailVerificationRequest $request)
     {
+        $user = $this->getUser($request);
+
+        if (! $user) {
+            return redirect()->route('backpack.auth.login');
+        }
+
         $request->fulfill();
 
         return redirect($this->redirectTo);
@@ -60,10 +69,28 @@ public function verifyEmail(EmailVerificationRequest $request)
      */
     public function resendVerificationEmail(Request $request): \Illuminate\Http\RedirectResponse
     {
-        $request->user(backpack_guard_name())->sendEmailVerificationNotification();
+        $user = $this->getUser($request);
 
+        if(! $user) {
+            return redirect()->route('backpack.auth.login');
+        }
+
+        $user->sendEmailVerificationNotification();
         Alert::success('Email verification link sent successfully.')->flash();
 
         return back()->with('status', 'verification-link-sent');
     }
+
+    private function getUser(Request $request): ?\Illuminate\Contracts\Auth\MustVerifyEmail
+    {
+        return $request->user(backpack_guard_name()) ?? $this->getUserFromCookie();
+    }
+
+    private function getUserFromCookie(): ?\Illuminate\Contracts\Auth\MustVerifyEmail
+    {
+        if (Cookie::has('backpack_email_verification')) {
+            return config('backpack.base.user_model_fqn')::where('email', Cookie::get('backpack_email_verification'))->first();
+        }
+        return null;
+    }
 }
diff --git a/src/app/Http/Requests/EmailVerificationRequest.php b/src/app/Http/Requests/EmailVerificationRequest.php
@@ -3,11 +3,20 @@
 namespace Backpack\CRUD\app\Http\Requests;
 
 use Illuminate\Foundation\Auth\EmailVerificationRequest as OriginalEmailVerificationRequest;
+use Illuminate\Support\Facades\Cookie;
 
 class EmailVerificationRequest extends OriginalEmailVerificationRequest
 {
     public function user($guard = null)
     {
-        return parent::user(backpack_guard_name());
+        return parent::user(backpack_guard_name()) ?? $this->getUserFromCookie();
+    }
+
+    private function getUserFromCookie()
+    {
+        if (Cookie::has('backpack_email_verification')) {
+            return config('backpack.base.user_model_fqn')::where('email', Cookie::get('backpack_email_verification'))->first();
+        }
+        return null;
     }
 }
diff --git a/src/app/Library/Auth/AuthenticatesUsers.php b/src/app/Library/Auth/AuthenticatesUsers.php
@@ -6,6 +6,7 @@
 use Illuminate\Http\Response;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Validation\ValidationException;
+use Illuminate\Support\Facades\Cookie;
 
 trait AuthenticatesUsers
 {
@@ -47,6 +48,18 @@ public function login(Request $request)
         }
 
         if ($this->attemptLogin($request)) {
+            if (config('backpack.base.setup_email_verification_routes', false) ) {
+                $user = $this->guard()->user();
+                if ($user->email_verified_at) {
+                    return $this->sendLoginResponse($request);
+                } else {
+                    $this->guard()->logout();
+                    Cookie::queue('backpack_email_verification', $user->{config('backpack.base.email_column')}, 30);
+                    return $request->wantsJson()
+                        ? new Response('Email verification required', 403)
+                        : redirect(route('verification.notice'));
+                }
+            }
             return $this->sendLoginResponse($request);
         }
 

diff --git a/src/config/backpack/base.php b/src/config/backpack/base.php
@@ -56,11 +56,16 @@
     // (you then need to manually define the routes in your web.php)
     'setup_password_recovery_routes' => true,
 
-    // Set this to true if you would like to enable email verification for your Authenticable model.
-    // Make sure your Authenticable model implements the MustVerifyEmail contract and your
-    // database table contains the email_verified_at column.
+    // Set this to true if you would like to enable email verification for your user model.
+    // Make sure your user model implements the MustVerifyEmail contract and your database 
+    // table contains the `email_verified_at` column. Read the following before enabling:
     // https://backpackforlaravel.com/docs/6.x/base-how-to#enable-email-verification-in-backpack-routes
     'setup_email_verification_routes' => false,
+
+    // We will automatically add the Verified middleware to the Backpack midleware group
+    // if you disable this you must manually add the verified route middleware to 
+    // the routes you would like to be accessed only by verified users.
+    'add_verified_to_backpack_middleware' => true,
 
     // How many times in any given time period should the user be allowed to
     // request a new verification email?

diff --git a/src/resources/views/ui/errors/layout.blade.php b/src/resources/views/ui/errors/layout.blade.php
@@ -1,10 +1,5 @@
-@php
-  // check if user is logged in and verified
-  $isLoggedInAndVerified = backpack_user() && (config('backpack.base.setup_email_verification_routes', false) ? backpack_user()->hasVerifiedEmail() : true);
-@endphp
-
-{{-- show error using sidebar layout if looged in AND on an admin page; otherwise use a blank page --}}
-@extends(backpack_view($isLoggedInAndVerified && backpack_theme_config('layout') ? 'layouts.'.backpack_theme_config('layout') : 'errors.blank'))
+{{-- show error using sidebar layout if logged in AND on an admin page; otherwise use a blank page --}}
+@extends(backpack_view(backpack_user() && backpack_theme_config('layout') ? 'layouts.'.backpack_theme_config('layout') : 'errors.blank'))
 
 @section('content')
 <div class="row">
@@ -17,7 +12,7 @@
     <div class="error_title text-muted">
       @yield('title')
     </div>
-    @if($isLoggedInAndVerified)
+    @if(backpack_user())
     <div class="error_description text-muted">
       <small>
         @yield('description')