We've recently built Upserver.online, a sophisticated health checker for Laravel applications with support for databases, queues, broadcasting, mail, caching, security checks and it even monitors your uptime, DNS records, SSL certificates and mixed content. Create an account and follow us on Twitter!

An add-on to Laravel's built-in email verification. Only update a user's email address if the new one is verified as well.

December 31, 2019

The Laravel framework has a built-in Email Verification feature that allows a user to verify its email address. It also comes with a Middleware that protects routes against unverified users. Resetting Passwords require a database table to store the reset tokens, but for Email Verification an approach without a database table has been chosen. This implementation requires the user to be logged in before it can verify its email address.

What about users who want to update their email address? Shouldn't those be verified as well? By updating the email column of a User, the new email address could be used immediately. This could be solved by resetting the email_verified_at column to null and then sending the user a new verification mail. What if a user mispelled the new email address? What if the verification mail is not delivered for some reason? The development of the new laravel-verify-new-email package was started to solve this problem. We then added a few extra features and eventually it became a drop-in replacement for the built-in solution of the framework.

Long story short, this package ensures that the email column is not updated until the new email address is verified. This way the user can continue to use the application with its old email address until the new one is verified. Users can verify without being logged in and it even has a setting to automatically log the user in after successfully completing the verification. The package provides a Controller to handle the verification logic and you can fully customize the Mailables and markdown views of the verification mails.

You can simply install the package with Composer and the only thing you have to is add the MustVerifyNewEmail trait to your User model. Now you can use the newEmail method to generate a verification token and send a verification mail to the new email address:

$user = User::create([
    'name' => 'John Appleseed',
    'email' => 'john@oldcompany.com'
]);

$user->newEmail('john@newcompany.com');

It has three helper methods to help you manage the verification flow:

$user->getPendingEmail(); // returns 'john@newcompany.com'

$user->resendPendingEmailVerificationMail(); // resends the verification mail to 'john@newcompany.com'

$user->clearPendingEmail(); // deletes the token and thereby invalidates the verification mail

If you want to use this package's logic to handle that first verification flow as well, you must override the sendEmailVerificationNotification method of your User Model.

<?php

namespace App;

use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use ProtoneMedia\LaravelVerifyNewEmail\MustVerifyNewEmail;

class User extends Authenticatable implements MustVerifyEmail
{
    use MustVerifyNewEmail, Notifiable;

    public function sendEmailVerificationNotification()
    {
        $this->newEmail($this->getEmailForVerification());
    }
}

There are two separate Mailables and markdown views to handle both this first verification flow as well as the update flow. Check out the documentation to read more about customizing and configuring the package. You can follow me on Twitter to stay up to date on our Laravel packages and other related tweets.