'Laravel 403 THIS ACTION IS UNAUTHORIZED. when email verifying
I looked up in Laravel/8.x docs and setup routes for email verification. Here are the routes:
Route::get('/email/verify', function () {
return view('auth.verify-email');
})->middleware('auth')->name('verification.notice');
Route::get('/email/verify/{id}/{hash}', function (EmailVerificationRequest $request) {
$request->fulfill();
return redirect('/home');
})->middleware(['auth', 'signed'])->name('verification.verify');
Route::post('/email/verification-notification', function (Request $request) {
$request->user()->sendEmailVerificationNotification();
return back()->with('message', 'Verification link sent!');
})->middleware(['auth', 'throttle:6,1'])->name('verification.send');
When i click on this <a href="{{ route('verification.verify', ['id' => \Illuminate\Support\Facades\Auth::id(), 'hash' => \Illuminate\Support\Facades\Auth::user()->password]) }}" class="text-sm text-gray-700 underline">Verify email</a> It gives me this error: 403 INVALID SIGNATURE.
EDIT:
I switched to signedRoute in my a tag and now i get 403 THIS ACTION IS UNAUTHORIZED..
Here is mechanism that leads to verification.verify route:
@if (Route::has('login'))
<div class="hidden fixed top-0 right-0 px-6 py-4 sm:block">
@auth
<a href="{{ url('/') }}" class="text-sm text-gray-700 underline">Home</a>
<a href="{{ URL::signedRoute('verification.verify', [
'id' =>Auth::id(),
'hash' => Auth::user()->password,
])}}" class="text-sm text-gray-700 underline">Verify email</a>
<a href="{{ route('logout') }}" class="text-sm text-gray-700 underline">Logout</a>
@else
<a href="{{ route('login') }}" class="text-sm text-gray-700 underline">Login</a>
@if (Route::has('register'))
<a href="{{ route('register') }}" class="ml-4 text-sm text-gray-700 underline">Register</a>
@endif
@endauth
</div>
@endif
In EmailVerificationRequest i've changed nothing:
under vendor\Laravel\Framework\src\Illuminate\Founndation\Auth\EmailVerificationRequest
<?php
namespace Illuminate\Foundation\Auth;
use Illuminate\Auth\Events\Verified;
use Illuminate\Foundation\Http\FormRequest;
class EmailVerificationRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
if (! hash_equals((string) $this->route('id'),
(string) $this->user()->getKey())) {
return false;
}
if (! hash_equals((string) $this->route('hash'),
sha1($this->user()->getEmailForVerification()))) {
return false;
}
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
//
];
}
/**
* Fulfill the email verification request.
*
* @return void
*/
public function fulfill()
{
if (! $this->user()->hasVerifiedEmail()) {
$this->user()->markEmailAsVerified();
event(new Verified($this->user()));
}
}
/**
* Configure the validator instance.
*
* @param \Illuminate\Validation\Validator $validator
* @return void
*/
public function withValidator($validator)
{
return $validator;
}
}
Solution 1:[1]
I know this topic is very old, but in case anyone is stuck here same me. I'm using Laravel 8 too and using the laravel/ui as my web auth scaffold. I searched the internet some says it about the Nginx's rewrite and some say it about the TrustProxies, but actually the issue for me is the verify link inside the email is:
https://test.com/email/verify/2?expires=1644740715&hash=b0f4f567f00280291e508b44f882f6efd494eb32&signature=2f998b6895ef7721b2905fbb432872b6181672de5aaf6e7f4be443d8184f6fc2
but the VerifiesEmails trait's verify function is
if (! hash_equals((string) $request->route('id'), (string) $request->user()->getKey())) {
throw new AuthorizationException;
}
if (! hash_equals((string) $request->route('hash'), sha1($request->user()->getEmailForVerification()))) {
throw new AuthorizationException;
}
Just change the $request->route('hash') to $request->get('hash') my problem solved.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | wulacacti |