Laravel and jwt-auth. How to check if user email is verified

0
votes

I'm using Jwt auth: "tymon/jwt-auth": "0.5.*" in laravel. I need to add a check in it's login call of API to check if user email is verified or not. If not verified then return error message.

I'm unable to find the code of it. Where does "oauth/token" API call goes?

I'm unable to find it's code so that I can integrate that check there.

3
phplaravelapijwt
You need that while authorizing user? github.com/tymondesigns/jwt-auth/wiki/AuthenticationTarasovych
@Tarasovych yes, during login authorization of user, I need to check if email is verified or not.Umair Malik
Put your logic inside authenticate() after grabbing credentialsTarasovych
@Tarasovych I've tried that, but it's not coming inside that method. I've even changed name of Controller but it's still working.Umair Malik
@Tarasovych can you please confirm if "/oauth/token" is the default route for jwt login authentication? I'm asking this because I'm unable to find this route anywhere in API.php, api call is not even coming in controllers. where else it's code could be then?Umair Malik

3 Answers

1
votes

I had also faces the simile difficulty, and there is no direct solution for that, so after auth attempt I added my own method/logic to check the same.

Here is a sample code for that.

public function login(Request $request)
{
    try
    {
        $credentials = $request->only(['email', 'password']);
        if (!$token       = auth()->attempt($credentials))
        {
            return response()->json(['error' => 'invalid credentials'], 401);
        }
        //if you reached here then user has been authenticated
        if (empty(auth()->user()->email_verified_at))
        {
            return response()->json(['error' => 'Your have not verified your email.'], 401);
        }
        return response()->json([
                    'access_token' => $token,
                    'token_type'   => 'bearer',
                    'expires_in'   => auth()->factory()->getTTL() * 60
                        ], 200);
    }
    catch (JWTException $e)
    {
        // something went wrong whilst attempting to encode the token
        return response()->json(['error' => 'could not create token'], 500);
    }
}

Please Note: In the above example I used tymon/jwt-auth v1.0 & Laravel v7

Hope this helps!

0
votes

I can make you direction how you can make it. Fistable add column in users table for example 'confirmed' and add it into fillable in User model. That column will be 0 or false by default and 'validation_string' which be default null. And after user register send him a link to his mail. And when he click into link he will visit your website link you will set that validation_string to be null and that user is valid. And when he will login he will get JWT token but before you generate him token, and after validation username/email with password check that 'confirmed' is it 1 or true. And that is that :)

0
votes

This will validate the data coming in, attempt a login, then check their email verification status.

NOTE - I'm using custom helper methods for the response.

/**
     * Get a JWT via given credentials.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function login(Request $request)
    {
        $validator = Validator::make($request->all(), [
            'email' => 'required|email:filter',
            'password' => 'required|string|min:8',
        ]);

        if ($validator->fails()) {
            return $this->responseUnprocessable($validator->errors());
        }

        if (! $token = auth()->attempt($validator->validated())) {
            return $this->responseUnauthorized();
        }

        if (! auth()->user()->hasVerifiedEmail()) {
            return $this->responseForbidden('Please verify your email address before logging in. You may request a new link here [xyz.com] if your verification has expired.');
        }

        return $this->createNewToken($token);
    }