From c45f48eb18fb5e73254bd7ddff4fc63f6b56a4b0 Mon Sep 17 00:00:00 2001
From: Tony Lea <tony@devdojo.com>
Date: Fri, 18 Apr 2025 09:55:01 -0400
Subject: [PATCH 1/2] Adding updates to the Verify Email Functionality

---
 .../Auth/VerifyEmailController.php            | 29 ++++++++++++++-----
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/app/Http/Controllers/Auth/VerifyEmailController.php b/app/Http/Controllers/Auth/VerifyEmailController.php
index 2477faa5..5aab4433 100644
--- a/app/Http/Controllers/Auth/VerifyEmailController.php
+++ b/app/Http/Controllers/Auth/VerifyEmailController.php
@@ -3,26 +3,39 @@
 namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
+use App\Models\User;
 use Illuminate\Auth\Events\Verified;
-use Illuminate\Foundation\Auth\EmailVerificationRequest;
+use Illuminate\Http\Request;
 use Illuminate\Http\RedirectResponse;
+use Illuminate\Support\Facades\Auth;
 
 class VerifyEmailController extends Controller
 {
     /**
      * Mark the authenticated user's email address as verified.
      */
-    public function __invoke(EmailVerificationRequest $request): RedirectResponse
+    public function __invoke(Request $request, int $id, string $hash): RedirectResponse
     {
-        if ($request->user()->hasVerifiedEmail()) {
-            return redirect()->intended(route('dashboard', absolute: false).'?verified=1');
+        if (! $request->hasValidSignature()) {
+            abort(403, 'Invalid or expired verification link.');
         }
-
-        if ($request->user()->markEmailAsVerified()) {
-            /** @var \Illuminate\Contracts\Auth\MustVerifyEmail $user */
-            $user = $request->user();
+    
+        $user = User::findOrFail($id);
+    
+        if (! hash_equals($hash, sha1($user->getEmailForVerification()))) {
+            abort(403, 'Invalid verification hash.');
+        }
+    
+        // Now you can verify the email
+        if (! $user->hasVerifiedEmail()) {
+            $user->markEmailAsVerified();
+            
+            // Fire event when email is verified
             event(new Verified($user));
         }
+        
+        // Always log the user in, regardless of verification status
+        Auth::login($user);
 
         return redirect()->intended(route('dashboard', absolute: false).'?verified=1');
     }

From 63a7706ef1c31411402994e40603760b54e9cd63 Mon Sep 17 00:00:00 2001
From: Tony Lea <tony@devdojo.com>
Date: Fri, 18 Apr 2025 10:13:57 -0400
Subject: [PATCH 2/2] removing unneccessary comment

---
 app/Http/Controllers/Auth/VerifyEmailController.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/Http/Controllers/Auth/VerifyEmailController.php b/app/Http/Controllers/Auth/VerifyEmailController.php
index 5aab4433..a1207be8 100644
--- a/app/Http/Controllers/Auth/VerifyEmailController.php
+++ b/app/Http/Controllers/Auth/VerifyEmailController.php
@@ -33,8 +33,7 @@ public function __invoke(Request $request, int $id, string $hash): RedirectRespo
             // Fire event when email is verified
             event(new Verified($user));
         }
-        
-        // Always log the user in, regardless of verification status
+
         Auth::login($user);
 
         return redirect()->intended(route('dashboard', absolute: false).'?verified=1');