Skip to content
Advertisement

Laravel protecting routes with verified middleware not working

I’ve implemented Laravel-5.8 email verification following this tutorial: https://laravel.com/docs/5.8/verification. I’m trying to protect few routes from email unverified users as like below:

Route::group(['middleware' => ['verified']], function () {
    Route::get('/dashboard', 'DashboardController@dashboard')->name('dashboard');
    Route::get('/backend', 'DashboardController@backend')->name('backend');
});

But I can access to dashboard without verifying my email address.

How can I prevent this access without verifying email?

Advertisement

Answer

This is generally a pretty simple thing to get up and running, you may have a small mistake in your application somewhere, so here’s a checklist to quickly go over.

  1. Does the user you’re testing have a null email_verified_at field in the database?

  2. Have you added implements MustVerifyEmail within the user model?

class User extends Authenticatable implements MustVerifyEmail

  1. Did you set verify to true in your routes/web.php?

Auth::routes(['verify' => true]);

You’ve added the middleware properly to the routes, so that isn’t the issue.

Other than that we don’t have much information to go off.

User contributions licensed under: CC BY-SA
2 People found this is helpful
Advertisement