frumentius
1 month ago

From where the 'verify()' and 'resend()' function get it's User instance?

Posted 1 month ago by frumentius

I'm in the middle of learning this code:

/vendor/laravel/ui/auth-backend/VerifiesEmails.php

public function verify(Request $request)
    {
        if (! hash_equals((string) $request->route('id'), (string) $request->user()->getKey())) {
            throw new AuthorizationException;
        }

        if (! hash_equals((string) $request->route('hash'), sha1($request->user()->getEmailForVerification()))) {
            throw new AuthorizationException;
        }

        if ($request->user()->hasVerifiedEmail()) {
            return $request->wantsJson()
                        ? new Response('', 204)
                        : redirect($this->redirectPath());
        }

        if ($request->user()->markEmailAsVerified()) {
            event(new Verified($request->user()));
        }

        if ($response = $this->verified($request)) {
            return $response;
        }

        return $request->wantsJson()
                    ? new Response('', 204)
                    : redirect($this->redirectPath())->with('verified', true);
    }

I believe this function will be triggered when user click on the verification link. (Example: https://my-domain.com/email/verify/7/819cb7ec10a2da5171b41362204d36c3cac685ef?expires=1601038607&signature=acf5e2b728372bab2717e9d642dc2d80060e0f4fff3db3a89e59ed9807aa0e8f)

What confuse me is, form where this function's $request get the user() instance?

I Suppose it gets it from the middleware->('auth') in constructor, but it confuses me more, that link does not provide password, how come just a link like above could pass authentication??

(same case for the resend() function)

Please sign in or create an account to participate in this conversation.