Cannot verify user email in safari

laravel / fortify

Backend controllers and scaffolding for Laravel authentication.

https://laravel.com/docs/fortify

MIT License

1.61k stars 295 forks source link

Cannot verify user email in safari #224

Closed chucklin72 closed 3 years ago

chucklin72 commented 3 years ago

Fortify Version: Latest
Laravel Version: 8.12
PHP Version: 7.4
Database Driver & Version:

Description:

Cannot verify email when developing locally using Safari browser. User is stuck in the look of browser asking to verify. Using Mailhog to click on the verify link. in laravel/fortify/routes.php

    Route::get('/email/verify/{id}/{hash}', [VerifyEmailController::class, '__invoke'])
        ->middleware(['auth', 'signed', 'throttle:6,1'])
        ->name('verification.verify');

auth returns true, signed return true. not a throttling issue.

Works perfectly on chrome.

Steps To Reproduce:

driesvints commented 3 years ago

Hey there,

Can you first please try one of the support channels below? If you can actually identify this as a bug, feel free to report back and I'll gladly help you out and re-open this issue.

Thanks!

lucaros97 commented 3 years ago

Hi @driesvints seems like I get the same problem i found here. I just verified what @chucklin72 said and I get the same error. Email verification it's working in all browser except Safari.

driesvints commented 3 years ago

I can't reproduce this. I used all the steps from above with the same stack and it works just fine for me in Safari.

lostdesign commented 3 years ago

I cannot reproduce this on macOS Big Sur (11.0.1) and Safari (14.0.1).

I am using valet (2.13.19) and docker (Docker version 20.10.2, build 2291f61 / docker-compose version 1.27.4, build 40524192). Demo repo here

Steps that I did:

laravel new foo
cd foo
valet secure foo
composer require laravel/jetstream
docker-compose up -d
php artisan jetstream:install inertia --teams
npm install && npm run dev
php artisan migrate

Then I implemented Verification as per docs aka class User extends Authenticatable implements MustVerifyEmail and enabled in config/fortify.php the Features::emailVerification(),.

Registered a user, caught the mail in mail trap, copied the URL, pasted in safari, hit enter, user logged in and verified.

Laravel v8.28.1 (PHP v7.4.14)
"inertiajs/inertia-laravel": "^0.3.5",
"laravel/framework": "^8.12",
"laravel/jetstream": "^2.2",

Kapture 2021-02-19 at 11 42 18

lucaros97 commented 3 years ago

Seems to be a session/cookie problem. If I was previously logged in with another account and then try to register and verify email the error occurs. Tried to clear my cookies and everything works

chucklin72 commented 3 years ago

I noticed you are using mailtrap. I tried this and found that the problem occurs when I'm using mailhog. Then i had mailhog running in chrome and copy the email link and pasted it safari, voila it works.

I think @lucaros97 is right, this is some weird cookie thing.

haringsrob commented 3 years ago

~~This can be solved by adding the following to your Authenticate middleware:~~

This does not work because after login a new session is generated?

    protected function unauthenticated($request, array $guards)
    {
        $request->session()->put('url.intended', url($request->getRequestUri()));
        parent::unauthenticated($request, $guards);
    }

I think this has something to do with how safari handles cookies.

Steps to reproduce are:

Create an account
Leave tab open
Open link in e-mail (which should open in a new tab) -> login required
Login
Get back to the verification screen

The snippet above just makes sure that after login you are redirected to the page initially requested which is the verify one.