Laravel 12 - How to Implement Email Verification.
Laravel 12 - How to Implement Email Verification.
In this tutorial, we will learn how to implement email verification in Laravel 12, secure user accounts, and ensure reliable authentication quickly and easily.
If you're a video person, feel free to skip the post and check out the video instead!
Quick Overview
This guide walks you through setting up email verification in a Laravel 12 application using Fortify and Vue. You’ll start by creating a fresh Laravel project with Vue as the starter kit and Laravel’s built-in authentication, then navigate to the project directory to prepare for development. Next, you’ll enable email verification in the User model by implementing the MustVerifyEmail contract, and protect important routes with the verified middleware so only verified users can access them. The guide also covers setting up Mailtrap for testing emails, updating the .env file with the correct SMTP credentials, and testing the entire verification workflow by registering a new user and confirming their email. By the end, your application will have a fully functional email verification system, ensuring secure and streamlined user registration.
Step # 1 : Create a Fresh Laravel Project.
We’ll begin by creating a brand new Laravel 12 application. If you have the Laravel Installer available globally, you can generate a new project with the following command.
laravel new email-verification
If you don’t have the Installer set up, you can achieve the same result using Composer.
composer create-project laravel/laravel --prefer-dist email-verification
When using Composer, Laravel boots up with a minimal default configuration. If you use the Laravel Installer instead, you’ll be guided through a short interactive setup. Choose the following options when prompted.
- Select Vue as the starter kit to set up a modern frontend that integrates smoothly with Laravel.
- Choose Laravel’s built-in authentication to handle registration, login, and email verification using Laravel’s native features.
- Pick Pest as the testing framework for a simple and expressive testing experience.
- Allow Laravel to run npm install and npm run build so all frontend dependencies are installed and compiled automatically.
Once the setup completes, you’ll have a fresh Laravel 12 application named email-verification, configured with Vue for the frontend, Laravel’s built-in authentication, Pest for testing, and all frontend dependencies ready to go.
Step # 2 : Navigate to the Project Directory.
Next, open your terminal (Git Bash, Command Prompt, or any terminal of your choice) and navigate to the root directory of your Laravel project. If your project is located at c:\xampp\htdocs\email-verification, run the following command.
cd c:xampp/htdocs/email-verification
Once you’re inside the project directory, your terminal is ready to run Artisan commands and manage the Laravel application.
Step # 3 : Enable Email Verification in the User Model.
At this point, email verification is not yet active because the User model does not implement Laravel’s MustVerifyEmail contract. Fortify relies on this contract to determine whether a user should be required to verify their email address. To enable email verification, open the User model located at app/Models/User.php and update it as shown below.
<?php
namespace App\Models;
// Contract required to enable email verification
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Fortify\TwoFactorAuthenticatable;
// Implement MustVerifyEmail to enforce email verification
class User extends Authenticatable implements MustVerifyEmail
{
/** @use HasFactory<\Database\Factories\UserFactory> */
use HasFactory, Notifiable, TwoFactorAuthenticatable;
/**
* The attributes that are mass assignable.
*
* @var list<string>
*/
protected $fillable = [
'name',
'email',
'password',
];
/**
* The attributes that should be hidden for serialization.
*
* @var list<string>
*/
protected $hidden = [
'password',
'two_factor_secret',
'two_factor_recovery_codes',
'remember_token',
];
/**
* Get the attributes that should be cast.
*
* @return array<string, string>
*/
protected function casts(): array
{
return [
'email_verified_at' => 'datetime',
'password' => 'hashed',
'two_factor_confirmed_at' => 'datetime',
];
}
}
By implementing the MustVerifyEmail contract, you are telling Laravel and Fortify that users must verify their email address after registration. Once this is in place, Fortify will automatically send a verification email when a new user signs up, and unverified users will be restricted from accessing routes protected by the verified middleware.
Step # 4 : Protect Routes with Email Verification.
To restrict access to certain parts of the application until a user has verified their email address, you need to apply the verified middleware to those routes. Make sure you already have the following route defined in your web.php file.
Route::get('dashboard', function () {
return Inertia::render('Dashboard');
})->middleware(['auth', 'verified'])->name('dashboard');
This configuration ensures that only users who are both authenticated and have verified their email address can access the dashboard. If an unverified user attempts to visit this route, Laravel will automatically redirect them to the email verification page instead.
Step # 5 : Create a Mailtrap Account.
To safely test email functionality during development, we’ll use Mailtrap, a tool designed for capturing emails without sending them to real inboxes.
- Visit https://mailtrap.io and create a free account.
- After signing up, create a new project for testing purposes.
Once the project is created, open it and keep the SMTP credentials handy, as they will be needed in the next step.
Step # 6: Update the .env File.
Now that your Mailtrap project is ready, you need to configure Laravel to use Mailtrap as its mail provider. Open the .env file in your project root and update the mail configuration with the credentials from your Mailtrap project.
MAIL_MAILER=smtp
MAIL_HOST=sandbox.smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME="Your Mailtrap username"
MAIL_PASSWORD="Your Mailtrap password"
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="codeshotcut@example.com"
MAIL_FROM_NAME="${APP_NAME}"
After replacing the placeholders with your actual Mailtrap credentials, save the file. Laravel will now send all outgoing emails to Mailtrap instead of real email addresses. You can view and inspect these emails directly from the Mailtrap dashboard, allowing you to verify that email delivery works as expected without risking accidental emails to real users.
Step # 7 : Test the Email Verification Process.
Start the Laravel development server by running the following command in your terminal.
php artisan serve
Once the server is running, open your browser and visit: http://127.0.0.1:8000/register. From the registration page, create a new user account.
After completing the registration, you will be redirected to the email verification page, informing you that a verification link has been sent to your email address.
Open your Mailtrap dashboard and you should see the verification email appear in the inbox for your project.
Click the Verify Email Address link inside the email. You will then be redirected back to the application and taken to the dashboard.
At this point, the email address has been successfully verified, and the user can now access all routes protected by the verified middleware. This confirms that the email verification flow is working correctly in your Laravel application.
Conclusion
By following this guide, you’ve successfully implemented email verification in your Laravel 12 application using Fortify and Vue. Users now must confirm their email before accessing protected routes, improving both security and user experience. You also set up Mailtrap for safe email testing, updated the .env file with the correct SMTP credentials, and verified the workflow locally. This ensures a reliable email verification system that streamlines registration, protects sensitive routes, and lays a solid foundation for future authentication features.
For more information and advanced configurations, you can refer to the Laravel documentation on authentication and email verification.
Share this with friends!
To engage in commentary, kindly proceed by logging in or registering
Subscribe to Our Newsletter
Stay ahead of the curve! Join our newsletter to see what everyone’s talking about.
Continue with Google
0 Comments