feat: verify email
Laravel CI-CD / Tests Unitaires (push) Successful in 22s Details
Laravel CI-CD / Deploy with Kamal (push) Successful in 1m55s Details

This commit is contained in:
Leon Morival 2026-05-20 20:40:23 +02:00
parent 75b2743e75
commit 7892fb9a02
16 changed files with 495 additions and 9 deletions

View File

@ -50,6 +50,7 @@ jobs:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
STRAVA_CLIENT_ID: ${{ secrets.STRAVA_CLIENT_ID }}
STRAVA_CLIENT_SECRET: ${{ secrets.STRAVA_CLIENT_SECRET }}
run: |
set -eu

View File

@ -7,6 +7,7 @@ use App\Http\Requests\RegisterRequest;
use App\Http\Requests\UpdateUserRequest;
use App\Http\Resources\UserResource;
use App\Models\User;
use Illuminate\Auth\Events\Verified;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
@ -14,10 +15,11 @@ use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Storage;
use Illuminate\Support\Str;
use Illuminate\View\View;
class AuthController extends Controller
{
public function register(RegisterRequest $request)
public function register(RegisterRequest $request): JsonResponse
{
$data = $request->validated();
@ -33,9 +35,12 @@ class AuthController extends Controller
'avatar_url' => $avatarPath,
]);
$user->sendEmailVerificationNotification();
$token = $user->createToken('api', ['user'])->plainTextToken;
return response()->json([
'message' => 'Compte créé. Consulte tes emails pour le vérifier.',
'user' => new UserResource($user),
], 201)->cookie('token', $token, 60 * 24 * 30);
}
@ -52,6 +57,12 @@ class AuthController extends Controller
], 401);
}
if (! $user->hasVerifiedEmail()) {
return response()->json([
'message' => 'Vérifie ton adresse email avant de te connecter.',
], 403);
}
$token = $user->createToken('api')->plainTextToken;
return response()->json([
@ -59,6 +70,55 @@ class AuthController extends Controller
])->cookie('token', $token, 60 * 24 * 30);
}
public function verifyEmail(Request $request, string $id, string $hash): JsonResponse|View
{
$user = User::findOrFail($id);
abort_unless(
hash_equals($hash, sha1($user->getEmailForVerification())),
403
);
$alreadyVerified = $user->hasVerifiedEmail();
if (! $alreadyVerified) {
$user->markEmailAsVerified();
event(new Verified($user));
}
if ($request->expectsJson()) {
return response()->json([
'message' => $alreadyVerified
? 'Compte déjà vérifié.'
: 'Compte vérifié avec succès.',
'user' => new UserResource($user->fresh()),
]);
}
return view('auth.email-verified', [
'alreadyVerified' => $alreadyVerified,
'appName' => config('app.name'),
]);
}
public function sendVerificationEmail(Request $request): JsonResponse
{
$user = $request->user();
if ($user->hasVerifiedEmail()) {
return response()->json([
'message' => 'Compte déjà vérifié.',
]);
}
$user->sendEmailVerificationNotification();
return response()->json([
'message' => 'Email de vérification envoyé.',
]);
}
public function logout(): JsonResponse
{
$request = request();

View File

@ -18,6 +18,8 @@ class UserResource extends JsonResource
return [
'name' => $this->name,
'email' => $this->email,
'emailVerified' => $this->hasVerifiedEmail(),
'emailVerifiedAt' => $this->email_verified_at?->toISOString(),
'height' => $this->height,
'avatarUrl' => $this->avatar_url ? asset(Storage::url($this->avatar_url)) : null,
'bio' => $this->bio,

View File

@ -0,0 +1,58 @@
<?php
namespace App\Mail;
use App\Models\User;
use Illuminate\Bus\Queueable;
use Illuminate\Mail\Mailable;
use Illuminate\Mail\Mailables\Content;
use Illuminate\Mail\Mailables\Envelope;
use Illuminate\Queue\SerializesModels;
class VerifyAccount extends Mailable
{
use Queueable, SerializesModels;
/**
* Create a new message instance.
*/
public function __construct(
public User $user,
public string $verificationUrl,
) {}
/**
* Get the message envelope.
*/
public function envelope(): Envelope
{
return new Envelope(
subject: 'Vérifie ton compte Daily Meal',
);
}
/**
* Get the message content definition.
*/
public function content(): Content
{
return new Content(
view: 'emails.verify-account',
with: [
'expiresInMinutes' => (int) config('auth.verification.expire', 60),
'userName' => $this->user->name,
'verificationUrl' => $this->verificationUrl,
],
);
}
/**
* Get the attachments for the message.
*
* @return array<int, \Illuminate\Mail\Mailables\Attachment>
*/
public function attachments(): array
{
return [];
}
}

View File

@ -2,9 +2,9 @@
namespace App\Models;
// use Illuminate\Contracts\Auth\MustVerifyEmail;
use Filament\Models\Contracts\FilamentUser;
use Filament\Panel;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
@ -14,7 +14,7 @@ use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Sanctum\HasApiTokens;
class User extends Authenticatable implements FilamentUser
class User extends Authenticatable implements FilamentUser, MustVerifyEmail
{
/** @use HasFactory<\Database\Factories\UserFactory> */
use HasApiTokens, HasFactory, HasUlids, Notifiable;

View File

@ -3,6 +3,9 @@
namespace App\Providers;
use App\Broadcasting\ExpoPushChannel;
use App\Mail\VerifyAccount;
use App\Models\User;
use Illuminate\Auth\Notifications\VerifyEmail;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Notification;
use Illuminate\Support\Facades\URL;
@ -39,6 +42,11 @@ class AppServiceProvider extends ServiceProvider
Notification::extend('expo', fn ($app) => $app->make(ExpoPushChannel::class));
VerifyEmail::toMailUsing(
fn (User $notifiable, string $verificationUrl): VerifyAccount => (new VerifyAccount($notifiable, $verificationUrl))
->to($notifiable->getEmailForVerification())
);
Gate::define('viewApiDocs', function ($user = null) {
// Option A : Autoriser tout le monde (Attention : la doc sera publique hors local)
return true;

View File

@ -20,6 +20,7 @@
"laravel/tinker": "^2.10.1",
"meilisearch/meilisearch-php": "^1.16",
"predis/predis": "^3.4",
"resend/resend-laravel": "^1.4",
"scalar/laravel": "^0.2.0",
"shuvroroy/filament-spatie-laravel-backup": "^3.3",
"shuvroroy/filament-spatie-laravel-health": "^3.2",

128
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "8883f80d7f60b090149b528c7dab2be3",
"content-hash": "27553433952beb112da135df2ad49a59",
"packages": [
{
"name": "anourvalar/eloquent-serialize",
@ -6196,6 +6196,132 @@
},
"time": "2025-12-14T04:43:48+00:00"
},
{
"name": "resend/resend-laravel",
"version": "v1.4.0",
"source": {
"type": "git",
"url": "https://github.com/resend/resend-laravel.git",
"reference": "6dd5f5ec607404068c5af067fd7f6ba4b659262b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/resend/resend-laravel/zipball/6dd5f5ec607404068c5af067fd7f6ba4b659262b",
"reference": "6dd5f5ec607404068c5af067fd7f6ba4b659262b",
"shasum": ""
},
"require": {
"illuminate/http": "^10.0|^11.0|^12.0|^13.0",
"illuminate/support": "^10.0|^11.0|^12.0|^13.0",
"php": "^8.1",
"resend/resend-php": "^1.0.0",
"symfony/mailer": "^6.2|^7.0|^8.0"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^3.14",
"mockery/mockery": "^1.5",
"orchestra/testbench": "^8.17|^9.0|^10.8|^11.0",
"pestphp/pest": "^1.0|^2.0|^3.7|^4.0"
},
"type": "library",
"extra": {
"laravel": {
"providers": [
"Resend\\Laravel\\ResendServiceProvider"
]
},
"branch-alias": {
"dev-main": "1.x-dev"
}
},
"autoload": {
"psr-4": {
"Resend\\Laravel\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Resend and contributors",
"homepage": "https://github.com/resend/resend-laravel/contributors"
}
],
"description": "Resend for Laravel",
"homepage": "https://resend.com/",
"keywords": [
"api",
"client",
"laravel",
"php",
"resend",
"sdk"
],
"support": {
"issues": "https://github.com/resend/resend-laravel/issues",
"source": "https://github.com/resend/resend-laravel/tree/v1.4.0"
},
"time": "2026-05-06T17:08:44+00:00"
},
{
"name": "resend/resend-php",
"version": "v1.3.0",
"source": {
"type": "git",
"url": "https://github.com/resend/resend-php.git",
"reference": "87d29d98271a0ab1c09cdbee102daa2f9b3419db"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/resend/resend-php/zipball/87d29d98271a0ab1c09cdbee102daa2f9b3419db",
"reference": "87d29d98271a0ab1c09cdbee102daa2f9b3419db",
"shasum": ""
},
"require": {
"guzzlehttp/guzzle": "^7.5",
"php": "^8.1.0"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^3.13",
"mockery/mockery": "^1.6",
"pestphp/pest": "^1.0|^2.0|^3.0|^4.0"
},
"type": "library",
"autoload": {
"files": [
"src/Resend.php"
],
"psr-4": {
"Resend\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Resend and contributors",
"homepage": "https://github.com/resend/resend-php/contributors"
}
],
"description": "Resend PHP library.",
"homepage": "https://resend.com/",
"keywords": [
"api",
"client",
"php",
"resend",
"sdk"
],
"support": {
"issues": "https://github.com/resend/resend-php/issues",
"source": "https://github.com/resend/resend-php/tree/v1.3.0"
},
"time": "2026-04-11T10:48:32+00:00"
},
{
"name": "ryangjchandler/blade-capture-directive",
"version": "v1.1.0",

View File

@ -70,6 +70,9 @@ env:
QUEUE_CONNECTION: redis
SCOUT_DRIVER: meilisearch
MEILISEARCH_HOST: http://bemeal-meilisearch:7700
MAIL_MAILER: resend
MAIL_FROM_ADDRESS: onboarding@resend.dev
MAIL_FROM_NAME: Bowli
secret:
- APP_KEY
- DB_DATABASE

View File

@ -14,7 +14,7 @@ return [
|
*/
'default' => env('MAIL_MAILER', 'log'),
'default' => env('MAIL_MAILER', 'resend'),
/*
|--------------------------------------------------------------------------

View File

@ -0,0 +1,23 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Compte vérifié</title>
</head>
<body style="margin: 0; min-height: 100vh; display: grid; place-items: center; background: #f5efe6; color: #232323; font-family: Arial, sans-serif;">
<main style="width: min(100% - 32px, 520px); background: #ffffff; border-radius: 8px; padding: 32px; box-sizing: border-box;">
<p style="margin: 0 0 8px; color: #426fb3; font-size: 14px; font-weight: 700; text-transform: uppercase;">
{{ $appName }}
</p>
<h1 style="margin: 0 0 16px; color: #000000; font-size: 28px; line-height: 34px;">
{{ $alreadyVerified ? 'Compte déjà vérifié' : 'Compte vérifié' }}
</h1>
<p style="margin: 0; color: #232323; font-size: 16px; line-height: 24px;">
Tu peux maintenant retourner dans lapplication.
</p>
</main>
</body>
</html>

View File

@ -0,0 +1,19 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Vérification requise</title>
</head>
<body style="margin: 0; min-height: 100vh; display: grid; place-items: center; background: #f5efe6; color: #232323; font-family: Arial, sans-serif;">
<main style="width: min(100% - 32px, 520px); background: #ffffff; border-radius: 8px; padding: 32px; box-sizing: border-box;">
<h1 style="margin: 0 0 16px; color: #000000; font-size: 28px; line-height: 34px;">
Vérification requise
</h1>
<p style="margin: 0; color: #232323; font-size: 16px; line-height: 24px;">
Consulte tes emails et clique sur le lien de vérification pour accéder à ton compte.
</p>
</main>
</body>
</html>

View File

@ -0,0 +1,55 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Vérifie ton compte Daily Meal</title>
</head>
<body style="margin: 0; padding: 0; background: #f5efe6; color: #232323; font-family: Arial, sans-serif;">
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="background: #f5efe6; padding: 32px 16px;">
<tr>
<td align="center">
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="max-width: 560px; background: #ffffff; border-radius: 8px; overflow: hidden;">
<tr>
<td style="padding: 32px;">
<p style="margin: 0 0 8px; color: #426fb3; font-size: 14px; font-weight: 700; text-transform: uppercase;">
Daily Meal
</p>
<h1 style="margin: 0 0 16px; color: #000000; font-size: 28px; line-height: 34px;">
Vérifie ton compte
</h1>
<p style="margin: 0 0 16px; color: #232323; font-size: 16px; line-height: 24px;">
Bonjour {{ $userName ?: 'à toi' }},
</p>
<p style="margin: 0 0 24px; color: #232323; font-size: 16px; line-height: 24px;">
Confirme ton adresse email pour activer ton compte et accéder à Daily Meal.
</p>
<table role="presentation" cellpadding="0" cellspacing="0" style="margin: 0 0 24px;">
<tr>
<td style="background: #000000; border-radius: 999px;">
<a href="{{ $verificationUrl }}" style="display: inline-block; padding: 14px 24px; color: #ffffff; font-size: 16px; font-weight: 700; text-decoration: none;">
Vérifier mon compte
</a>
</td>
</tr>
</table>
<p style="margin: 0 0 16px; color: #666666; font-size: 14px; line-height: 22px;">
Ce lien expire dans {{ $expiresInMinutes }} minutes.
</p>
<p style="margin: 0; color: #666666; font-size: 14px; line-height: 22px;">
Si tu nas pas créé de compte Daily Meal, tu peux ignorer cet email.
</p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>

View File

@ -13,10 +13,17 @@ use Illuminate\Support\Facades\Route;
Route::prefix('auth')->group(function (): void {
Route::post('register', [AuthController::class, 'register']);
Route::post('login', [AuthController::class, 'login']);
Route::get('email/verify/{id}/{hash}', [AuthController::class, 'verifyEmail'])
->middleware(['signed', 'throttle:6,1'])
->name('verification.verify');
Route::middleware('auth:sanctum')->group(function (): void {
Route::post('logout', [AuthController::class, 'logout']);
Route::get('me', [AuthController::class, 'me']);
Route::patch('me', [AuthController::class, 'update']);
Route::post('email/verification-notification', [AuthController::class, 'sendVerificationEmail'])
->middleware('throttle:6,1')
->name('verification.send');
Route::patch('me', [AuthController::class, 'update'])->middleware('verified');
Route::delete('me', [AuthController::class, 'destroy']);
});
@ -26,14 +33,14 @@ Route::prefix('auth')->group(function (): void {
Route::get('/health', function () {
return response()->json(['status' => 'ok']);
});
Route::middleware('auth:sanctum')->group(function (): void {
Route::middleware(['auth:sanctum', 'verified'])->group(function (): void {
Route::post('device-tokens', [DeviceTokenController::class, 'store']);
Route::delete('device-tokens', [DeviceTokenController::class, 'destroy']);
Route::get('test-notifs', [DeviceTokenController::class, 'notifs']);
});
// Workouts
Route::middleware('auth:sanctum')->group(function (): void {
Route::middleware(['auth:sanctum', 'verified'])->group(function (): void {
Route::get('workouts', [WorkoutSessionController::class, 'index'])->name('workouts.index');
Route::post('workouts', [WorkoutSessionController::class, 'store'])->name('workouts.store');
Route::get('strava/status', [StravaController::class, 'status'])->name('strava.status');
@ -43,7 +50,7 @@ Route::middleware('auth:sanctum')->group(function (): void {
});
// Meals
Route::middleware('auth:sanctum')->group(function (): void {
Route::middleware(['auth:sanctum', 'verified'])->group(function (): void {
Route::get('meal-posts/stats', [MealPostController::class, 'stats']);
Route::get('meal-posts/calendar', [MealPostController::class, 'calendar']);
Route::post('meal-posts/analyze-image', [MealImageAnalysisController::class, 'store']);

View File

@ -3,4 +3,5 @@
use App\Http\Controllers\StravaController;
use Illuminate\Support\Facades\Route;
Route::view('email/verify', 'auth.verify-email')->name('verification.notice');
Route::get('strava/callback', [StravaController::class, 'redirectToMobileApp'])->name('strava.web-callback');

View File

@ -0,0 +1,122 @@
<?php
use App\Mail\VerifyAccount;
use App\Models\User;
use Illuminate\Auth\Notifications\VerifyEmail;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Notification;
use Illuminate\Support\Facades\URL;
use Laravel\Sanctum\Sanctum;
uses(RefreshDatabase::class);
it('sends a verification email when a user registers', function () {
Notification::fake();
$this->postJson('/api/auth/register', [
'name' => 'Léon',
'email' => 'leon@example.com',
'password' => 'password',
])
->assertCreated()
->assertJsonPath('user.email', 'leon@example.com')
->assertJsonPath('user.emailVerified', false);
$user = User::where('email', 'leon@example.com')->firstOrFail();
expect($user->hasVerifiedEmail())->toBeFalse();
Notification::assertSentTo($user, VerifyEmail::class);
});
it('uses the custom account verification mailable', function () {
$user = User::factory()->unverified()->create();
$mailable = (new VerifyEmail)->toMail($user);
expect($mailable)->toBeInstanceOf(VerifyAccount::class);
$mailable
->assertSeeInHtml('Vérifier mon compte')
->assertSeeInHtml($user->name);
});
it('verifies a user from a signed email link', function () {
$user = User::factory()->unverified()->create();
$url = URL::temporarySignedRoute('verification.verify', now()->addMinutes(60), [
'id' => $user->getKey(),
'hash' => sha1($user->email),
]);
$this->getJson($url)
->assertOk()
->assertJsonPath('message', 'Compte vérifié avec succès.')
->assertJsonPath('user.emailVerified', true);
expect($user->fresh()->hasVerifiedEmail())->toBeTrue();
});
it('rejects signed verification links with an invalid hash', function () {
$user = User::factory()->unverified()->create();
$url = URL::temporarySignedRoute('verification.verify', now()->addMinutes(60), [
'id' => $user->getKey(),
'hash' => sha1('wrong-address@example.com'),
]);
$this->getJson($url)->assertForbidden();
expect($user->fresh()->hasVerifiedEmail())->toBeFalse();
});
it('blocks login for unverified users', function () {
$user = User::factory()->unverified()->create([
'password' => 'password',
]);
$this->postJson('/api/auth/login', [
'email' => $user->email,
'password' => 'password',
])
->assertForbidden()
->assertJsonPath('message', 'Vérifie ton adresse email avant de te connecter.')
->assertCookieMissing('token');
$this->assertDatabaseMissing('personal_access_tokens', [
'tokenable_id' => $user->getKey(),
]);
});
it('allows login for verified users', function () {
$user = User::factory()->create([
'password' => 'password',
]);
$this->postJson('/api/auth/login', [
'email' => $user->email,
'password' => 'password',
])
->assertOk()
->assertJsonPath('user.email', $user->email)
->assertJsonPath('user.emailVerified', true)
->assertCookie('token');
});
it('resends a verification email for an authenticated unverified user', function () {
Notification::fake();
$user = User::factory()->unverified()->create();
Sanctum::actingAs($user);
$this->postJson('/api/auth/email/verification-notification')
->assertOk()
->assertJsonPath('message', 'Email de vérification envoyé.');
Notification::assertSentTo($user, VerifyEmail::class);
});
it('blocks verified routes for unverified users', function () {
$user = User::factory()->unverified()->create();
Sanctum::actingAs($user);
$this->getJson('/api/meal-posts')->assertForbidden();
});