Home > database >  How does Laravel interally create certain parts of the verification email?
How does Laravel interally create certain parts of the verification email?

Time:01-13

When creating a verification email with Laravel this is how the link can end up looking:

.../verify/1/3f4f10efdbac36ec6892bb3572ac6683ff663ad8?expires=1641580767&signature=babf2d50deb610a551d0477132193abb595d8664b56a9074c38f5b3789933ad

  1. After the "verify/1/" there seems to be some hash of length 40.
  2. The last query parameter "signature" has a hash of length 60.

My questions are: How are these hashes created? Which hash function is used and what is the input string? Also what is the purpose of those parts?

CodePudding user response:

1- The first part after the verify/1/ is the sha1 of the registered user email. We use this to make sure we validate the same email we have in the db and the one the user registered with.

2- The last part of the url is a sha256 signature to make sure the url is not altered by a malicious user. Any modification to the url will make the signature fails. Note that the signature is checked with the Laravel Signed middleware

So it is basically security measures to prevent malicious user.
For more informations:
The generated link will be in the notification class here: src/Illuminate/Auth/Notifications/VerifyEmail.php

Once the user clicked the link, it will be processed and checked in the file below: vendor/laravel/ui/auth-backend/VerifiesEmails.php

Page link:https//www.codepudding.com/database/261073.html

Prev:query builder spatie laravel sort pricr by low and high
Next:Laravel migration failing with foreign keys
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding