Laravel 9 email verification Invalid Signature

A

9

5

I've read all available solutions, but no chance. It always redirects to the 403 page with message (Invalid Signature).

Here is my route :

Auth::routes(['verify' => true]);

My env file :

APP_NAME='WebApp'
APP_ENV=local
APP_KEY=base64:V4/NjIiHJMalSGiXqCfzDJJVF4BfDwJ8Hnxr1M8I2Lc=
APP_DEBUG=true
APP_URL=http://127.0.0.1:8000

MAIL_MAILER=log
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="[email protected]"
MAIL_FROM_NAME="${APP_NAME}"

But the provided link in log file is always invalid.

I'm using built in artisan sever php artisan serve

Update : This is the link in laravel.log file.

http://127.0.0.1:8000/email/verify/2/52e17b67fd82b0545bb4fbdc5748ed23104133c7?expires=3D1652547054&signature=3De8f38349c57d806fb67170ceee8e7300cbc40d61133e1f70c7929e843401db6a

I have tried php artisan key:generate and php artisan config:cache

The email is being send by laravel itself, I haven't customized anything.

Also I tried to override verify method provided by VerifiesEmails.php trait, but no chance. Here is what I did :

VerificationController.php :

public function verify(Request $request) {
    dd($request->fullUrl());
}

I got suspicious to the url according to some solutions but the url is all fine like above mentioned.

Appellate answered 14/5, 2022 at 15:58 Comment(4)

Can you provide more details ? Like log file, screenshot, error message, your email sending method – Azole 14/5, 2022 at 16:23

When you access the url and get a 403, is the protocol still http or it switched to https ? – Tabshey 10/11, 2022 at 14:36

Note that if you send the email and then run artisan key:generate, it clobbers the existing APP_KEY in .env and subsequent signature checks from links in all emails sent previously will fail. – Sharell 19/2, 2023 at 18:27

I also found the same issues on laravel 11x, after configuring the proxies the issues remains – Xeroderma 14/4 at 14:35

A

9

After struggling 9 hours with this and hitting my head against the wall; finally I found out that the SIGNATURE is fine, but when laravel logs it in laravel.log file, it corrupts the file content and prefixes the SIGNATURE with this 2 characters 3D.

This way everything breaks; I don't know why is this happening.

I won't delete this question in case others face this problem in future.

Appellate answered 14/5, 2022 at 21:28 Comment(4)

hi, currently having same problem, after finding out what is the cause, did you apply any fix that made it work? – Benniebenning 16/2 at 11:24

@Benniebenning - I just stopped using the log file for storing the emails. – Appellate 25/2 at 9:34

I just don't get i it, how is this connected to the log file, would you please explain in detail @HoomanLimouee ? – Xeroderma 14/4 at 15:7

co ask. what is the relationship with the log file – Tutor 24/5 at 16:31

F

29

For anyone still running into this issue try configuring the TrustProxy middleware if you have a similar configuration to the below

Have set URL::forceScheme('https'); in the boot method of AppServiceProvider
Running laravel behind a reverse proxy

To get this working quickly, set the below in TrustProxies.php middleware.

protected $proxies = '*';

For more information on configuring the $proxies setting, check out the official Laravel documentation here

Fluxion answered 3/8, 2022 at 0:43 Comment(6)

ah man i always forget this.... thnaks! – Sterner 7/10, 2022 at 20:22

<3 you man, still has to be done on laravel 10 – Dy 29/8, 2023 at 22:53

Isn't it unsafe, to use protected $proxies = '*';? – Olenolin 14/12, 2023 at 21:6

It is, (hence the To get this working quickly part). As per the documentation, you should set the specific IPs for your load balancer – Fluxion 15/12, 2023 at 9:50

What if you don't have a load balancer and you're working locally. Do we just add 127.0.0.1? – Zwinglian 5/2 at 2:7

For whoever looking at this for Laravel 11, the way to set trustProxies is a little bit different now. Check here: laravel.com/docs/master/requests#configuring-trusted-proxies. Add $middleware->trustProxies(at: '*') in the bootstrap/app.php – Stamata 23/9 at 8:45

A

9

After struggling 9 hours with this and hitting my head against the wall; finally I found out that the SIGNATURE is fine, but when laravel logs it in laravel.log file, it corrupts the file content and prefixes the SIGNATURE with this 2 characters 3D.

This way everything breaks; I don't know why is this happening.

I won't delete this question in case others face this problem in future.

Appellate answered 14/5, 2022 at 21:28 Comment(4)

hi, currently having same problem, after finding out what is the cause, did you apply any fix that made it work? – Benniebenning 16/2 at 11:24

@Benniebenning - I just stopped using the log file for storing the emails. – Appellate 25/2 at 9:34

I just don't get i it, how is this connected to the log file, would you please explain in detail @HoomanLimouee ? – Xeroderma 14/4 at 15:7

co ask. what is the relationship with the log file – Tutor 24/5 at 16:31

C

3

Man, you have just saved me this whole process.

In my case the PhpStorm also added = to the end of every line and 3D was also in expire=

Thank you very much

Caraviello answered 16/6, 2022 at 11:24 Comment(1)

This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review – Ritchie 21/6, 2022 at 14:23

I

1

In my case, my NGINX config was sending altered URLs, which was causing the signature verification to fail. I had copy/pasted from a different PHP site config, which was sending funny URL patterns.

More discussion: https://laracasts.com/discuss/channels/laravel/403-invalid-signature-every-time-i-try-to-verify-email-in-laravel-57

Corrected NGINX config:

location / {
    try_files $uri $uri/ /index.php?$query_string;
}

Inquiline answered 19/2, 2023 at 18:8 Comment(0)

D

1

In my case, the link in my email had & before signature e.g http://localhost:8000/verify-email/1/0715b727e8227138b993293dd9dff7acecc52230?expires=1714590299&signature=f2207ef5f7a946d69a6860efd9fcc3109533ca4907133ee92262e0d3c24034cd

After removing amp;, it worked fine.

Desrochers answered 1/5 at 18:18 Comment(0)

J

0

In my case, I was using Job Batches which have their own table in the database. There was an issue with one of the rows not having run and the exception message did mention BusBatch (something like that). To solve, I simply deleted the record from the database. Prior to noticing this issue, in Horizon, the batches tab would not get passed the loading circle. So if you're working with jobs and batches, this could be a lead.

I never encountered this problem before and seems like it could stem from many other things. Hope this is helpful.

Journalism answered 8/1, 2023 at 13:40 Comment(0)

J

0

In my case i had mistakenly written my site address in APP_URL with http protocol while in Nginx configuration all http requests were redirected to https. so, when i changed

APP_URL=http://example.com

to

APP_URL=https://example.com

my problem was solved.

Jost answered 19/9, 2023 at 8:34 Comment(0)

M

0

As mentioned before, for me editing TrustProxy middleware worked as well. I just want to add that I wasted some time ignoring this solution because I already had this implemented:

protected $proxies = [
    '*'
];

However it indeed only worked once I removed the * from the array:

protected $proxies = '*';

Hope this helps anyone.

Mnemonics answered 9/10, 2023 at 21:54 Comment(0)

C

-1

I had the same case as you, i tried the following and it worked

Find folder app/Http/Controllers/Auth/VerificationController.php

public function __construct()
    {
        $this->middleware('auth');
        // $this->middleware('signed')->only('verify'); // -> change
        $this->middleware('throttle:6,1')->only('verify', 'resend');
    }

I hope it helps you

Cuttler answered 20/1, 2023 at 7:8 Comment(0)

Recommended topics

Hot tags