Email Verification
Email verification is an essential security feature in Peak that ensures the authenticity of user accounts and protects your platform from spam and fraudulent registrations.
Peak builds on Laravel Jetstream and Fortify to provide email verification out of the box, while also giving you full control over enabling or disabling it via the admin interface.
Enabling / Disabling Email Verification
To toggle email verification:
Admin Panel → Settings → Security → Email Verification
- Enabled: Users must verify their email address before accessing certain features or protected routes.
- Disabled: Users can proceed without verifying their email address.
Email Configuration Required
Before using email verification, you must ensure that your application is properly configured to send emails.
Configure email settings via:
Admin Panel → Settings → Mail
If your email service is not set up, verification links cannot be sent, and users will not receive the necessary instructions to activate their accounts.
Verification Flow
Once enabled:
- After registration, users are redirected to a screen prompting them to verify their email address.
- A verification email is automatically sent to the user's registered email.
- The user must click the secure link in the email to verify their address.
- Upon successful verification, users are redirected back to the application.
Resending Verification Emails
If a user does not receive the email or the link expires, they can request a new one from the verification screen by clicking: "Resend Verification Email"
This is handled securely and throttled to prevent abuse.
Protecting Routes
To restrict access to routes until email is verified, apply the built-in verified middleware in your routes/web.php:
Route::middleware(['auth', 'verified'])->group(function () {
Route::get('/dashboard', function () {
return view('dashboard');
});
});
Customizing the Verification Screen
To update the frontend experience, edit the following Vue component:
resources/js/Themes/Breeze/Auth/VerifyEmail.vue
You can:
- Modify the layout or messaging
- Adjust styles and branding
- Integrate custom links or support prompts
After editing, recompile your assets with:
npm run dev
or for production:
npm run build
Summary
- Email verification is optional but highly recommended for security and trust.
- It can be toggled in the admin settings.
- Requires mail settings to be correctly configured.
- Protect sensitive routes with verified middleware.
- Customize the verification screen through Vue components.
For best results, ensure both the Mail and Email Verification settings are enabled during onboarding and user registration workflows.