Skip to content

fix: prevent email change lockout via Filament email change verification#187

Merged
ManukMinasyan merged 5 commits intomainfrom
fix/email-change-lockout
Mar 18, 2026
Merged

fix: prevent email change lockout via Filament email change verification#187
ManukMinasyan merged 5 commits intomainfrom
fix/email-change-lockout

Conversation

@ManukMinasyan
Copy link
Copy Markdown
Contributor

@ManukMinasyan ManukMinasyan commented Mar 18, 2026

Summary

  • Enables Filament's built-in emailChangeVerification() on the app panel
  • Integrates the verification flow into the custom UpdateProfileInformation Livewire component
  • When a user changes their email, the new address receives a verification link and the old address receives a notice with a block link
  • The email in the database is not changed until the verification link is clicked
  • email_verified_at stays intact throughout -- no lockout

Problem

When a user changed their email to an address they didn't own (typo, wrong address), the previous flow immediately overwrote email and set email_verified_at = null. Filament's emailVerification() middleware then locked them out of the panel, with no way to access the profile page to revert the change.

Changes

  • AppPanelProvider: Added ->emailChangeVerification() to panel config
  • UpdateProfileInformation: Added handleEmailChangeVerification() that intercepts email changes, sends verification/notice notifications via Filament's built-in flow, and resets the form email to the current value so the Fortify action never triggers the dangerous immediate overwrite
  • Tests: Updated existing profile tests and added 5 new tests covering the verification flow (email not changed, verification sent, notice sent, same-email no-op, form reset)

Test plan

  • All 35 profile tests pass
  • Pint clean
  • Browser tested: changed email on profile page, email field reverted to original, DB email unchanged, email_verified_at intact, user not locked out

@ManukMinasyan
fix: prevent email change lockout by using Filament's email change ve…
5d1973a 
…rification

When users changed their email to an address they didn't own, the old flow
immediately overwrote the email and nulled email_verified_at, locking them
out of the panel with no way to revert.

Now email changes go through Filament's built-in verification flow:
- Email is NOT changed in the database until verified
- Verification link sent to the new email address (1hr TTL)
- Notice with block link sent to the old email address
- User stays fully functional with their original email throughout
Copilot AI review requested due to automatic review settings March 18, 2026 16:15
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses Filament panel lockouts caused by immediate email overwrites by enabling Filament’s email-change verification flow and integrating it into the custom profile update Livewire component, ensuring users.email and email_verified_at remain unchanged until verification completes.

Changes:

  • Enabled emailChangeVerification() on the Filament app panel.
  • Added interception logic in UpdateProfileInformation to trigger Filament’s email-change verification notifications and prevent immediate DB email updates.
  • Expanded/adjusted profile feature tests to cover the email-change verification flow and avoid lockout regressions.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File Description
app/Providers/Filament/AppPanelProvider.php Enables Filament email-change verification for the app panel.
app/Livewire/App/Profile/UpdateProfileInformation.php Intercepts email edits to route through verification flow and keeps persisted email intact.
tests/Feature/Profile/UpdateUserProfileInformationTest.php Updates existing tests and adds new cases for email-change verification behavior.

@ManukMinasyan
refactor: fix double notification bug and improve email change verifi…
ac80a6c 
…cation

- Return early after email change verification instead of falling through
  to sendNotification(), which caused two stacked toast notifications
- Add locale preference support matching Filament's built-in behavior
- Rename method to sendEmailChangeVerification for clarity
- Extract repeated user setup in email change verification tests
@ManukMinasyan
chore: use resolve() instead of app() per Rector rules
7bb81dc
@ManukMinasyan
fix: remove HasLocalePreference check that PHPStan flags as always false
bda379a 
The User model doesn't implement HasLocalePreference, so the instanceof
check was dead code causing a PHPStan error in CI.
@ManukMinasyan
fix: save non-email fields when email change is deferred
02b203f 
Match Filament's core approach: strip email from data and continue saving
other fields (name, photo) instead of early-returning. Also address Copilot
review feedback: add email assertion to photo test and on-demand notification
assertion to same-email test.
@ManukMinasyan ManukMinasyan merged commit e1e5216 into main Mar 18, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ManukMinasyan