Hi,
Followed the instructions through Handling successful requests and got a nice email.
When I clicked the Set initial password button I got a un-styled password reset screen.
when I added a password 2x and pressed Save password and login I got
419 | PAGE EXPIRED
the password was not set

user field welcome_valid_until has a valid entry
link: api/welcome/25?expires=1654789412&signature=real-token-here

How is the page expired?
How to fix this

With PHP 8.0 Released it would be great to update this to support that.

I’m working on a new project using this package, and I’m extending the WelcomeController to include verifying a Google 2FA code in the showWelcomeForm controller.

I noticed you’re using bcrypt to hash passwords on this line instead of the Hash::make facade and am curious:

1. Why you used that instead of the facade?
2. If I change my hash driver, will it break or require me to change to match my hash driver?

Thanks!

Directory database/migrations not exists.

ls vendor/spatie/laravel-welcome-notification
CHANGELOG.md composer.json CONTRIBUTING.md LICENSE.md README.md resources src

Originally posted by @goszowski in #7 (comment)

I found the solution.
I tried to install this package but it shows this error

[InvalidArgumentException]
Package spatie/laravel-welcome-notification at version has a PHP requirement incompatible with your PHP version (7.2.5)

Please help me with what the problem is.
Thanks

Hello, I've used this package with Laravel 8, and it worked a treat! Now I am working on a new project on Laravel 9 and whatever I do I can't get it to work.

Php Version: 8.1.6
Laravel Version: 9.19.0

This is the error message I receive:
Attempt to read property "welcome_valid_until" on string

Looking deeper, it looks like the request in the WelcomesNewUsers doesn't pass a user object and just the id integer. But im unsure if I'm looking in the right place.

Has anyone faced this issue? Or know a solution?

Hi,
ive been trying to install this package but im getting:

[InvalidArgumentException]
  Package spatie/laravel-welcome-notification at version  has a PHP requireme
  nt incompatible with your PHP version (7.2.2)

Everything works as expected when creating a new user, until the user sets their password. After the password has been set I receive the following error:

[Call to undefined method Illuminate\Foundation\Auth\User::authentications()](https://dealerlogs.test/welcome/29?expires=1667893109&signature=944d9827a2f00acb40fa218fc3c8d9fda3fe0567e5e59474c122d2bf344158a6#top)

I am using:
PHP: 8.1.8
Laravel: 9.38.0

Any help with this would ne greatly appreciated.

I implemented the spatie package "laravel-welcome-notification" and whenever anyone clicks on the link sent in the email I'm getting the 403 error

THE WELCOME LINK HAS ALREADY BEEN USED.

I did a custom notification, and I think that in the beginning, it did work, and then suddenly, it stopped working.

package not contain migrations

Hi All,
I am using this package in one of my projects and found that it has a security flaw, I can see the URL sent via email has a signature in it. During my testing, I changed the value of that signature and could still set my initial password. Then I checked the code and realized the signature was not being checked/validated anywhere.

So, If I know that someone has been registered by an admin and we know the ID they got, we can set their initial password.

Below is the function responsible for setting the initial password. But it does not validate the signature value.

public function savePassword(Request $request, User $user)
    {
        $request->validate($this->rules());

        $user->password = Hash::make($request->password);
        $user->welcome_valid_until = null;
        $user->save();

        auth()->login($user);

        return $this->sendPasswordSavedResponse();
    }

Publishing didn't work as directed. Both the publishing of the migrations and the views didn't do anything with the supplied commands. I used the more generic one sans --provider to get them though:

$ php artisan vendor:publish --provider='Spatie\WelcomeNotification\WelcomeNotificationServiceProvider' --tag="migrations"

   INFO  Nothing to migrate.  

$ php artisan vendor:publish --provider='Spatie\WelcomeNotification\WelcomeNotificationServiceProvider' --tag="views"

   INFO  No publishable resources for tag [views].  

While this worked:

$ php artisan vendor:publish --tag="migrations"

   INFO  Publishing [migrations] assets.  

  Copying file [vendor/spatie/laravel-welcome-notification/database/migrations/add_welcome_valid_until_field_to_users_table.php.stub] to [database/migrations/2023_03_31_080232_add_welcome_valid_until_field_to_users_table.php]  DONE

$ php artisan vendor:publish --tag="views"

   INFO  Publishing [views] assets.  

  Copying directory [vendor/spatie/laravel-welcome-notification/resources/views] to [resources/views/vendor/welcomeNotification] .............. DONE

Using php 8.1 and laravel 9. Fresh install of laravel-welcome-notification.

I started getting a 404 error when I changed the user route key name to UUID. When debugging I noticed that the user id was still used in the URL, also I found that the package uses the user id directly when generating the user URL in the WelcomeNotification class. I suggest using the getRouteKey method instead.

before:

    protected function initializeNotificationProperties(User $user)
    {
        $this->user = $user;

        $this->user->welcome_valid_until = $this->validUntil;
        $this->user->save();

        $this->showWelcomeFormUrl = URL::temporarySignedRoute(
            'welcome',
            $this->validUntil,
            ['user' => $user->id]
        );
    }

after:

    protected function initializeNotificationProperties(User $user)
    {
        $this->user = $user;

        $this->user->welcome_valid_until = $this->validUntil;
        $this->user->save();

        $this->showWelcomeFormUrl = URL::temporarySignedRoute(
            'welcome',
            $this->validUntil,
            ['user' => $user->getRouteKey()]
        );
    }

Love the package! it's great!

I noticed that you are using laravel's Illuminate\Foundation\Auth\User in your BaseController instead of App\User, and in my case there is some custom configuration i've done to my model that are lost while authenticating the user. For example the keyType is set to string bcz i'm using uuid.

I've had to copy and paste the controller for now, but hope you provide an answer for that soon to go back to using your controller.

I have two models; User and Admin. I'm trying to set the package up for admins to so they get an email to set a password for their account.

I created a WelcomeNewAdmins middleware. How do I get the Admin object in the WelcomesNewAdmins middleware?

Declaration of App\Http\Controllers\Auth\WelcomeController::sendPasswordSavedResponse() must be compatible with Spatie\WelcomeNotification\WelcomeController::sendPasswordSavedResponse(): Symfony\Component\HttpFoundation\Response

https://flareapp.io/share/17WEXJmX#F1

I currently have an event listener listening to the Illuminate\Auth\Events\Login event. After after a successful password save the package tries to authenticate the user manually into the app. For some reason the Listener doesn't have access to the user that was just authenticated. Is there a way to easily fix this?

Hi,

When can we expect PHP8 support?

Thanks.