Placement of triggers for EVENT_BEFORE_VERIFY_EMAIL and EVENT_AFTER_VERIFY_EMAIL events

[jamiepittock]

Is there a reason why these two events are triggered where they are, rather than in the verifyEmailForUser() method of the users service or the actionVerifyEmail() method of the users controller?

https://github.com/craftcms/cms/blob/5.x/src/controllers/UsersController.php#L2764

Where they are now, before using them, I have to add a check to see context in which a token is being processed, because it might not be due to email verification.

[brandonkelly]

verifyEmailForUser() doesn’t actually handle email verification; it just updates the user record’s email with the unverifiedEmail value and clears out unverifiedEmail.

There are two routes that actually handle email verification:

• users/set-password – for reset-password emails
• users/verify-email – for activation emails

Each of those actions call UsersController::_processTokenRequset() internally, where token validation (and thus, email address validation) take place. So that’s where the events get fired.

because it might not be due to email verification.

Not sure what you mean by that; in both of the above cases, it’s for verifying that the user does in fact have access to their email address.