Most logical, and clean, is to handle this within the validateLogin method.
LoginController.php(Laravel 6.x)
/** * Validate the user login request. * * @param \Illuminate\Http\Request $request * @return void * * @throws \Illuminate\Validation\ValidationException */protected function validateLogin(Request $request){ // Get the user details from database and check if email is verified. $user = User::where('username', '=', $request->input($this->username()))->first(); if ($user->email_verified_at == NULL) { throw ValidationException::withMessages([$this->username() => __('auth.failed_login_missing_email_verification')]); } // Email is verified, validate input. return $request->validate([ $this->username() => 'required|string','password' => 'required|string', ]);}