Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Magic Link Login can be used even if $allowMagicLinkLogins is false #778

Merged
merged 9 commits into from
Aug 12, 2023
Merged

fix: Magic Link Login can be used even if $allowMagicLinkLogins is false #778

merged 9 commits into from
Aug 12, 2023

Conversation

datamweb
Copy link
Collaborator

@datamweb datamweb commented Aug 9, 2023
edited
Loading

fixed: #777

@datamweb datamweb added the bug Something isn't working label Aug 9, 2023
@datamweb datamweb mentioned this pull request Aug 9, 2023
Closed
@datamweb
Copy link
Collaborator Author

datamweb commented Aug 9, 2023

IMG_20230809_233657

@kenjis
Copy link
Member

kenjis commented Aug 9, 2023

Re-ran failed jobs.

@datamweb datamweb requested a review from kenjis August 9, 2023 21:59
@kenjis
Copy link
Member

kenjis commented Aug 10, 2023

We have three action methods.

$ php spark routes | grep MagicLinkController
| GET    | login/magic-link        | magic-link         | \CodeIgniter\Shield\Controllers\MagicLinkController::loginView     |                | toolbar       |
| GET    | login/verify-magic-link | verify-magic-link  | \CodeIgniter\Shield\Controllers\MagicLinkController::verify        |                | toolbar       |
| POST   | login/magic-link        | »                  | \CodeIgniter\Shield\Controllers\MagicLinkController::loginAction   |                | toolbar       |

Can you add the if statement to verify() just in case?

kenjis
kenjis reviewed Aug 10, 2023
View reviewed changes
src/Language/ja/Auth.php Outdated Show resolved Hide resolved
@datamweb
Copy link
Collaborator Author

Can you add the if statement to verify() just in case?

Honestly, I thought about this, isn't it better to have a private function?

    private function checkAllowMagicLink( ): RedirectResponse
   { 
        // Check if magic-link is not allowed
        if (!setting('Auth.allowMagicLinkLogins')) {
            return redirect()->route('login')->with('error', lang('Auth.magicLinkDisabled'));
        }
   }

@kenjis
Copy link
Member

kenjis commented Aug 10, 2023

The three if statements are the exactly the same and the same meaning.
So it is better not to repeat them.

@datamweb datamweb mentioned this pull request Aug 11, 2023
Merged
@kenjis kenjis changed the title fix: check allow magiclink logins fix: Magic Link Login can be used even if $allowMagicLinkLogins is false Aug 11, 2023
kenjis
kenjis reviewed Aug 11, 2023
View reviewed changes
src/Controllers/MagicLinkController.php Outdated
@@ -50,6 +50,8 @@ public function __construct()
*/
public function loginView()
{
$this->displayErrorMagicLinkDisabled();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RedirectResponse must be returned from this method if allowMagicLinkLogins is false.

@datamweb
Copy link
Collaborator Author

@kenjis, method verify(): RedirectResponse uses native return type , using a private method causes breaking change. Is it worth it?
Or am I missing something?

@kenjis
Copy link
Member

kenjis commented Aug 12, 2023

using a private method causes breaking change.

No, it is not a breaking change.

But this PR works, so I merge for now.

@kenjis kenjis merged commit 636684a into codeigniter4:develop Aug 12, 2023
29 checks passed
@datamweb datamweb deleted the fix-allowMagicLinkLogins branch August 12, 2023 05:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kenjis kenjis kenjis approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bug: controller run even if $allowMagicLinkLogins is false
2 participants
@datamweb @kenjis