Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Magic Link Login can be used even if $allowMagicLinkLogins is false #778

Merged
merged 9 commits into from
Aug 12, 2023

Conversation

datamweb
Copy link
Collaborator

@datamweb datamweb commented Aug 9, 2023

fixed: #777

@datamweb datamweb added the bug Something isn't working label Aug 9, 2023
@datamweb
Copy link
Collaborator Author

datamweb commented Aug 9, 2023

IMG_20230809_233657

@kenjis
Copy link
Member

kenjis commented Aug 9, 2023

Re-ran failed jobs.

@datamweb datamweb requested a review from kenjis August 9, 2023 21:59
@kenjis
Copy link
Member

kenjis commented Aug 10, 2023

We have three action methods.

$ php spark routes | grep MagicLinkController
| GET    | login/magic-link        | magic-link         | \CodeIgniter\Shield\Controllers\MagicLinkController::loginView     |                | toolbar       |
| GET    | login/verify-magic-link | verify-magic-link  | \CodeIgniter\Shield\Controllers\MagicLinkController::verify        |                | toolbar       |
| POST   | login/magic-link        | »                  | \CodeIgniter\Shield\Controllers\MagicLinkController::loginAction   |                | toolbar       |

Can you add the if statement to verify() just in case?

src/Language/ja/Auth.php Outdated Show resolved Hide resolved
@datamweb
Copy link
Collaborator Author

Can you add the if statement to verify() just in case?

Honestly, I thought about this, isn't it better to have a private function?

    private function checkAllowMagicLink( ): RedirectResponse
   { 
        // Check if magic-link is not allowed
        if (!setting('Auth.allowMagicLinkLogins')) {
            return redirect()->route('login')->with('error', lang('Auth.magicLinkDisabled'));
        }
   }

@kenjis
Copy link
Member

kenjis commented Aug 10, 2023

The three if statements are the exactly the same and the same meaning.
So it is better not to repeat them.

@kenjis kenjis changed the title fix: check allow magiclink logins fix: Magic Link Login can be used even if $allowMagicLinkLogins is false Aug 11, 2023
@datamweb datamweb force-pushed the fix-allowMagicLinkLogins branch from 75a3562 to 6d56e46 Compare August 11, 2023 04:05
@@ -50,6 +50,8 @@ public function __construct()
*/
public function loginView()
{
$this->displayErrorMagicLinkDisabled();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RedirectResponse must be returned from this method if allowMagicLinkLogins is false.

@datamweb
Copy link
Collaborator Author

@kenjis, method verify(): RedirectResponse uses native return type , using a private method causes breaking change. Is it worth it?
Or am I missing something?

@kenjis
Copy link
Member

kenjis commented Aug 12, 2023

using a private method causes breaking change.

No, it is not a breaking change.

But this PR works, so I merge for now.

@kenjis kenjis merged commit 636684a into codeigniter4:develop Aug 12, 2023
@datamweb datamweb deleted the fix-allowMagicLinkLogins branch August 12, 2023 05:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Bug: controller run even if $allowMagicLinkLogins is false
2 participants