fix: redirect inactive account to auth action page

[sammyskills]

Description
The isActivated() check works for when a register action has been set in the auth config. Currently, if an inactive account tries to log in, the system redirects the user to the login page with the error message:

You must activate your account before logging in.

This begs the question: "How do I activate my account?"

This PR fixes this issue by redirecting the user to the auth action page, where a new token is generated and sent to the user's email.

Checklist:

• Securely signed commits
• [] Component(s) with PHPDoc blocks, only if necessary or adds value
• Unit testing, with >80% coverage
• [] User guide updated
• Conforms to style guide

[kenjis]

@sammyskills I cannot reproduce the situation with develop branch.

If an inactive account tries to log in, the system redirects the user to auth/a/show and I see:

Email Activation

We just sent an email to you with a code to confirm your email address. Copy that code and paste it below.

and I get a email with token.

[sammyskills]

Hi @kenjis,

Yes, you will get the error message and it will be redirected to the auth/a/show page because the inactive account in your case, still has the email_activate identity.

Try this:

• Delete the email_activate identity associated with the user from the auth_identities table and try to login again
  OR
• Set the register action in the app/Config/Auth.php file to null temporarily
  • Register a new account
  • Set the register action back to \CodeIgniter\Shield\Authentication\Actions\EmailActivator::class in the app/Config/Auth.php file
  • Try to login with this account.

Live scenario:

• An application allowed some users to register without email verification
• But later activated email verification in the system.

[kenjis]

@sammyskills "Delete the email_activate identity", this does not seem to happen.
Or it seems a bug in the application, not in Shield.
Why do you delete the identity?

The live scenario could happen. But we already set the user active:

shield/src/Controllers/RegisterController.php

Lines 132 to 133 in 09a7cf3

	// Set the user active
	$user->activate();

[sammyskills]

Ok, fine.

Let's look at it this way.

• You activate the register action
• Register an account
• Verify the token (which activates the account and deletes the email_activate identity)
• Now, deactivate this account $user->deactivate().
• Try to login with this deactivated account.

If you get what I mean, how does a user with a deactivated account "reactivate" their account?

[kenjis]

@sammyskills Okay, I got "You must activate your account before logging in."!

[sammyskills]

Perfect!

Now, how does this user activate/reactivate their account?

[kenjis]

LGTM!

[datamweb]

@sammyskills thank you!