Skip to content

fix: Magic Link Login can be used even if $allowMagicLinkLogins is false #778

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Aug 12, 2023
Merged

fix: Magic Link Login can be used even if $allowMagicLinkLogins is false #778

merged 9 commits into from
Aug 12, 2023

Conversation

@datamweb
Copy link
Collaborator

@datamweb datamweb commented Aug 9, 2023
edited
Loading

fixed: #777

@datamweb datamweb added the bug Something isn't working label Aug 9, 2023
@datamweb datamweb mentioned this pull request Aug 9, 2023
Closed
@datamweb
Copy link
Collaborator Author

datamweb commented Aug 9, 2023

IMG_20230809_233657

@kenjis
Copy link
Member

kenjis commented Aug 9, 2023

Re-ran failed jobs.

@datamweb datamweb requested a review from kenjis August 9, 2023 21:59
@kenjis
Copy link
Member

kenjis commented Aug 10, 2023

We have three action methods.

$ php spark routes | grep MagicLinkController
| GET    | login/magic-link        | magic-link         | \CodeIgniter\Shield\Controllers\MagicLinkController::loginView     |                | toolbar       |
| GET    | login/verify-magic-link | verify-magic-link  | \CodeIgniter\Shield\Controllers\MagicLinkController::verify        |                | toolbar       |
| POST   | login/magic-link        | »                  | \CodeIgniter\Shield\Controllers\MagicLinkController::loginAction   |                | toolbar       |

Can you add the if statement to verify() just in case?

kenjis
kenjis reviewed Aug 10, 2023
View reviewed changes
@datamweb
Copy link
Collaborator Author

datamweb commented Aug 10, 2023

Can you add the if statement to verify() just in case?

Honestly, I thought about this, isn't it better to have a private function?

    private function checkAllowMagicLink( ): RedirectResponse
   { 
        // Check if magic-link is not allowed
        if (!setting('Auth.allowMagicLinkLogins')) {
            return redirect()->route('login')->with('error', lang('Auth.magicLinkDisabled'));
        }
   }

@kenjis
Copy link
Member

kenjis commented Aug 10, 2023

The three if statements are the exactly the same and the same meaning.
So it is better not to repeat them.

@datamweb datamweb mentioned this pull request Aug 11, 2023
Merged
@kenjis kenjis changed the title fix: check allow magiclink logins fix: Magic Link Login can be used even if $allowMagicLinkLogins is false Aug 11, 2023
@datamweb datamweb force-pushed the fix-allowMagicLinkLogins branch from 75a3562 to 6d56e46 Compare August 11, 2023 04:05
kenjis
kenjis reviewed Aug 11, 2023
View reviewed changes
src/Controllers/MagicLinkController.php Outdated
*/
public function loginView()
{
$this->displayErrorMagicLinkDisabled();
Copy link
Member

@kenjis kenjis Aug 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RedirectResponse must be returned from this method if allowMagicLinkLogins is false.

@datamweb
Copy link
Collaborator Author

datamweb commented Aug 12, 2023

@kenjis, method verify(): RedirectResponse uses native return type , using a private method causes breaking change. Is it worth it?
Or am I missing something?

@kenjis
Copy link
Member

kenjis commented Aug 12, 2023

using a private method causes breaking change.

No, it is not a breaking change.

But this PR works, so I merge for now.

@kenjis kenjis merged commit 636684a into codeigniter4:develop Aug 12, 2023
@datamweb datamweb deleted the fix-allowMagicLinkLogins branch August 12, 2023 05:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kenjis kenjis kenjis approved these changes

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: controller run even if $allowMagicLinkLogins is false

2 participants

@datamweb @kenjis