Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: Unnamed Auth routes returns an error when inside a route group #577

Merged
merged 21 commits into from
Jan 10, 2023

Conversation

sammyskills
Copy link
Contributor

@sammyskills sammyskills commented Jan 1, 2023

In situations when a developer decides to put the routes in a group like so:

$routes->group('accounts', static function($routes) {
    service('auth')->routes($routes);
});

Calls to route_to('login') and route_to('register') will return an error because there isn't any named route for that.

By explicitly setting named routes for each of the auth routes, the routing works well whether in groups or not.

@lonnieezell
Copy link
Member

I think this should be fine. @codeigniter4/core-team can you think of any reason this might be problematic?

Copy link
Member

@MGatner MGatner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! Those should've been named routes to begin with.

Copy link
Member

@kenjis kenjis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine.

Copy link
Collaborator

@datamweb datamweb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, thanks for PR.
If you use the following code.

$routes->group('accounts', static function($routes) {
    service('auth')->routes($routes);
});

The logout path is not recognized because it is set to login by default.

'logout' => 'login',

So I expect you to consider this or at least add some explanation in the documentation.

@datamweb datamweb added the enhancement New feature or request label Jan 2, 2023
@sammyskills
Copy link
Contributor Author

Not sure I understand clearly what you mean.

What you pointed out is the logout redirect, which by default, redirects to the login page. This PR fixes issues that may arise when the auth route is placed inside a group.

If we are also considering the login/register/logout redirects, then I think using route_to() should fix that.

Is this what you mean @datamweb ?

@datamweb
Copy link
Collaborator

datamweb commented Jan 2, 2023

what you mean

Step1: add

$routes->group('accounts', static function($routes) {
    service('auth')->routes($routes);
});

to file app/Config/Routes.php.

Step2: login with http://localhost:8080/accounts/login.
Step3: is to logout with route http://localhost:8080/accounts/logout.

what will happen? 404 error(404 - File Not Found
Can't find a route for 'get: login'.). Because by default the after logout path is set to http://localhost:8080/login NOT http://localhost:8080/accounts/login.

Now if you change the 'logout' => 'accounts/login'. It will not be a problem.

'logout' => 'login',

So my point is that it should be explained that the grouping affects the exit performance of the user should know how to fix this issue or use as.

@kenjis
Copy link
Member

kenjis commented Jan 3, 2023

As @datamweb says, it seems 404 error will be reported.
The setting is URL (path), not a route name.

* Redirect urLs
* --------------------------------------------------------------------
* The default URL that a user will be redirected to after
* various auth actions. If you need more flexibility you can
* override the `getUrl()` method to apply any logic you may need.
*/
public array $redirects = [
'register' => '/',
'login' => '/',
'logout' => 'login',
];

But the issue is not related to this PR?
If a dev changes the URL of login, it is no wonder s/he needs to change the setting.

@datamweb
Copy link
Collaborator

datamweb commented Jan 3, 2023

The setting is URL (path), not a route name.

Yes, exactly that.

But the issue is not related to this PR?

Well, if you think this is not related to PR, go ahead. merge.

@sammyskills
Copy link
Contributor Author

sammyskills commented Jan 3, 2023

Now I understand your concern @datamweb.

Can we change the $redirects setting to a route name (at least for the logout) instead of just a path? I think this will fix the issue for both the grouped and ungrouped cases.

What do you think @kenjis @MGatner @lonnieezell ?

@kenjis
Copy link
Member

kenjis commented Jan 3, 2023

Can we change the $redirects setting to a route name (at least for the logout) instead of just a path? I think this will fix the issue for both the grouped and ungrouped cases.

We cannot change it easily. Because it is a URL (path), not a route name.
If we change it, it is a breaking change.

The value will be passed to site_url():

shield/src/Config/Auth.php

Lines 375 to 380 in 3fede09

protected function getUrl(string $url): string
{
return strpos($url, 'http') === 0
? $url
: rtrim(site_url($url), '/ ');
}

@kenjis
Copy link
Member

kenjis commented Jan 4, 2023

Shield is now in beta releases. So we could introduce breaking changes.

When we are using named routes in Shield,
it is better to use named routes in all places including the $redirects values.

So it seems better to change the $redirects values to:

  1. a URL if it begins with http. E.g. http://example.com/logout
  2. a named route if there is the named route. E.g. logout
  3. a route (URI path). E.g. logout

We can do that if we change getUrl(), and almost all existing system won't break even if it is not updated.

@kenjis
Copy link
Member

kenjis commented Jan 4, 2023

can you think of any reason this might be problematic?

If a site has more than one login URL (e.g. login and admin/login) and
the admin/login has the route name login, this PR will break the system.
The same goes with logout and register.

But there is probably no such site, so this change will not a problem.

@datamweb
Copy link
Collaborator

datamweb commented Jan 4, 2023

If a site has more than one login URL (e.g. login and admin/login) and the admin/login has the route name login, this PR will break the system.

That was interesting. I had not thought about this position.
This is an example from Joomla. Admin and user login section.

joomla

But there is probably no such site, so this change will not a problem.

However, I agree with this.

src/Config/Auth.php Outdated Show resolved Hide resolved
src/Config/Auth.php Outdated Show resolved Hide resolved
src/Config/Auth.php Outdated Show resolved Hide resolved
src/Config/Auth.php Outdated Show resolved Hide resolved
src/Config/Auth.php Outdated Show resolved Hide resolved
Copy link
Collaborator

@datamweb datamweb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for being with us.

We all strive to make Shield better.

Copy link
Collaborator

@datamweb datamweb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@kenjis
Copy link
Member

kenjis commented Jan 7, 2023

Sorry, I meant please update the explanation. Because it will be not only URL, but also named route.

* --------------------------------------------------------------------
* Redirect URLs
* --------------------------------------------------------------------
* The default URL that a user will be redirected to after
* various auth actions. If you need more flexibility you can
* override the `getUrl()` method to apply any logic you may need.

@sammyskills
Copy link
Contributor Author

Is this really necessary?

I'm asking because no change was done to the $redirects.

@kenjis
Copy link
Member

kenjis commented Jan 7, 2023

while a logout action will redirect to /login.
https://github.com/codeigniter4/shield/blob/develop/docs/customization.md#custom-redirect-urls

This description also needs to be updated.

@sammyskills
Copy link
Contributor Author

Oh, I get the point now, thank you.

@kenjis
Copy link
Member

kenjis commented Jan 7, 2023

Is this really necessary?

In the default state, the route login's path is login . There is no difference between the route name and path.
However, the meaning of the value login is the route name.

So it would be better to have an explanation that if the route name is set, it is the route name.

src/Config/Auth.php Outdated Show resolved Hide resolved
docs/customization.md Outdated Show resolved Hide resolved
Copy link
Member

@kenjis kenjis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

src/Config/Auth.php Outdated Show resolved Hide resolved
Co-authored-by: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>
Copy link
Collaborator

@datamweb datamweb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awaiting approval from lonnieezell.

@kenjis
Copy link
Member

kenjis commented Jan 9, 2023

@lonnieezell Can you review?
If you don't have time, we will merge this.

@lonnieezell
Copy link
Member

Approved

@kenjis kenjis merged commit 084bb14 into codeigniter4:develop Jan 10, 2023
@sammyskills sammyskills deleted the fix/update-named-routes branch January 10, 2023 05:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants