Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: Unnamed Auth routes returns an error when inside a route group #577

Merged
merged 21 commits into from
Jan 10, 2023
Merged
Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 2 additions & 7 deletions docs/customization.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,10 @@ $routes->get('login', '\App\Controllers\Auth\LoginController::loginView');
$routes->get('register', '\App\Controllers\Auth\RegisterController::registerView');
```



## Custom Redirect URLs

By default, a successful login or register attempt will all redirect to `/`, while a logout action
will redirect to `/login`. You can change the default URLs used within the `Auth` config file:
will redirect to a [named route](https://codeigniter4.github.io/CodeIgniter4/incoming/routing.html#using-named-routes "See routing docs") `login` or a *URI path* `/login`. You can change the default URLs used within the `Auth` config file:
kenjis marked this conversation as resolved.
Show resolved Hide resolved

```php
public array $redirects = [
Expand Down Expand Up @@ -63,13 +61,10 @@ Shield has the following controllers that can be extended to handle
various parts of the authentication process:

- **ActionController** handles the after-login and after-registration actions, like Two Factor Authentication and Email Verification.

- **LoginController** handles the login process.

- **RegisterController** handles the registration process. Overriding this class allows you to customize the User Provider, the User Entity, and the validation rules.

- **MagicLinkController** handles the "lost password" process that allows a user to login with a link sent to their email. This allows you to
override the message that is displayed to a user to describe what is happening, if you'd like to provide more information than simply swapping out the view used.
override the message that is displayed to a user to describe what is happening, if you'd like to provide more information than simply swapping out the view used.

It is not recommended to copy the entire controller into **app/Controllers** and change its namespace. Instead, you should create a new controller that extends
the existing controller and then only override the methods needed. This allows the other methods to stay up to date with any security
Expand Down
21 changes: 21 additions & 0 deletions docs/install.md
Original file line number Diff line number Diff line change
Expand Up @@ -240,3 +240,24 @@ public $filters = [
]
];
```

> **Note** If you have grouped or changed the default format of the routes, ensure that your code matches the new format(s) in the `App/Config/Filter.php` file.

For example, if you configured your routes like so:

```php
$routes->group('accounts', static function($routes) {
service('auth')->routes($routes);
});
```
Then the global `before` filter for `session` should look like so:

```php
public $globals = [
'before' => [
// ...
'session' => ['except' => ['accounts/login*', 'accounts/register', 'accounts/auth/a/*']]
]
]
```
The same should apply for the Rate Limiting.
42 changes: 35 additions & 7 deletions src/Config/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,17 @@ class Auth extends BaseConfig

/**
* --------------------------------------------------------------------
* Redirect urLs
* Redirect URLs
* --------------------------------------------------------------------
* The default URL that a user will be redirected to after
* various auth actions. If you need more flexibility you can
* override the `getUrl()` method to apply any logic you may need.
* The default URL that a user will be redirected to after various auth
* auth actions. This can be either of the following:
*
* 1. An absolute URL. E.g. http://example.com OR https://example.com
* 2. A named route that can be accessed using route_to() or url_to
sammyskills marked this conversation as resolved.
Show resolved Hide resolved
* 3. A URI path within the application. e.g 'admin', 'login', 'expath'
*
* If you need more flexibility you can override the `getUrl()` method
* to apply any logic you may need.
*/
public array $redirects = [
'register' => '/',
Expand Down Expand Up @@ -372,10 +378,32 @@ public function registerRedirect(): string
return $this->getUrl($url);
}

/**
* Accepts a string which can be an absolute URL or
* a named route or just a URI path, and returns the
* full path.
*
* @param string $url an absolute URL or a named route or just URI path
*/
protected function getUrl(string $url): string
sammyskills marked this conversation as resolved.
Show resolved Hide resolved
{
return strpos($url, 'http') === 0
? $url
: rtrim(site_url($url), '/ ');
// To accommodate all url patterns
$final_url = '';

switch (true) {
case strpos($url, 'http://') === 0 || strpos($url, 'https://') === 0: // URL begins with 'http' or 'https'. E.g. http://example.com
$final_url = $url;
break;

case route_to($url) !== false: // URL is a named-route
$final_url = rtrim(url_to($url), '/ ');
break;

default: // URL is a route (URI path)
$final_url = rtrim(site_url($url), '/ ');
break;
}

return $final_url;
}
}
9 changes: 6 additions & 3 deletions src/Config/AuthRoutes.php
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ class AuthRoutes extends BaseConfig
'get',
'register',
'RegisterController::registerView',
'register', // Route name
],
[
'post',
Expand All @@ -26,6 +27,7 @@ class AuthRoutes extends BaseConfig
'get',
'login',
'LoginController::loginView',
'login', // Route name
],
[
'post',
Expand Down Expand Up @@ -57,26 +59,27 @@ class AuthRoutes extends BaseConfig
'get',
'logout',
'LoginController::logoutAction',
'logout', // Route name
],
],
'auth-actions' => [
[
'get',
'auth/a/show',
'ActionController::show',
'auth-action-show',
'auth-action-show', // Route name
],
[
'post',
'auth/a/handle',
'ActionController::handle',
'auth-action-handle',
'auth-action-handle', // Route name
],
[
'post',
'auth/a/verify',
'ActionController::verify',
'auth-action-verify',
'auth-action-verify', // Route name
],
],
];
Expand Down