Bug: Use login and verify magic link excluding the other links from being loaded

[Elvis254]

PHP Version

8.2.0

CodeIgniter4 Version

4.5.1

Shield Version

1.1.1

Which operating systems have you tested for this bug?

Windows

Which server did you use?

apache

Database

MariaDB 10.2

Did you customize Shield?

I customized the UserModel class to include a function to generate a full name of a user from their first and last name before insert and before update. I also customized the User entity class to include two functions to set the first and last name of a user after cleaning the string input and performing formatting on it like capitalization.

What happened?

I would like to use the login and verify magic login links only without using any of the other links. When I write the code as shown the links are still available meaning someone can be able to load the page specified. service('auth')->routes($routes, ['except' => ['register', 'login/magic-link', 'auth/a/show', 'auth/a/handle', 'auth/a/verify']]); I don't want the links in the except key to be available when a person tries to load them they should be redirected to the 404 page.

Steps to Reproduce

Find a way to disable the loading of unwanted links. For example, add a new key exclude so I can be able to list the links I don't want a user to load on the browser. The register link can be disabled by setting $allowRegistration = false; which redirects a user to the 404 page.

Expected Output

A 404 page should be shown to a user if they try to load the excluded links.

Anything else?

No response

[kenjis]

I don't get what you say. Is this a feature request instead of a bug report?

If it is a bug, what is the exact issue? And please show what happened to you exactly.

Also, can you show the steps to reproduce your issue? I cannot follow the steps.

Steps to Reproduce Find a way to disable the loading of unwanted links. For example, add a new key exclude so I can be able to list the links I don't want a user to load on the browser. The register link can be disabled by setting $allowRegistration = false; which redirects a user to the 404 page.

[Elvis254]

It's a feature request. Because using this method service('auth')->routes($routes, ['except' => ['register', 'login/magic-link', 'auth/a/show', 'auth/a/handle', 'auth/a/verify']]); to exclude the indicated links is quite slower other than using a method like $allowRegistration = false; which is more faster because you don't have to create a controller and redirect all unwanted links to the 404 page as shown $routes->get('login/magic-link', '\App\Controllers\ErrorController::show404') quoted from the documentation.

[kenjis]

Please post in https://github.com/codeigniter4/shield/discussions/categories/ideas

We use GitHub Issues to track bugs and planned work.

[kenjis]

@Elvis254 I still am not able to understand what you say.

because you don't have to create a controller and redirect all unwanted links to the 404 page as shown $routes->get('login/magic-link', '\App\Controllers\ErrorController::show404') quoted from the documentation.

I don't understand why you need to create such a 404 controller/method.

[Elvis254]

@kenjis I had travelled to Tanzania on a business trip sorry for the delayed commenting.

There are cases when someone doesn't need the email verification, magic login, register and second factor authentication view links. For example, in my system only the login and verify magic login hash links are required. This is because the administrator is responsible for adding users to the system. Once they are added to the system the user is given a username and password set on their account. If a user forgets their password the administrator generates a magic login hash and it gets sent to their email address which they afterwards use it to log into their account using the provided verify magic login hash link. So what I do need is to find a way to disable the email verification, magic login, register and second factor authentication view links because when you leave them there and a malicious person finds out you have used shield they can easily navigate to the view if its not disabled.