Closed Elvis254 closed 1 month ago
I don't get what you say. Is this a feature request instead of a bug report?
If it is a bug, what is the exact issue? And please show what happened to you exactly.
Also, can you show the steps to reproduce your issue? I cannot follow the steps.
Steps to Reproduce Find a way to disable the loading of unwanted links. For example, add a new key exclude so I can be able to list the links I don't want a user to load on the browser. The register link can be disabled by setting $allowRegistration = false; which redirects a user to the 404 page.
It's a feature request. Because using this method service('auth')->routes($routes, ['except' => ['register', 'login/magic-link', 'auth/a/show', 'auth/a/handle', 'auth/a/verify']]);
to exclude the indicated links is quite slower other than using a method like $allowRegistration = false;
which is more faster because you don't have to create a controller
and redirect all unwanted links to the 404
page as shown $routes->get('login/magic-link', '\App\Controllers\ErrorController::show404')
quoted from the documentation.
Please post in https://github.com/codeigniter4/shield/discussions/categories/ideas
We use GitHub Issues to track bugs and planned work.
@Elvis254 I still am not able to understand what you say.
because you don't have to create a controller and redirect all unwanted links to the 404 page as shown $routes->get('login/magic-link', '\App\Controllers\ErrorController::show404') quoted from the documentation.
I don't understand why you need to create such a 404 controller/method.
@kenjis I had travelled to Tanzania on a business trip sorry for the delayed commenting.
There are cases when someone doesn't need the email verification, magic login, register and second factor authentication view links. For example, in my system only the login and verify magic login hash links are required. This is because the administrator is responsible for adding users to the system. Once they are added to the system the user is given a username and password set on their account. If a user forgets their password the administrator generates a magic login hash and it gets sent to their email address which they afterwards use it to log into their account using the provided verify magic login hash link. So what I do need is to find a way to disable the email verification, magic login, register and second factor authentication view links because when you leave them there and a malicious person finds out you have used shield they can easily navigate to the view if its not disabled.
PHP Version
8.2.0
CodeIgniter4 Version
4.5.1
Shield Version
1.1.1
Which operating systems have you tested for this bug?
Windows
Which server did you use?
apache
Database
MariaDB 10.2
Did you customize Shield?
I customized the
UserModel
class to include a function to generate a full name of a user from their first and last name before insert and before update. I also customized theUser
entity class to include two functions to set the first and last name of a user after cleaning the string input and performing formatting on it like capitalization.What happened?
I would like to use the login and verify magic login links only without using any of the other links. When I write the code as shown the links are still available meaning someone can be able to load the page specified.
service('auth')->routes($routes, ['except' => ['register', 'login/magic-link', 'auth/a/show', 'auth/a/handle', 'auth/a/verify']]);
I don't want the links in the except key to be available when a person tries to load them they should be redirected to the404
page.Steps to Reproduce
Find a way to disable the loading of unwanted links. For example, add a new key
exclude
so I can be able to list the links I don't want a user to load on the browser. The register link can be disabled by setting$allowRegistration = false;
which redirects a user to the404
page.Expected Output
A
404
page should be shown to a user if they try to load theexcluded
links.Anything else?
No response