search

lonnieezell / myth-auth

One-stop Auth package for CodeIgniter 4
MIT License
637 stars 208 forks source link

Resend activate hash doesn't generate new hash #531

Closed m85eu closed 2 years ago

m85eu commented 2 years ago

Scenario

  1. User isn't active.
  2. Active hash is null.
  3. When user is trying to log in, there's info about resend active hash. After click email is sent however without activate hash (activate hash is still null in database)

There's no problem when user is trying to register - in this case activate hase is generated.

m85eu commented 2 years ago

I managed to fix it however maybe someone has a better solution.

App\Controllers\AuthController.php

/**
     * Resend activation account.
     *
     * @return mixed
     */
    public function resendActivateAccount()
    {
        if ($this->config->requireActivation === null)
        {
            return redirect()->route('login');
        }

        $throttler = service('throttler');

        if ($throttler->check(md5($this->request->getIPAddress()), 2, MINUTE) === false)
        {
            return service('response')->setStatusCode(429)->setBody(lang('Auth.tooManyRequests', [$throttler->getTokentime()]));
        }

        $login = urldecode($this->request->getGet('login'));
        $type = filter_var($login, FILTER_VALIDATE_EMAIL) ? 'email' : 'username';

        $users = model(UserModel::class);

        $user = $users->where($type, $login)
                      ->where('active', 0)
                      ->first();

        if (is_null($user))
        {
            return redirect()->route('login')->with('error', lang('Auth.activationNoUser'));
        }

        $activator = service('activator');

        $user->generateActivateHash();

        if (! $users->save($user))
        {
            return redirect()->back()->withInput()->with('error', $activator->error() ?? lang('Auth.unknownError'));
        }

        $user = $users->where($type, $login)
                      ->where('active', 0)
                      ->first();

        $sent = $activator->send($user);

        if (! $sent)
        {
            return redirect()->back()->withInput()->with('error', $activator->error() ?? lang('Auth.unknownError'));
        }

        // Success!
        return redirect()->route('login')->with('message', lang('Auth.activationSuccess'));
    }
}
manageruz commented 2 years ago

Hi m85eu This package in general assumes two ways to create a new user:

  1. From CLI typing auth:create_user spark command.
  2. Registering new user from register method of your auth controller.

Both ways will create hash value in activate_hash field of users table or activate new user directly if you on your config disabled activation. So i guess you created your user in unusual way , like directly inserting new row to the database from phpmyadmin. So the question is how did you create your user? If you follow the correct way of creating the new user you'll not have this kind of error.

m85eu commented 2 years ago

Correct. I imported users from another database.