Merge pull request #503 from kenjis/fix-pending-registration-magic-link-error

kenjis · web-flow · commit 32eb7e75b32e · 2022-11-08T10:22:44.000+09:00
fix: Error exception occurs when user with pending activation tries magic-link login
diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
@@ -407,9 +407,28 @@ private function checkUserState(): void
 
     /**
      * Has Auth Action?
+     *
+     * @param int|string|null $userId Provide user id only when checking a
+     *                                not-logged-in user
+     *                                (e.g. user who tries magic-link login)
      */
-    public function hasAction(): bool
+    public function hasAction($userId = null): bool
     {
+        // Check not-logged-in user
+        if ($userId !== null) {
+            $user = $this->provider->findById($userId);
+
+            // Check identities for actions
+            if ($this->getIdentitiesForAction($user) !== []) {
+                // Make pending login state
+                $this->user = $user;
+                $this->setSessionKey('id', $user->id);
+                $this->setAuthAction();
+
+                return true;
+            }
+        }
+
         // Check the Session
         if ($this->getSessionKey('auth_action')) {
             return true;
@@ -461,10 +480,10 @@ private function setAuthAction(): bool
      *
      * @return UserIdentity[]
      */
-    private function getIdentitiesForAction(): array
+    private function getIdentitiesForAction(User $user): array
     {
         return $this->userIdentityModel->getIdentitiesByTypes(
-            $this->user,
+            $user,
             $this->getActionTypes()
         );
     }
@@ -693,7 +712,7 @@ public function login(User $user): void
         $this->user = $user;
 
         // Check identities for actions
-        if ($this->getIdentitiesForAction() !== []) {
+        if ($this->getIdentitiesForAction($user) !== []) {
             throw new LogicException(
                 'The user has identities for action, so cannot complete login.'
                 . ' If you want to start to login with auth action, use startLogin() instead.'
diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
@@ -164,6 +164,11 @@ public function verify(): RedirectResponse
         /** @var Session $authenticator */
         $authenticator = auth('session')->getAuthenticator();
 
+        // If an action has been defined
+        if ($authenticator->hasAction($identity->user_id)) {
+            return redirect()->route('auth-action-show')->with('error', lang('Auth.needActivate'));
+        }
+
         // Log the user in
         $authenticator->loginById($identity->user_id);
 
diff --git a/src/Language/de/Auth.php b/src/Language/de/Auth.php
@@ -87,6 +87,7 @@
     'emailActivateSubject'  => 'Ihr Aktivierungscode',
     'emailActivateMailBody' => 'Bitte verwenden Sie den unten stehenden Code, um Ihr Konto zu aktivieren und die Website zu nutzen.',
     'invalidActivateToken'  => 'Der Code war falsch.',
+    'needActivate'          => '(To be translated) You must complete your registration by confirming the code sent to your email address.',
 
     // Groups
     'unknownGroup' => '{0} ist eine ungültige Gruppe.',
diff --git a/src/Language/en/Auth.php b/src/Language/en/Auth.php
@@ -87,6 +87,7 @@
     'emailActivateSubject'  => 'Your activation code',
     'emailActivateMailBody' => 'Please use the code below to activate your account and start using the site.',
     'invalidActivateToken'  => 'The code was incorrect.',
+    'needActivate'          => 'You must complete your registration by confirming the code sent to your email address.',
 
     // Groups
     'unknownGroup' => '{0} is not a valid group.',
diff --git a/src/Language/es/Auth.php b/src/Language/es/Auth.php
@@ -87,6 +87,7 @@
     'emailActivateSubject'  => 'Tu código de activación',
     'emailActivateMailBody' => 'Por favor, usa el código de abajo para activar tu cuenta y empezar a usar el sitio.',
     'invalidActivateToken'  => 'El código no es correcto.',
+    'needActivate'          => '(To be translated) You must complete your registration by confirming the code sent to your email address.',
 
     // Grupos
     'unknownGroup' => '{0} no es un grupo válido.',
diff --git a/src/Language/fa/Auth.php b/src/Language/fa/Auth.php
@@ -96,6 +96,7 @@
     'emailActivateSubject'  => 'کد فعالسازی شما',
     'emailActivateMailBody' => 'لطفا برای فعالسازی حساب کاربری و استفاده از سایت از کد زیر استفاده کنید.',
     'invalidActivateToken'  => 'کد صحیح نمی باشد.',
+    'needActivate'          => 'شما باید با ارائه کد ارسال شده به ایمیلتان، ثبت نام را تکمیل کنید.',
 
     // Groups
     'unknownGroup' => '{0} گروهی معتبر نیست.',
diff --git a/src/Language/fr/Auth.php b/src/Language/fr/Auth.php
@@ -87,6 +87,7 @@
     'emailActivateSubject'  => 'Votre code d\'activation',
     'emailActivateMailBody' => 'Veuillez utiliser le code suivant pour activer votre compte et commencer à utiliser le site.',
     'invalidActivateToken'  => 'Le code était incorrect.',
+    'needActivate'          => 'Complétez votre inscription en confirmant le code envoyé à votre email.',
 
     // Groups
     'unknownGroup' => '{0} n\'est pas un groupe valide.',
diff --git a/src/Language/id/Auth.php b/src/Language/id/Auth.php
@@ -87,6 +87,7 @@
     'emailActivateSubject'  => 'Kode aktivasi Anda',
     'emailActivateMailBody' => 'Silahkan gunakan kode dibawah ini untuk mengaktivasi akun Anda.',
     'invalidActivateToken'  => 'Kode tidak sesuai.',
+    'needActivate'          => '(To be translated) You must complete your registration by confirming the code sent to your email address.',
 
     // Groups
     'unknownGroup' => '{0} bukan grup yang sah.',
diff --git a/src/Language/ja/Auth.php b/src/Language/ja/Auth.php
@@ -87,6 +87,7 @@
     'emailActivateSubject'  => 'アクティベーションコード', // 'Your activation code',
     'emailActivateMailBody' => '以下のコードを使用してアカウントを有効化し、サイトの利用を開始してください。', // 'Please use the code below to activate your account and start using the site.',
     'invalidActivateToken'  => 'コードが間違っています。', // 'The code was incorrect.',
+    'needActivate'          => 'メールアドレスに送信されたコードを確認し、登録を完了する必要があります。', // 'You must complete your registration by confirming the code sent to your email address.',
 
     // Groups
     'unknownGroup' => '{0} は有効なグループではありません。', // '{0} is not a valid group.',
diff --git a/src/Language/sk/Auth.php b/src/Language/sk/Auth.php
@@ -87,6 +87,7 @@
     'emailActivateSubject'  => 'Váš aktivačný kód',
     'emailActivateMailBody' => 'Pomocou nižšie uvedeného kódu aktivujte svoj účet a môžete začať používať stránku.',
     'invalidActivateToken'  => 'Kód bol nesprávny',
+    'needActivate'          => 'Registráciu musíte dokončiť potvrdením kódu zaslaného na vašu e-mailovú adresu.',
 
     // Groups
     'unknownGroup' => '{0} nie je platná skupina.',
diff --git a/tests/Controllers/MagicLinkTest.php b/tests/Controllers/MagicLinkTest.php
@@ -4,6 +4,13 @@
 
 namespace Tests\Controllers;
 
+use CodeIgniter\Config\Factories;
+use CodeIgniter\I18n\Time;
+use CodeIgniter\Shield\Authentication\Actions\EmailActivator;
+use CodeIgniter\Shield\Authentication\Authenticators\Session;
+use CodeIgniter\Shield\Entities\User;
+use CodeIgniter\Shield\Models\UserIdentityModel;
+use CodeIgniter\Shield\Models\UserModel;
 use CodeIgniter\Test\DatabaseTestTrait;
 use CodeIgniter\Test\FeatureTestTrait;
 use Config\Services;
@@ -57,4 +64,54 @@ public function testShowValidateErrorsInMagicLink(): void
 
         $result->assertSessionHas('errors', $expected);
     }
+
+    /**
+     * @see https://github.com/codeigniter4/shield/issues/465
+     */
+    public function testMagicLinkVerifyPendingRegistrationActivation(): void
+    {
+        // Enable Register action (Email Activation)
+        $config                      = config('Auth');
+        $config->actions['register'] = EmailActivator::class;
+        Factories::injectMock('config', 'Auth', $config);
+
+        /** @var User $user */
+        $user = fake(UserModel::class);
+        $user->createEmailIdentity(['email' => 'foo@example.com', 'password' => 'secret123']);
+
+        $identities = model(UserIdentityModel::class);
+
+        // Insert User Identity for Email Activation
+        $identities->insert([
+            'user_id' => $user->id,
+            'type'    => Session::ID_TYPE_EMAIL_ACTIVATE,
+            'secret'  => '123456',
+            'name'    => 'register',
+            'extra'   => lang('Auth.needVerification'),
+        ]);
+        // Insert User Identity for Magic link login
+        $identities->insert([
+            'user_id' => $user->id,
+            'type'    => Session::ID_TYPE_MAGIC_LINK,
+            'secret'  => 'abasdasdf',
+            'expires' => Time::now()->addMinutes(60),
+        ]);
+
+        $result = $this->get(route_to('verify-magic-link') . '?token=abasdasdf');
+
+        $result->assertRedirectTo(route_to('auth-action-show'));
+        $result->assertSessionHas(
+            'error',
+            lang('Auth.needActivate'),
+        );
+        $result->assertSessionHas(
+            'user',
+            [
+                'id'                  => $user->id,
+                'auth_action'         => 'CodeIgniter\Shield\Authentication\Actions\EmailActivator',
+                'auth_action_message' => lang('Auth.needVerification'),
+            ]
+        );
+        $this->assertFalse(auth()->loggedIn());
+    }
 }
