Merge pull request #577 from sammyskills/fix/update-named-routes

kenjis · web-flow · commit 084bb14456fc · 2023-01-10T09:54:56.000+09:00
Fix: Unnamed Auth routes returns an error when inside a route group
diff --git a/docs/customization.md b/docs/customization.md
@@ -24,12 +24,10 @@ $routes->get('login', '\App\Controllers\Auth\LoginController::loginView');
 $routes->get('register', '\App\Controllers\Auth\RegisterController::registerView');
 ```
 
-
-
 ## Custom Redirect URLs
 
 By default, a successful login or register attempt will all redirect to `/`, while a logout action
-will redirect to `/login`. You can change the default URLs used within the `Auth` config file:
+will redirect to a [named route](https://codeigniter.com/user_guide/incoming/routing.html#using-named-routes "See routing docs") `login` or a *URI path* `/login`. You can change the default URLs used within the `Auth` config file:
 
 ```php
 public array $redirects = [
@@ -63,13 +61,10 @@ Shield has the following controllers that can be extended to handle
 various parts of the authentication process:
 
 - **ActionController** handles the after-login and after-registration actions, like Two Factor Authentication and Email Verification.
-
 - **LoginController** handles the login process.
-
 - **RegisterController** handles the registration process. Overriding this class allows you to customize the User Provider, the User Entity, and the validation rules.
-
 - **MagicLinkController** handles the "lost password" process that allows a user to login with a link sent to their email. This allows you to
-override the message that is displayed to a user to describe what is happening, if you'd like to provide more information than simply swapping out the view used.
+  override the message that is displayed to a user to describe what is happening, if you'd like to provide more information than simply swapping out the view used.
 
 It is not recommended to copy the entire controller into **app/Controllers** and change its namespace. Instead, you should create a new controller that extends
 the existing controller and then only override the methods needed. This allows the other methods to stay up to date with any security
diff --git a/docs/install.md b/docs/install.md
@@ -240,3 +240,24 @@ public $filters = [
     ]
 ];
 ```
+
+> **Note** If you have grouped or changed the default format of the routes, ensure that your code matches the new format(s) in the `App/Config/Filter.php` file.
+
+For example, if you configured your routes like so:
+
+```php
+$routes->group('accounts', static function($routes) {
+    service('auth')->routes($routes);
+});
+```
+Then the global `before` filter for `session` should look like so:
+
+```php
+public $globals = [
+    'before' => [
+        // ...
+        'session' => ['except' => ['accounts/login*', 'accounts/register', 'accounts/auth/a/*']]
+    ]
+]
+```
+The same should apply for the Rate Limiting.
diff --git a/src/Config/Auth.php b/src/Config/Auth.php
@@ -39,11 +39,17 @@ class Auth extends BaseConfig
 
     /**
      * --------------------------------------------------------------------
-     * Redirect urLs
+     * Redirect URLs
      * --------------------------------------------------------------------
-     * The default URL that a user will be redirected to after
-     * various auth actions. If you need more flexibility you can
-     * override the `getUrl()` method to apply any logic you may need.
+     * The default URL that a user will be redirected to after various auth
+     * auth actions. This can be either of the following:
+     *
+     * 1. An absolute URL. E.g. http://example.com OR https://example.com
+     * 2. A named route that can be accessed using `route_to()` or `url_to()`
+     * 3. A URI path within the application. e.g 'admin', 'login', 'expath'
+     *
+     * If you need more flexibility you can override the `getUrl()` method
+     * to apply any logic you may need.
      */
     public array $redirects = [
         'register' => '/',
@@ -372,10 +378,32 @@ public function registerRedirect(): string
         return $this->getUrl($url);
     }
 
+    /**
+     * Accepts a string which can be an absolute URL or
+     * a named route or just a URI path, and returns the
+     * full path.
+     *
+     * @param string $url an absolute URL or a named route or just URI path
+     */
     protected function getUrl(string $url): string
     {
-        return strpos($url, 'http') === 0
-            ? $url
-            : rtrim(site_url($url), '/ ');
+        // To accommodate all url patterns
+        $final_url = '';
+
+        switch (true) {
+            case strpos($url, 'http://') === 0 || strpos($url, 'https://') === 0: // URL begins with 'http' or 'https'. E.g. http://example.com
+                $final_url = $url;
+                break;
+
+            case route_to($url) !== false: // URL is a named-route
+                $final_url = rtrim(url_to($url), '/ ');
+                break;
+
+            default: // URL is a route (URI path)
+                $final_url = rtrim(site_url($url), '/ ');
+                break;
+        }
+
+        return $final_url;
     }
 }
diff --git a/src/Config/AuthRoutes.php b/src/Config/AuthRoutes.php
@@ -14,6 +14,7 @@ class AuthRoutes extends BaseConfig
                 'get',
                 'register',
                 'RegisterController::registerView',
+                'register', // Route name
             ],
             [
                 'post',
@@ -26,6 +27,7 @@ class AuthRoutes extends BaseConfig
                 'get',
                 'login',
                 'LoginController::loginView',
+                'login', // Route name
             ],
             [
                 'post',
@@ -57,26 +59,27 @@ class AuthRoutes extends BaseConfig
                 'get',
                 'logout',
                 'LoginController::logoutAction',
+                'logout', // Route name
             ],
         ],
         'auth-actions' => [
             [
                 'get',
                 'auth/a/show',
                 'ActionController::show',
-                'auth-action-show',
+                'auth-action-show', // Route name
             ],
             [
                 'post',
                 'auth/a/handle',
                 'ActionController::handle',
-                'auth-action-handle',
+                'auth-action-handle', // Route name
             ],
             [
                 'post',
                 'auth/a/verify',
                 'ActionController::verify',
-                'auth-action-verify',
+                'auth-action-verify', // Route name
             ],
         ],
     ];
