Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Magic Link Login can be used even if $allowMagicLinkLogins is false #778

Merged
merged 9 commits into from
Aug 12, 2023
12 changes: 12 additions & 0 deletions src/Controllers/MagicLinkController.php
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,10 @@ public function __construct()
*/
public function loginView()
{
if (! setting('Auth.allowMagicLinkLogins')) {
return redirect()->route('login')->with('error', lang('Auth.magicLinkDisabled'));
}

if (auth()->loggedIn()) {
return redirect()->to(config('Auth')->loginRedirect());
}
Expand All @@ -66,6 +70,10 @@ public function loginView()
*/
public function loginAction()
{
if (! setting('Auth.allowMagicLinkLogins')) {
return redirect()->route('login')->with('error', lang('Auth.magicLinkDisabled'));
}

// Validate email format
$rules = $this->getValidationRules();
if (! $this->validateData($this->request->getPost(), $rules, [], config('Auth')->DBGroup)) {
Expand Down Expand Up @@ -135,6 +143,10 @@ protected function displayMessage(): string
*/
public function verify(): RedirectResponse
{
if (! setting('Auth.allowMagicLinkLogins')) {
return redirect()->route('login')->with('error', lang('Auth.magicLinkDisabled'));
}

$token = $this->request->getGet('token');

/** @var UserIdentityModel $identityModel */
Expand Down
1 change: 1 addition & 0 deletions src/Language/ar/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'عذرا ، لقد انتهت صلاحية الرابط.',
'checkYourEmail' => 'تحقق من بريدك الالكتروني!',
'magicLinkDetails' => 'لقد أرسلنا لك بريدًا إلكترونيًا يحتوي على رابط تسجيل الدخول بالداخل. الرابط صالح فقط لمدة {0} دقيقة.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'لقد قمت بتسجيل الخروج بنجاح.',
'backToLogin' => 'العودة إلى نموذج تسجيل الدخول',

Expand Down
1 change: 1 addition & 0 deletions src/Language/bg/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Съжаляваме, линкът е изтекъл.',
'checkYourEmail' => 'Проверете вашия имейл!',
'magicLinkDetails' => 'Току що ви изпратихме имейл с линк за вход. Линкът ще бъде валиден само {0} минути.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Успешно излязохте от системата.',
'backToLogin' => 'Обратно към входа',

Expand Down
1 change: 1 addition & 0 deletions src/Language/de/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Sorry, der Link ist abgelaufen.',
'checkYourEmail' => 'Prüfen Sie Ihre E-Mail!',
'magicLinkDetails' => 'Wir haben Ihnen gerade eine E-Mail mit einem Login-Link geschickt. Er ist nur für {0} Minuten gültig.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Sie haben sich erfolgreich abgemeldet.',
'backToLogin' => 'Zurück zur Anmeldung',

Expand Down
1 change: 1 addition & 0 deletions src/Language/en/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Sorry, link has expired.',
'checkYourEmail' => 'Check your email!',
'magicLinkDetails' => 'We just sent you an email with a Login link inside. It is only valid for {0} minutes.',
'magicLinkDisabled' => 'Use of MagicLink is currently not allowed.',
'successLogout' => 'You have successfully logged out.',
'backToLogin' => 'Back to Login',

Expand Down
1 change: 1 addition & 0 deletions src/Language/es/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Lo siento, el enlace ha caducado.',
'checkYourEmail' => '¡Revisa tu correo electrónico!',
'magicLinkDetails' => 'Acabamos de enviarte un correo electrónico con un enlace de inicio de sesión. Solo es válido durante {0} minutos.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Has cerrado sesión correctamente.',
'backToLogin' => 'Volver al inicio de sesión',

Expand Down
1 change: 1 addition & 0 deletions src/Language/fa/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'متاسفانه, لینک منقضی شده است.',
'checkYourEmail' => 'ایمیلتان را بررسی کنید!',
'magicLinkDetails' => 'ما فقط یک لینک ورود به ایمیلتان ارسال کردیم. این لینک فقط برای {0} دقیقه معتبر خواهد بود.',
'magicLinkDisabled' => 'امکان استفاده از لینک جادویی وجود ندارد.',
'successLogout' => 'با موفقیت خارج شدید.',
'backToLogin' => 'بازگشت به ورود به سیستم',

Expand Down
1 change: 1 addition & 0 deletions src/Language/fr/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Désolé, le lien a expiré.',
'checkYourEmail' => 'Vérifier votre email !',
'magicLinkDetails' => 'Nous venons de vous envoyer un email contenant un lien de connexion. Il n\'est valable que {0} minutes.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Vous avez été déconnecté avec succès.',
'backToLogin' => 'Retour à la connexion',

Expand Down
1 change: 1 addition & 0 deletions src/Language/id/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Maaf, tautan sudah tidak berlaku.',
'checkYourEmail' => 'Periksa email Anda!',
'magicLinkDetails' => 'Kami baru saja mengirimi Anda email dengan tautan Masuk di dalamnya. Ini hanya berlaku selama {0} menit.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Anda telah berhasil keluar.',
'backToLogin' => 'Kembali ke masuk',

Expand Down
1 change: 1 addition & 0 deletions src/Language/it/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Spiacente, il link è scaduto.',
'checkYourEmail' => 'Controlla la tua email!',
'magicLinkDetails' => 'Ti abbiamo appena inviato una mail contenente un Login link. È valido solo per {0} minuti.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Hai effettuato il logout con successo.',
'backToLogin' => 'Torna al login',

Expand Down
1 change: 1 addition & 0 deletions src/Language/ja/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => '申し訳ございません、リンクは切れています。', // 'Sorry, link has expired.'
'checkYourEmail' => 'メールをチェックしてください!', // 'Check your email!'
'magicLinkDetails' => 'ログインリンクが含まれたメールを送信しました。これは {0} 分間だけ有効です。', // 'We just sent you an email with a Login link inside. It is only valid for {0} minutes.'
'magicLinkDisabled' => 'マジックリンクは使えません。', // 'Use of MagicLink is currently not allowed.'
'successLogout' => '正常にログアウトしました。', // 'You have successfully logged out.'
'backToLogin' => 'ログインに戻る', // 'Back to Login'

Expand Down
1 change: 1 addition & 0 deletions src/Language/lt/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Deja, nuorodos galiojimas baigėsi.',
'checkYourEmail' => 'Patikrinkite savo el. paštą!',
'magicLinkDetails' => 'Mes ką tik išsiuntėme Jums el. laišką su prisijungimo nuoroda. Ji galios tiki {0} minučių(-es).',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Jūs sėkmingai atsijungėte.',
'backToLogin' => 'Grįžti į prisijungimą',

Expand Down
1 change: 1 addition & 0 deletions src/Language/pt-BR/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Desculpe, o link expirou.',
'checkYourEmail' => 'Verifique seu e-mail!',
'magicLinkDetails' => 'Acabamos de enviar um e-mail com um link de Login. Ele é válido apenas por {0} minutos.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Você saiu com sucesso.',
'backToLogin' => 'Voltar para o login',

Expand Down
1 change: 1 addition & 0 deletions src/Language/pt/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Desculpe, o link expirou.',
'checkYourEmail' => 'Verifique o seu e-mail!',
'magicLinkDetails' => 'Acabamos de enviar um e-mail com um link de Login. Ele é válido apenas por {0} minutos.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Saiu com sucesso.',
'backToLogin' => 'Voltar ao login',

Expand Down
1 change: 1 addition & 0 deletions src/Language/sk/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Ľutujeme, platnosť odkazu vypršala.',
'checkYourEmail' => 'Skontrolujte e-mail',
'magicLinkDetails' => 'Práve sme vám poslali e-mail s odkazom na prihlásenie. Platí iba {0} minút.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Úspešne ste sa odhlásili.',
'backToLogin' => 'Späť na prihlásenie',

Expand Down
1 change: 1 addition & 0 deletions src/Language/sr/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Žao nam je, link je istekao.',
'checkYourEmail' => 'Proverite Vaš email!',
'magicLinkDetails' => 'Upravo smo Vam poslali pristupni link. Pristupni link će biti validan još samo {0} minuta.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Uspešno ste se odjavili sa sistema.',
'backToLogin' => 'Nazad na prijavljivanje',

Expand Down
1 change: 1 addition & 0 deletions src/Language/sv-SE/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Tyvärr, länken har gått ut.',
'checkYourEmail' => 'Kontrollera din epost!',
'magicLinkDetails' => 'En login-länk har skickats med epost. Den gäller bara i {0} minuter.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Du har loggats ut.',
'backToLogin' => 'Tillbaka till inloggning',

Expand Down
1 change: 1 addition & 0 deletions src/Language/tr/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Üzgünüm, bağlantının süresi doldu.',
'checkYourEmail' => 'E-postanı kontrol et!',
'magicLinkDetails' => 'Az önce size içinde bir Giriş bağlantısı olan bir e-posta gönderdik. Bağlantı {0} dakika için geçerlidir.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Başarıyla çıkış yaptınız.',
'backToLogin' => 'Girişe Geri Dön',

Expand Down
1 change: 1 addition & 0 deletions src/Language/uk/Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'magicLinkExpired' => 'Вибачте, термін дії посилання закінчився.',
'checkYourEmail' => 'Перевірте свою електронну пошту!',
'magicLinkDetails' => 'Ми щойно надіслали вам електронний лист із посиланням для входу. Він дійсний лише протягом {0} хвилин.',
'magicLinkDisabled' => '(To be translated) Use of MagicLink is currently not allowed.',
'successLogout' => 'Ви успішно вийшли.',
'backToLogin' => 'Повернутися до входу',

Expand Down
48 changes: 48 additions & 0 deletions tests/Controllers/MagicLinkTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -120,4 +120,52 @@ public function testBackToLoginLinkOnPage(): void
$result = $this->get('/login/magic-link');
$this->assertStringContainsString(lang('Auth.backToLogin'), $result->getBody());
}

public function testMagicLinkRedirectsIfNotAllowed(): void
{
$config = config('Auth');
$config->allowMagicLinkLogins = false;
Factories::injectMock('config', 'Auth', $config);

$result = $this->withSession()->get('/login/magic-link');

$result->assertStatus(302);
$result->assertRedirect();
$result->assertSessionHas(
'error',
lang('Auth.magicLinkDisabled'),
);
}

public function testMagicLinkActionRedirectsIfNotAllowed(): void
{
$config = config('Auth');
$config->allowMagicLinkLogins = false;
Factories::injectMock('config', 'Auth', $config);

$result = $this->withSession()->post('/login/magic-link');

$result->assertStatus(302);
$result->assertRedirect();
$result->assertSessionHas(
'error',
lang('Auth.magicLinkDisabled'),
);
}

public function testMagicLinkVerifyRedirectsIfNotAllowed(): void
{
$config = config('Auth');
$config->allowMagicLinkLogins = false;
Factories::injectMock('config', 'Auth', $config);

$result = $this->withSession()->get('/login/verify-magic-link');

$result->assertStatus(302);
$result->assertRedirect();
$result->assertSessionHas(
'error',
lang('Auth.magicLinkDisabled'),
);
}
}
Loading