Giters

codeigniter4 / shield

Authentication and Authorization for CodeIgniter 4

Home Page:https://shield.codeigniter.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Bug: Error customizing login identifier and not using email

alivaraste opened this issue · comments

commented

PHP Version

8.1.8

CodeIgniter4 Version

4.4.2

Shield Version

1.0.0-beta.2

Which operating systems have you tested for this bug?

Linux

Which server did you use?

apache

Database

MariaDB

Did you customize Shield?

No

What happened?

I am going to receive the mobile number from the user and send him a verification code, so according to the documentation, I created a mobile column and wrote the mobile number in the ValidFields variable in the config and deleted the username.
when submit form with mobile and password this error accourded: "There is no data to insert" because it is not possible to create a user without a username and the mobile field that is sent along with the username is not saved in the user table.

So i deleted the mobile column and used the username to save the mobile number, which caused a new problem, I don't save email, so only one user can be created without email, and subsequent users receive a duplicate key error. Because there is a key called type_secret in the auth_identities table, which causes this problem.

Thank you for letting me know if I'm wrong, and if not, consider fixing these problems in the next versions

Steps to Reproduce

Expected Output

Anything else?

No response

commented

This is not a bug.

If you want to change the Registration process, you need to customize the Registration process.
Shield assumes that a user has email, so it seems you need to customize the source code to handle users without email. At the very least, it will not work by simply changing the settings.

The following page just shows how to customize the Login process.
https://codeigniter4.github.io/shield/customization/login_identifier/

commented

Yes, you are right, apparently mobile has not been invented yet in Shield development logic, and well, this is not a bug, but the first part of the text that I mentioned, by adding a column and adding its name in the ValidFields configuration, according to the documentation, you can use it for registration and login, which does not work, and the value It is not stored in the desired column.
https://codeigniter4.github.io/shield/customization/login_identifier/

commented

There is no word registration or register in the page.
The $validFields is for login fields, not registration fields.

You seems to misunderstand that Shield works magically when you add a column to the $validFields.

commented

I don't save email

Shield requires that a user have an email address. If not, you need to customize the source code of Shield.
You could create a new user identifier (mobile phone number and password), and customize Shield to use it.

commented

Thank you for helping me realize my mistake.

commented

Indeed, the current documentation may be a bit misleading.
How about this #906?

commented

@kenjis The recent refactor caused a bug. This code will not include the custom field(eg mobile). Therefore, the mobile value is not entered into the DB.

shield/src/Controllers/RegisterController.php

Lines 96 to 98 in 7774592

$allowedPostFields = array_keys($rules);
$user = $this->getUserEntity();
$user->fill($this->request->getPost($allowedPostFields));

If the user adds a custom column(here mobile) to the users table, he/she must write a rule for it. Shield's behavior has not been like this before.

app/Config/Validation.php

    public $registration = [
        // 'username' => [
        //     'label' => 'Auth.username',
        //     'rules' => [
        //         'required',
        //         'max_length[30]',
        //         'min_length[3]',
        //         'regex_match[/\A[a-zA-Z0-9\.]+\z/]',
        //         'is_unique[users.username]',
        //     ],
        // ],
        'email' => [
            'label' => 'Auth.email',
            'rules' => [
                'required',
                'max_length[254]',
                'valid_email',
                'is_unique[auth_identities.secret]',
            ],
        ],
        'password' => [
            'label' => 'Auth.password',
            'rules' => 'required|max_byte[72]|strong_password[]',
            'errors' => [
                'max_byte' => 'Auth.errorPasswordTooLongBytes'
            ]
        ],
        'password_confirm' => [
            'label' => 'Auth.passwordConfirm',
            'rules' => 'required|matches[password]',
        ],
        'mobile' => [
            'label' => 'Auth.mobile',
            'rules' => 'required|max_length[11]',
        ],
    ];

Update:
We just need to prompt the user to write a rule for each custom column(here mobile), similar to what was said above.

commented

Devs should update the validation rules for the new field.
And yes, it is better to add to the documentation. It is not documented at all.

commented

@datamweb Added it to #906

commented

It seems that we have already explained this issue in #333. I think this is the reason why we don't document.

commented

Considering the things mentioned in #333, I think it is necessary to include those explanations in the documents.
Also, to avoid additional coding, it is better to avoid creating a UserModel and add the ValidFields values to the AllowedFields variable in the ShieldUserModel class.

commented

@alivaraste I sent a PR to add docs: #907.
Please review.