I have opened the Users settings in Bonfire and saved them without changing anything. After that, when the user logs out, and tries to login again, he is greeted with an error message (this is the output in the log):

CRITICAL - 2022-12-09 14:35:40 --> Call to a member function getType() on null in VENDORPATH/codeigniter4/shield/src/Authentication/Authenticators/Session.php on line 444. 1 VENDORPATH/codeigniter4/shield/src/Authentication/Authenticators/Session.php(156): CodeIgniter\Shield\Authentication\Authenticators\Session->setAuthAction() 2 VENDORPATH/codeigniter4/shield/src/Controllers/LoginController.php(59): CodeIgniter\Shield\Authentication\Authenticators\Session->attempt([...]) 3 SYSTEMPATH/CodeIgniter.php(927): CodeIgniter\Shield\Controllers\LoginController->loginAction() 4 SYSTEMPATH/CodeIgniter.php(482): CodeIgniter\CodeIgniter->runController(Object(Bonfire\Auth\Controllers\LoginController)) 5 SYSTEMPATH/CodeIgniter.php(351): CodeIgniter\CodeIgniter->handleRequest(null, Object(Config\Cache), false) 6 FCPATH/index.php(67): CodeIgniter\CodeIgniter->run() 7 SYSTEMPATH/Commands/Server/rewrite.php(46): require_once('FCPATH/index.php') CRITICAL - 2022-12-09 14:38:51 --> Call to a member function getType() on null in VENDORPATH/codeigniter4/shield/src/Authentication/Authenticators/Session.php on line 444. 1 VENDORPATH/codeigniter4/shield/src/Authentication/Authenticators/Session.php(156): CodeIgniter\Shield\Authentication\Authenticators\Session->setAuthAction() 2 VENDORPATH/codeigniter4/shield/src/Controllers/LoginController.php(59): CodeIgniter\Shield\Authentication\Authenticators\Session->attempt([...]) 3 SYSTEMPATH/CodeIgniter.php(927): CodeIgniter\Shield\Controllers\LoginController->loginAction() 4 SYSTEMPATH/CodeIgniter.php(482): CodeIgniter\CodeIgniter->runController(Object(Bonfire\Auth\Controllers\LoginController)) 5 SYSTEMPATH/CodeIgniter.php(351): CodeIgniter\CodeIgniter->handleRequest(null, Object(Config\Cache), false) 6 FCPATH/index.php(67): CodeIgniter\CodeIgniter->run() 7 SYSTEMPATH/Commands/Server/rewrite.php(46): require_once('FCPATH/index.php')

I have traced the error to the setting that got saved to the database :
class | key | value
Config\Auth\Auth | actions | a:2:{s:5:"login";b:0;s:8:"register";b:0;}

I think the string in value column gets interpreted by the settings module as setting the original config array values

public array $actions = [ 'login' => null, 'register' => null, ];

to false instead of null. And then the code in Session.php on line 444 gets executed, while it should be omitted if the values in array were null...

So anyway, the functionality is too easily broken.

I have done the same today with an updated codebase, and the functionality seems to be no longer broken. So I am closing this bug report.