customized routes are not found by session filter

[cdolister]

I'm attempting to nest some routes for Shield in a path called "secure" and having some routing issues. Any help would be appreciated. The intention is to have the following:

• Public routes:
  • domain.com/secure/login
  • domain.com/secure/logout
• Protected routes:
  • domain.com/secure/account
  • domain.com/secure/account/method1
  • domain.com/secure/account/method2... etc

I implemented the following in my Config/Routes.php
service('auth')->routes($routes, ['except' => ['login']]);

I then set up a group for the routes:

$routes->group('secure', static function ($routes) {

    // public routes
    $routes->get('logout', 'Secure\AuthController::logoutAction');
    $routes->get('login', 'Secure\AuthController::loginView');
    $routes->post('login', 'Secure\AuthController::loginAction');

    //protected routes
    $routes->group('account', ['filter' => 'session'], function ($routes) {
        $routes->get('/', 'Secure\AccountController::index');
        $routes->get('/example', 'Secure\AccountController::exampleMethod');
    });

});

The login process works fine, everything is excellent.

The issue is if I log out and then attempt to view domain.com/secure/account, it throws a reverse routing error.
CodeIgniter\HTTP\Exceptions\HTTPException
route cannot be found while reverse-routing.
SYSTEMPATH/HTTP/RedirectResponse.php at line 56

When I move the login page outside of the nested path and put it back on the top level, domain.com/login, and then access domain.com/secure/account, it routes me to domain.com/login as expected.

It appears that the session filter doesn't know to look within the grouped routes for the updated location of the login route? Is there a location to set this?

And to complicate a little more, in some cases, I will want the user to go back to the login page, but in other cases, I will want to display a 404. Do I need to write my own filter to handle which routes are protected and how to conditionally divert the redirect afterward?

Thanks for any guidance.

[MGatner]

Can you share your app/Config/Routes.php and AuthRoutes.php?

Also is that the exact exception message? It looks like the route name got clipped from the error, or maybe something else is going on.

[cdolister]

Sure, I will do what I can. BTW, I'm on CI 4.2.1 and the latest dev-develop branch of Shield.

1. The AuthRoutes.php is unchanged. It's the latest and loading from /vendor/codeigniter4/shield/src/Config/

2. My app/Config/Routes.php file has a lot of stuff in it as I am pretty far into my project. But for the most part, everything is unchanged except for the routes I have added, which all work without issue.

// Settings are mostly the same

$routes->setDefaultNamespace('App\Controllers');
$routes->setDefaultController('Home');
$routes->setDefaultMethod('index');
$routes->setTranslateURIDashes(true);
$routes->set404Override();
$routes->setAutoRoute(false);
$routes->get('/', 'Home::index');

// auth is loaded with my exceptions 

service('auth')->routes($routes, ['except' => 
    ['login', 'register', 'magic-link']
]);

// and the routes for login, logout, and user account

$routes->group('secure', function ($routes) {

    // public routes
    $routes->get('logout', 'Secure\AuthController::logoutAction');
    $routes->get('login', 'Secure\AuthController::loginView');
    $routes->post('login', 'Secure\AuthController::loginAction');

    // protected routes
    $routes->group('account', ['filter' => 'session'], function ($routes) {
        $routes->get('/', 'Secure\AccountController::index');
    });
});

3. The error message is rather large, so here is a screenshot showing just about the entire thing (excludes the footer, but not needed for this issue)

The issue is still consistent -

1. After logging in at https://domain/secure/login, I am routed to and can view https://domain/secure/account
2. After logging out, if I try and view https://domain/secure/account, it throws a reverse routing error.
3. When I move the login route to https://domain/login and revisit https://domain/secure/account, I am successfully redirected to the login route.

[kenjis]

You need to define named route login.
https://codeigniter4.github.io/CodeIgniter4/incoming/routing.html#using-named-routes

See

shield/src/Filters/SessionAuth.php

Line 53 in 93f607f

return redirect()->route('login');

[cdolister]

I just checked and this appears to solve things for me, thank you!

This is now working:

$routes->group('secure', function ($routes) {

    // public routes
    $routes->get('logout', 'Secure\AuthController::logoutAction');
    $routes->get('login', 'Secure\AuthController::loginView', ['as' => 'login']);
    $routes->post('login', 'Secure\AuthController::loginAction');

    // protected routes
    $routes->group('account', ['filter' => 'session'], function ($routes) {
        $routes->get('/', 'Secure\AccountController::index');
    });

});