Bug when register an user and checking the invite filter about cribbb HOT 8 CLOSED

Yeah I think I fix this in a later tutorial that you might not have read yet https://github.com/cribbb/cribbb/blob/master/app/filters.php#L94

from cribbb.

Hi Philip!

I think that code still have the same problem for example if you got an error when register a new user the invite filter get executed but there is not gonna be a code on the URL so the Input::get('code') it's not gonna be set and is never get into that if but because we already access to the register form we have on the session the invitation_code that you are not using to see if is valid or not.

$code = Input::has('code') ? Input::get('code') : Session::get('invitation_code');

if (! $repository->getValidInviteByCode($code))

Sorry English is not my native language so I may not explain my self properly, let me know.

Cheers.

from cribbb.

Hello zot24,

I think once the filter is in place, we don't need the following code:

if (! $repository->getValidInviteByCode(Input::get('code')))
{
    App::abort(404);
}

The filter will do this task.

from cribbb.

Hi Debiprasad!

That code should be inside of the filter, sorry if I didn't explain properly myself, this is my filter:

Route::filter('invite', function ()
{
    if (! Input::has('code') and ! Session::has('invitation_code'))
    {
        App::abort(404);
    }

    $repository = App::make('Logbook\Repositories\Invite\InviteRepositoryInterface');

    $code = Input::has('code') ? Input::get('code') : Session::get('invitation_code');

    if (! $repository->getValidInviteByCode($code))
    {
        App::abort(404);
    }

    Session::put('invitation_code', Input::get('code'));
});

The problem with Philips code:

Route::filter('invite', function()
{
  if (! Input::has('code') and ! Session::has('invitation_code'))
  {
    return App::abort(404);
  }

  if(Input::has('code'))
  {
    $repository = App::make('Cribbb\Repositories\Invite\InviteRepository');

    $invite = $repository->getValidInviteByCode(Input::get('code'));

    if(! $invite)
    {
      return App::abort(404);
    }

    Session::put('invitation_code', Input::get('code'));
    Session::put('referrer_id', $invite->referrer_id);
  }
});

This if is not gonna be true never if the filter is executed from the storemethod on the RegisterController.php

...
if(Input::has('code'))
  {
...

Because is a redirection from the RegisterController when something went wrong when trying to create a new user so there is not codeon the URL only invitation_code on the session but Philip is not doing anything with invitation_code rather than my code that is checking both variables, because we don't know if the invite filter is being running from the browser or from a redirecting when trying to create an user and an error happen.

The last line of the following code is what is executing the filter this time and is what is generating the problem, we wasn't contemplating this case.

RegisterController.php

...
$user = $this->registrator->create(Input::all());

if ($user)
{
    Auth::login($user);

    return Redirect::route('home')->with('flash', 'The new user has been created');
}
return Redirect::route('register.index')->withInput()->withErrors($this->registrator->errors());
...

from cribbb.

In Philips's code, first it checks whether the invitation code is a valid one. If it's a valid one, then it saves it in a session. So, no need to check whether it's a valid one or not, if it's already available in the session. Because any invitation code stored in the session is a valid one. The filter does that. Now, we don't need to handle the invitation code (user input) in our controller.

This is a good example of using filters.

from cribbb.

I'm not handling in the Controllerthe code that I'm saying is missed is on the filter the Controlleris fine how Philips developer it, the problem is in the filter. I know we save the invitation_codein the session first time the user call http://www.ourapp.com/register?code=xxxxxxx but when are you using again that invitation_code? we are saving that invitation_code in session but we are not doing anything with it we don't get that value any were and we should to get the getValidInviteByCode.

Just try something if you have the app running and let me know the result, call http://www.ourapp.com/register?code=xxxxxxxxxx with a valid code and then just submit the registration form without fullfil any field and let me know what happen. That's where I'm having the problem.

from cribbb.

Yeah I don't get an error when I submit the registration form with invalid details and then I try again.

In https://github.com/cribbb/cribbb/blob/master/app/filters.php#L94 you don't have to do anything because the invitation_code is already set on the session.

The store() method will automatically pick up the invite_code from the session here https://github.com/cribbb/cribbb/blob/master/app/controllers/RegisterController.php#L38

Once you land on the filter has accepted the code from the GET request it is stored in the session so you don't need it on any other request.

I think your error is caused by something else.

from cribbb.

Cool! I see it now, I was having the problem because I hadn't understand who that if was working.

...
 if(Input::has('code'))
  {
...

Thanks for the detailed explanation.

from cribbb.