Is there a way to bypass auth/a/show during verification?

[cangir]

Hello everybody,

I'm a freelance developer from Berlin and new at CodeIgniter 4. Luckily I have met with shield library. I have installed ci4 and shield on my localhost system. Everything works perfect.

A login workflow is as follows:

1. /login => User enters email and password
2. /auth/a/show => User enters email again
3. /auth/a/handle => User enters 6 digit security code from mail.

This workflow works perfect. But my question is: Why do we need second step and why user gives email again?
It is already provided by first step. How to bypass this second step and automatically send email to the user, who have provided correct user credentials.

Thanks in advance. And sorry if this has already been discussed. I could not find this solution anywhere.

[datamweb]

Why do we need second step and why user gives email again?

This has already been explained, but it's been a long time and I can't find Lonnie's explanation. I'm not sure, but I think it was because of making sure that the current user's email is correct (for disturbances in the information stored in the session).

How to bypass this second step and automatically send email to the user,

You can create your own custom actions. I assure you that Shield has no problem ordering actions. Read the description here.

[kenjis]

See #269 (comment)

[KipchirchirIan]

Instead of returning the view:

public function show()
{
      /** @var Session $authenticator */
      $authenticator = auth('session')->getAuthenticator();
    
      $user = $authenticator->getPendingUser();
    
      if ($user === null) {
          throw new \RuntimeException('Cannot get the pending login User.');
      }
    
      $this->createIdentity($user);
    
      return $this->view(setting('Auth.views')['action_sms_2fa'], ['user' => $user]); // <-- Change this part
}

I replaced it with:

return $this->handle(service('request'));

Seems like a hack but it works for me.