Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Option to sign and verify paths instead of absolute URLs #136

Open
melbings opened this issue Jan 26, 2023 · 1 comment
Open

Option to sign and verify paths instead of absolute URLs #136

melbings opened this issue Jan 26, 2023 · 1 comment
Labels
Feature New Feature

Comments

@melbings
Copy link

On our multi-tenant system, separate tenants operate on separate domains. It's possible that such a domain might change one day - rendering all the links that might still "float around" invalid.

It might be useful to have the option to base the signature process on absolute URL or path only?

E.g., sign the URL https://foo.mycompany.com/do-something with the full URL (https://foo.mycompany.com) or the path only (/do-something).

We might be able to provide a PR if this seems useful for anybody else.

@weaverryan
Copy link
Contributor

That seems reasonable. Actually, we could probably ALWAYS sign the path, not the full URL - I can't think of why the domain needs to be in the signature. But, for safety, an option is probably better (we could choose, in the future, to force that option to be set if we wanted to deprecate the old way).

I believe the logic is all in this class: https://github.com/SymfonyCasts/verify-email-bundle/blob/eb7bc997f36ad872a0d56bf209fe37fed148b0a7/src/VerifyEmailHelper.php - you'd need to change both how the signature is created in one method and how the signature is checked in another.

Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature New Feature
Projects
None yet
Development

No branches or pull requests

2 participants