Skip to content

fix: secure link password deletion #1126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
realodix merged 2 commits into from
Aug 19, 2025
Merged

fix: secure link password deletion #1126

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4de2d08
fix: secure link password deletion
realodix Aug 19, 2025
89ddd39
Update edit.blade.php
realodix Aug 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 24 additions & 2 deletions resources/views/backend/edit.blade.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,9 +136,11 @@ class="col-span-6"
@svg('icon-key', 'mr-1') Edit Password
</button>

<a href="{{ route('link.password.delete', $url) }}" onclick="return confirm('Are you sure you want to remove the password?')" class="btn btn-delete-danger btn-sm dark:text-red-700! dark:hover:text-red-400! dark:border-red-900!">
<button type="button" x-on:click="$dispatch('open-modal', 'remove-password-modal')"
class="btn btn-delete-danger btn-sm dark:text-red-700! dark:hover:text-red-400! dark:border-red-900!"
>
Remove Password
</a>
</button>
@else
<button type="button" title="Add Password" x-on:click="$dispatch('open-modal', 'add-password-modal')" class="btn btn-sm">
@svg('icon-key', 'mr-1') Add Password
Expand Down Expand Up @@ -209,6 +211,26 @@ class="flatpickr-input form-input"
@include('backend.linkpassword.create')
@else
@include('backend.linkpassword.edit')

<x-modal name="remove-password-modal" maxWidth="md">
<x-slot:title>Remove Password for <span class="font-semibold">{{ $url->keyword }}</span></x-slot:title>
<form method="post" action="{{ route('link.password.delete', $url) }}" class="space-y-6">
@csrf @method('DELETE')
<p class="font-light text-sm dark:text-dark-400 mt-2 mb-2">
Are you sure you want to remove the password for this link? This action cannot be undone.
</p>

<div class="flex justify-end items-center">
<button type="button"
x-on:click="$dispatch('close-modal', 'remove-password-modal')"
class="btn btn-secondary mr-2"
>
Cancel
</button>
<button type="submit" class="btn btn-delete-danger">Remove Password</button>
</div>
</form>
</x-modal>
@endif
</div>
@endsection
2 changes: 1 addition & 1 deletion routes/web.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
Route::get('/table/delete/{url:keyword}', [LinkController::class, 'delete'])->name('link.delete.fromTable');
Route::post('/password/store/{url:keyword}', [LinkPasswordController::class, 'store'])->name('link.password.store');
Route::post('/password/update/{url:keyword}', [LinkPasswordController::class, 'update'])->name('link.password.update');
Route::get('/password/delete/{url:keyword}', [LinkPasswordController::class, 'delete'])->name('link.password.delete');
Route::delete('/password/delete/{url:keyword}', [LinkPasswordController::class, 'delete'])->name('link.password.delete');
Route::get('/tag/restricted', [DashboardController::class, 'restrictedLinkView'])->name('dboard.links.restricted');
Route::get('/tag/restricted/{user:name}', [DashboardController::class, 'userRestrictedLinkView'])
->name('dboard.links.user.restricted');
Expand Down
2 changes: 1 addition & 1 deletion tests/Feature/AuthPage/LinkAuthorizationTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ public function password_delete_adminCanAccessAll()
{
$url = Url::factory()->create(['password' => 'password']);
$this->actingAs($this->adminUser())
->get(route('link.password.delete', $url));
->delete(route('link.password.delete', $url));

$this->assertNull($url->fresh()->password);
}
Expand Down
2 changes: 1 addition & 1 deletion tests/Feature/AuthPage/LinkTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ public function testRemovePasswordFromLink()
$url = Url::factory()->create(['password' => 'password']);
$response = $this->actingAs($url->author)
->from(route('link.edit', $url))
->get(route('link.password.delete', $url));
->delete(route('link.password.delete', $url));

$response
->assertRedirectToRoute('link.edit', $url)
Expand Down