Skip to content

Fix unauthenticated fallback to user ID 1 in postcard flows#17

Merged
mlintangmz2765 merged 1 commit into
mainfrom
codex/fix-all-bugs
May 14, 2026
Merged

Fix unauthenticated fallback to user ID 1 in postcard flows#17
mlintangmz2765 merged 1 commit into
mainfrom
codex/fix-all-bugs

Conversation

@mlintangmz2765

Copy link
Copy Markdown
Owner

Motivation

  • Prevent accidental reads/writes into user ID 1 when the auth state is missing, which could produce data leakage between users.
  • Ensure postcard/contact operations require an authenticated user rather than silently using a default fallback.

Description

  • Removed the auth()->id() ?? 1 fallback and changed writes to use auth()->id() directly in RegisterPostcard and EditPostcard.
  • Added explicit auth guard checks with abort_unless($userId, 403) in RegisterPostcard::mount() and updatedNamaKontak() to reject unauthenticated access early.
  • Updated Contact::updateOrCreate() and Postcard::create() usages to store the authenticated user ID and changed the Edit flow contact update to stop falling back to 1.

Testing

  • Ran syntax checks with php -l app/Livewire/RegisterPostcard.php and php -l app/Livewire/EditPostcard.php, both succeeded.
  • Attempted to run the test suite with php artisan test, but dependency installation failed due to network/proxy errors when Composer attempted to fetch packages, so the full test run could not be executed.

Codex Task

@mlintangmz2765 mlintangmz2765 merged commit 5a91d63 into main May 14, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant