Fix up TokenLink.

Author: dereuromark

docs/Authentication/LoginLink.md

@@ -25,12 +25,12 @@ $service->loadIdentifier('Tools.LoginLink', [
 
 // Session, Form, Cookie first
 $service->loadAuthenticator('Tools.LoginLink', [
-    'url' => Router::url([
+    'loginUrl' => [
         'prefix' => false,
         'plugin' => false,
         'controller' => 'Account',
         'action' => 'login',
-    ]),
+    ),
 ]);
 ```
 
@@ -57,3 +57,31 @@ $service->loadIdentifier('Tools.LoginLink', [
     },
 ]);
 ```
+
+Here you want to additionally confirm that the email matches. So make sure to add that to the Token content:
+```php
+$token = TableRegistry::getTableLocator()->get('Tools.Tokens')
+    ->newKey('login_link', null, $user->id, $user->email);
+```
+
+### Sending mails via queue
+It is highly advised to do any (email) sending here via queue.
+Just add the `$token` into it and you are good to go:
+```
+$queuedJobsTable = TableRegistry::getTableLocator()->get('Queue.QueuedJobs');
+$token = ...;
+$email = $user->email;
+$data = [
+    'to' => $user->email,
+    'toName' => $user->full_name,
+    'subject' => __('Login link'),
+    'template' => 'login_link',
+    'vars' => compact('email', 'token'),
+];
+$queuedJobsTable->createJob('Email', $data); // Your Email queue task
+```
+
+Put this in the email template (linking to your login action):
+```php
+<?= $this->Url->build(['controller' => 'Account', 'action' => 'login', '?' => ['token' => $token]], ['fullBase' => true]) ?>
+```

src/Authenticator/LoginLinkAuthenticator.php

@@ -15,7 +15,7 @@ class LoginLinkAuthenticator extends AbstractAuthenticator {
 	 * @var array<string, mixed>
 	 */
 	protected array $_defaultConfig = [
-		'url' => null,
+		'loginUrl' => null,
 		'oneTime' => true,
 		'queryString' => 'token',
 		'identifierKey' => 'id',
@@ -46,12 +46,18 @@ public function authenticate(ServerRequestInterface $request): ResultInterface {
 	 */
 	protected function getToken(ServerRequestInterface $request): ?string {
 		/** @var array<string, mixed> $url */
-		$url = $this->getConfig('url');
+		$url = $this->getConfig('loginUrl');
 		if ($url) {
-			$params = $request->getQuery('params');
-			if ($params['controller'] !== $url['controller'] || $params['action'] !== $url['action']) {
+			if (is_string($url) && $url !== $request->getUri()->getPath()) {
 				return null;
 			}
+
+			if (is_array($url)) {
+				$params = $request->getAttribute('params');
+				if (!$params || $params['controller'] !== $url['controller'] || $params['action'] !== $url['action']) {
+					return null;
+				}
+			}
 		}
 
 		return $request->getQuery('token');