feat(auth): harden login flows and finalize quality-check coverage
This commit is contained in:
@@ -4,6 +4,7 @@ use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Auth\AuthServicesFactory;
|
||||
use MintyPHP\Service\User\UserServicesFactory;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
|
||||
$sessionStore = app(SessionStoreInterface::class);
|
||||
@@ -15,29 +16,35 @@ if (!allowRegistration()) {
|
||||
Router::redirect('login');
|
||||
}
|
||||
|
||||
if ($request->hasBody('email')) {
|
||||
$authService = (app(AuthServicesFactory::class))->createAuthService();
|
||||
$firstName = $request->bodyString('first_name');
|
||||
$lastName = $request->bodyString('last_name');
|
||||
$email = $request->bodyString('email');
|
||||
$password = (string) $request->body('password', '');
|
||||
$password2 = (string) $request->body('password2', '');
|
||||
if ($request->isMethod('POST')) {
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$error = t('Form expired, please try again');
|
||||
} elseif ($request->hasBody('email')) {
|
||||
$authService = (app(AuthServicesFactory::class))->createAuthService();
|
||||
$firstName = $request->bodyString('first_name');
|
||||
$lastName = $request->bodyString('last_name');
|
||||
$email = $request->bodyString('email');
|
||||
$password = (string) $request->body('password', '');
|
||||
$password2 = (string) $request->body('password2', '');
|
||||
|
||||
$result = $authService->register([
|
||||
'first_name' => $firstName,
|
||||
'last_name' => $lastName,
|
||||
'email' => $email,
|
||||
'password' => $password,
|
||||
'password2' => $password2,
|
||||
]);
|
||||
$result = $authService->register([
|
||||
'first_name' => $firstName,
|
||||
'last_name' => $lastName,
|
||||
'email' => $email,
|
||||
'password' => $password,
|
||||
'password2' => $password2,
|
||||
]);
|
||||
|
||||
if (!($result['ok'] ?? false)) {
|
||||
$error = $result['error'] ?? t('User can not be registered');
|
||||
if (!($result['ok'] ?? false)) {
|
||||
$error = $result['error'] ?? t('User can not be registered');
|
||||
} else {
|
||||
// Store email in session for verify-email page
|
||||
$sessionStore->set('email_verification_email', $result['email'] ?? $email);
|
||||
Flash::success(t('Registration successful! Please check your email for the verification code.'), 'verify-email', 'registration_success');
|
||||
Router::redirect('verify-email');
|
||||
}
|
||||
} else {
|
||||
// Store email in session for verify-email page
|
||||
$sessionStore->set('email_verification_email', $result['email'] ?? $email);
|
||||
Flash::success(t('Registration successful! Please check your email for the verification code.'), 'verify-email', 'registration_success');
|
||||
Router::redirect('verify-email');
|
||||
$error = t('User can not be registered');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user