gnu-social/src/Controller/Security.php

<?php

declare(strict_types = 1);

namespace App\Controller;

use App\Core\Controller;
use App\Core\DB\DB;
use App\Core\Event;
use App\Core\Form;
use function App\Core\I18n\_m;
use App\Core\Log;
use App\Core\VisibilityScope;
use App\Entity\Actor;
use App\Entity\Subscription;
use App\Entity\LocalUser;
use App\Entity\Note;
use App\Security\Authenticator;
use App\Security\EmailVerifier;
use App\Util\Common;
use App\Util\Exception\DuplicateFoundException;
use App\Util\Exception\EmailTakenException;
use App\Util\Exception\NicknameEmptyException;
use App\Util\Exception\NicknameException;
use App\Util\Exception\NicknameInvalidException;
use App\Util\Exception\NicknameNotAllowedException;
use App\Util\Exception\NicknameTakenException;
use App\Util\Exception\NicknameTooLongException;
use App\Util\Exception\ServerException;
use App\Util\Form\FormFields;
use App\Util\Nickname;
use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
use LogicException;
use Symfony\Component\Form\Extension\Core\Type\EmailType;
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\Extension\Core\Type\TextType;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use Symfony\Component\Validator\Constraints\Length;
use Symfony\Component\Validator\Constraints\NotBlank;

class Security extends Controller
{
    /**
     * Log a user in
     */
    public function login(AuthenticationUtils $authenticationUtils)
    {
        if ($this->getUser()) {
            return $this->redirectToRoute('main_all');
        }

        // get the login error if there is one
        $error = $authenticationUtils->getLastAuthenticationError();
        // last username entered by the user
        $last_login_id = $authenticationUtils->getLastUsername();

        return [
            '_template'     => 'security/login.html.twig',
            'last_login_id' => $last_login_id,
            'error'         => $error,
            'notes_fn'      => fn ()      => Note::getAllNotes(VisibilityScope::$instance_scope),
        ];
    }

    /**
     * @codeCoverageIgnore
     */
    public function logout()
    {
        throw new LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
    }

    /**
     * Register a user, making sure the nickname is not reserved and
     * possibly sending a confirmation email
     *
     * @throws DuplicateFoundException
     * @throws EmailTakenException
     * @throws EmailTakenException
     * @throws NicknameEmptyException
     * @throws NicknameException
     * @throws NicknameInvalidException
     * @throws NicknameNotAllowedException
     * @throws NicknameTakenException
     * @throws NicknameTooLongException
     * @throws ServerException
     */
    public function register(
        Request $request,
        GuardAuthenticatorHandler $guard_handler,
        Authenticator $authenticator,
    ): array|Response|null
    {
        $form = Form::create([
            ['nickname', TextType::class, [
                'label'       => _m('Nickname'),
                'help'        => _m('Your desired nickname (e.g., j0hnD03)'),
                'constraints' => [
                    new NotBlank(['message' => _m('Please enter a nickname')]),
                    new Length([
                        'min'        => 1,
                        'minMessage' => _m(['Your nickname must be at least # characters long'], ['count' => 1]),
                        'max'        => Nickname::MAX_LEN,
                        'maxMessage' => _m(['Your nickname must be at most # characters long'], ['count' => Nickname::MAX_LEN]), ]),
                ],
                'block_name'      => 'nickname',
                'label_attr'      => ['class' => 'section-form-label'],
                'invalid_message' => _m('Nickname not valid. Please provide a valid nickname.'),
            ]],
            ['email', EmailType::class, [
                'label'           => _m('Email'),
                'help'            => _m('Desired email for this account (e.g., john@provider.com)'),
                'constraints'     => [new NotBlank(['message' => _m('Please enter an email')])],
                'block_name'      => 'email',
                'label_attr'      => ['class' => 'section-form-label'],
                'invalid_message' => _m('Email not valid. Please provide a valid email.'),
            ]],
            FormFields::repeated_password(),
            ['register', SubmitType::class, ['label' => _m('Register')]],
        ], form_options: ['block_prefix' => 'register']);

        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()) {
            $data             = $form->getData();
            $data['password'] = $form->get('password')->getData();

            // TODO: ensure there's no user with this email registered already

            // Already used is checked below
            $sanitized_nickname = Nickname::normalize($data['nickname'], check_already_used: false, which: Nickname::CHECK_LOCAL_USER, check_is_allowed: false);

            try {
                // This already checks if the nickname is being used
                $actor = Actor::create(['nickname' => $sanitized_nickname]);
                $user  = LocalUser::create([
                    'nickname'       => $sanitized_nickname,
                    'outgoing_email' => $data['email'],
                    'incoming_email' => $data['email'],
                    'password'       => LocalUser::hashPassword($data['password']),
                ]);
                DB::persistWithSameId(
                    $actor,
                    $user,
                    // Self subscription
                    fn (int $id) => DB::persist(Subscription::create(['subscriber' => $id, 'subscribed' => $id])),
                );

                Event::handle('SuccessfulLocalUserRegistration', [$actor, $user]);

                DB::flush();
                // @codeCoverageIgnoreStart
            } catch (UniqueConstraintViolationException $e) {
                // _something_ was duplicated, but since we already check if nickname is in use, we can't tell what went wrong
                $e = 'An error occurred while trying to register';
                Log::critical($e . " with nickname: '{$sanitized_nickname}' and email '{$data['email']}'");
                throw new ServerException(_m($e));
            }
            // @codeCoverageIgnoreEnd

            // generate a signed url and email it to the user
            if ($_ENV['APP_ENV'] !== 'dev' && Common::config('site', 'use_email')) {
                // @codeCoverageIgnoreStart
                EmailVerifier::sendEmailConfirmation($user);
            // @codeCoverageIgnoreEnd
            } else {
                $user->setIsEmailVerified(true);
            }

            return $guard_handler->authenticateUserAndHandleSuccess(
                $user,
                $request,
                $authenticator,
                'main', // firewall name in security.yaml
            );
        }

        return [
            '_template'         => 'security/register.html.twig',
            'registration_form' => $form->createView(),
            'notes_fn'          => fn ()          => Note::getAllNotes(VisibilityScope::$instance_scope),
        ];
    }
}
[UI][SESSION] Add login and logout pages 2020-07-22 02:58:25 +01:00			`<?php`

[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`declare(strict_types = 1);`
[TOOLS][CS-FIXER] Run new PHP CS Fixer config. Notably, adds strict_types 2021-10-10 09:26:18 +01:00
[UI][SESSION] Add login and logout pages 2020-07-22 02:58:25 +01:00			`namespace App\Controller;`

[CONTROLLER][ROUTES] Refactor controllers to use the new base class and remove controller from the class name 2020-07-23 15:08:31 +01:00			`use App\Core\Controller;`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`use App\Core\DB\DB;`
[FreeNetwork] First steps porting webfinger/lrdd to v3, GET webfinger requests already have a basic result 2021-10-18 13:22:02 +01:00			`use App\Core\Event;`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`use App\Core\Form;`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`use function App\Core\I18n\_m;`
[CONTROLLER][Security] Refactor and make clearer errors with duplicate nicknames and emails. Return notes as a callable, since they're not used in the default template, in the login and register pages 2021-07-28 22:38:27 +01:00			`use App\Core\Log;`
[CORE] Rename NoteScope to VisibilityScope, as it will be used for attachment visbility too 2021-04-15 23:26:05 +01:00			`use App\Core\VisibilityScope;`
[Actor] Refactor GSActor into Actor 2021-09-18 03:22:27 +01:00			`use App\Entity\Actor;`
[ENTITY] Refactor Follow as Subscription 2021-11-08 13:44:35 +00:00			`use App\Entity\Subscription;`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`use App\Entity\LocalUser;`
[UI][TIMELINES] Refactored query for public stream 2020-12-02 22:57:32 +00:00			`use App\Entity\Note;`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`use App\Security\Authenticator;`
[TOOLS] Fix all level 0 errors found by PHPStan and move constant definition to bootstrap file 2021-09-06 19:49:03 +01:00			`use App\Security\EmailVerifier;`
			`use App\Util\Common;`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`use App\Util\Exception\DuplicateFoundException;`
			`use App\Util\Exception\EmailTakenException;`
[Actor] Refactor GSActor into Actor 2021-09-18 03:22:27 +01:00			`use App\Util\Exception\NicknameEmptyException;`
[FreeNetwork] First steps porting webfinger/lrdd to v3, GET webfinger requests already have a basic result 2021-10-18 13:22:02 +01:00			`use App\Util\Exception\NicknameException;`
			`use App\Util\Exception\NicknameInvalidException;`
[SECURITY] Fix nickname validation and properly allow email auth 2021-10-10 17:41:30 +01:00			`use App\Util\Exception\NicknameNotAllowedException;`
[DB] Remove unique constraint from GSActor.nickname and fix register and related functionality 2021-04-11 12:03:32 +01:00			`use App\Util\Exception\NicknameTakenException;`
[Actor] Refactor GSActor into Actor 2021-09-18 03:22:27 +01:00			`use App\Util\Exception\NicknameTooLongException;`
[CONTROLLER][Security] Refactor and make clearer errors with duplicate nicknames and emails. Return notes as a callable, since they're not used in the default template, in the login and register pages 2021-07-28 22:38:27 +01:00			`use App\Util\Exception\ServerException;`
[UTIL][FormFields] Move FormFields class to Util\Form namespace 2021-08-06 12:12:10 +01:00			`use App\Util\Form\FormFields;`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`use App\Util\Nickname;`
[DB] Remove unique constraint from GSActor.nickname and fix register and related functionality 2021-04-11 12:03:32 +01:00			`use Doctrine\DBAL\Exception\UniqueConstraintViolationException;`
[FreeNetwork] First steps porting webfinger/lrdd to v3, GET webfinger requests already have a basic result 2021-10-18 13:22:02 +01:00			`use LogicException;`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`use Symfony\Component\Form\Extension\Core\Type\EmailType;`
			`use Symfony\Component\Form\Extension\Core\Type\SubmitType;`
			`use Symfony\Component\Form\Extension\Core\Type\TextType;`
			`use Symfony\Component\HttpFoundation\Request;`
[Actor] Refactor GSActor into Actor 2021-09-18 03:22:27 +01:00			`use Symfony\Component\HttpFoundation\Response;`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;`
[UI][SESSION] Add login and logout pages 2020-07-22 02:58:25 +01:00			`use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`use Symfony\Component\Validator\Constraints\Length;`
			`use Symfony\Component\Validator\Constraints\NotBlank;`
[UI][SESSION] Add login and logout pages 2020-07-22 02:58:25 +01:00
[CONTROLLER][ROUTES] Refactor controllers to use the new base class and remove controller from the class name 2020-07-23 15:08:31 +01:00			`class Security extends Controller`
[UI][SESSION] Add login and logout pages 2020-07-22 02:58:25 +01:00			`{`
[DOCUMENTATION][REFACTOR] Add documentation to all flagged function and do some small cleanup 2020-11-06 19:47:15 +00:00			`/**`
			`* Log a user in`
			`*/`
[CONTROLLER][ROUTES] Refactor the base Controller to not reinvent the wheel too much and rely on Symfony's events 2020-07-23 18:55:06 +01:00			`public function login(AuthenticationUtils $authenticationUtils)`
[UI][SESSION] Add login and logout pages 2020-07-22 02:58:25 +01:00			`{`
			`if ($this->getUser()) {`
			`return $this->redirectToRoute('main_all');`
			`}`

			`// get the login error if there is one`
			`$error = $authenticationUtils->getLastAuthenticationError();`
			`// last username entered by the user`
[CONTROLLER][Security] Refactor and make clearer errors with duplicate nicknames and emails. Return notes as a callable, since they're not used in the default template, in the login and register pages 2021-07-28 22:38:27 +01:00			`$last_login_id = $authenticationUtils->getLastUsername();`
[UI][SESSION] Add login and logout pages 2020-07-22 02:58:25 +01:00
[CONTROLLER][Security] Refactor and make clearer errors with duplicate nicknames and emails. Return notes as a callable, since they're not used in the default template, in the login and register pages 2021-07-28 22:38:27 +01:00			`return [`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`'_template' => 'security/login.html.twig',`
[CONTROLLER][Security] Refactor and make clearer errors with duplicate nicknames and emails. Return notes as a callable, since they're not used in the default template, in the login and register pages 2021-07-28 22:38:27 +01:00			`'last_login_id' => $last_login_id,`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`'error' => $error,`
			`'notes_fn' => fn () => Note::getAllNotes(VisibilityScope::$instance_scope),`
[CONTROLLER][Security] Refactor and make clearer errors with duplicate nicknames and emails. Return notes as a callable, since they're not used in the default template, in the login and register pages 2021-07-28 22:38:27 +01:00			`];`
[UI][SESSION] Add login and logout pages 2020-07-22 02:58:25 +01:00			`}`

[CONTROLLER][Security] Refactor and make clearer errors with duplicate nicknames and emails. Return notes as a callable, since they're not used in the default template, in the login and register pages 2021-07-28 22:38:27 +01:00			`/**`
			`* @codeCoverageIgnore`
			`*/`
[UI][SESSION] Add login and logout pages 2020-07-22 02:58:25 +01:00			`public function logout()`
			`{`
[SECURITY] Fix nickname validation and properly allow email auth 2021-10-10 17:41:30 +01:00			`throw new LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');`
[UI][SESSION] Add login and logout pages 2020-07-22 02:58:25 +01:00			`}`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00
[DOCUMENTATION][REFACTOR] Add documentation to all flagged function and do some small cleanup 2020-11-06 19:47:15 +00:00			`/**`
			`* Register a user, making sure the nickname is not reserved and`
			`* possibly sending a confirmation email`
[CONTROLLER][SECURITY] Registration feedback. The flashError works. However, Symfony's Exception error page is viewed upon trying to register. 2021-09-15 00:25:16 +01:00			`*`
[TOOLS][CS-FIXER] Run new PHP CS Fixer config. Notably, adds strict_types 2021-10-10 09:26:18 +01:00			`* @throws DuplicateFoundException`
			`* @throws EmailTakenException`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`* @throws EmailTakenException`
[CONTROLLER][SECURITY] Registration feedback. The flashError works. However, Symfony's Exception error page is viewed upon trying to register. 2021-09-15 00:25:16 +01:00			`* @throws NicknameEmptyException`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`* @throws NicknameException`
[FreeNetwork] First steps porting webfinger/lrdd to v3, GET webfinger requests already have a basic result 2021-10-18 13:22:02 +01:00			`* @throws NicknameInvalidException`
[SECURITY] Fix nickname validation and properly allow email auth 2021-10-10 17:41:30 +01:00			`* @throws NicknameNotAllowedException`
[FreeNetwork] First steps porting webfinger/lrdd to v3, GET webfinger requests already have a basic result 2021-10-18 13:22:02 +01:00			`* @throws NicknameTakenException`
[CONTROLLER][SECURITY] Registration feedback. The flashError works. However, Symfony's Exception error page is viewed upon trying to register. 2021-09-15 00:25:16 +01:00			`* @throws NicknameTooLongException`
[FreeNetwork] First steps porting webfinger/lrdd to v3, GET webfinger requests already have a basic result 2021-10-18 13:22:02 +01:00			`* @throws ServerException`
[DOCUMENTATION][REFACTOR] Add documentation to all flagged function and do some small cleanup 2020-11-06 19:47:15 +00:00			`*/`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`public function register(`
			`Request $request,`
			`GuardAuthenticatorHandler $guard_handler,`
			`Authenticator $authenticator,`
			`): array\|Response\|null`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`{`
			`$form = Form::create([`
			`['nickname', TextType::class, [`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`'label' => _m('Nickname'),`
			`'help' => _m('Your desired nickname (e.g., j0hnD03)'),`
[CONFIG] Make password length limits configurable 2021-07-28 22:06:10 +01:00			`'constraints' => [`
			`new NotBlank(['message' => _m('Please enter a nickname')]),`
			`new Length([`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`'min' => 1,`
[SECURITY] Fix nickname validation and properly allow email auth 2021-10-10 17:41:30 +01:00			`'minMessage' => _m(['Your nickname must be at least # characters long'], ['count' => 1]),`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`'max' => Nickname::MAX_LEN,`
			`'maxMessage' => _m(['Your nickname must be at most # characters long'], ['count' => Nickname::MAX_LEN]), ]),`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`],`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`'block_name' => 'nickname',`
			`'label_attr' => ['class' => 'section-form-label'],`
[CONTROLLER][SECURITY] Registration feedback. The flashError works. However, Symfony's Exception error page is viewed upon trying to register. 2021-09-15 00:25:16 +01:00			`'invalid_message' => _m('Nickname not valid. Please provide a valid nickname.'),`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`]],`
[CONFIG] Make password length limits configurable 2021-07-28 22:06:10 +01:00			`['email', EmailType::class, [`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`'label' => _m('Email'),`
			`'help' => _m('Desired email for this account (e.g., john@provider.com)'),`
			`'constraints' => [new NotBlank(['message' => _m('Please enter an email')])],`
			`'block_name' => 'email',`
			`'label_attr' => ['class' => 'section-form-label'],`
[CONTROLLER][SECURITY] Registration feedback. The flashError works. However, Symfony's Exception error page is viewed upon trying to register. 2021-09-15 00:25:16 +01:00			`'invalid_message' => _m('Email not valid. Please provide a valid email.'),`
[CONFIG] Make password length limits configurable 2021-07-28 22:06:10 +01:00			`]],`
[TESTS] Raise test coverage for Controller/Security to 100% 2021-08-03 11:24:01 +01:00			`FormFields::repeated_password(),`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`['register', SubmitType::class, ['label' => _m('Register')]],`
[TESTS] Hot-fix Security controller tests, broken with ongoing form rendering changes 2021-08-17 20:51:06 +01:00			`], form_options: ['block_prefix' => 'register']);`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00
			`$form->handleRequest($request);`

			`if ($form->isSubmitted() && $form->isValid()) {`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`$data = $form->getData();`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`$data['password'] = $form->get('password')->getData();`

[SECURITY] Fix nickname validation and properly allow email auth 2021-10-10 17:41:30 +01:00			`// TODO: ensure there's no user with this email registered already`
[CONTROLLER][Security] Refactor and make clearer errors with duplicate nicknames and emails. Return notes as a callable, since they're not used in the default template, in the login and register pages 2021-07-28 22:38:27 +01:00
[SECURITY] Fix nickname validation and properly allow email auth 2021-10-10 17:41:30 +01:00			`// Already used is checked below`
[UTIL][Nickname] Fix some parameters issues found with strict types 2021-10-18 16:48:16 +01:00			`$sanitized_nickname = Nickname::normalize($data['nickname'], check_already_used: false, which: Nickname::CHECK_LOCAL_USER, check_is_allowed: false);`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00
[DB] Remove unique constraint from GSActor.nickname and fix register and related functionality 2021-04-11 12:03:32 +01:00			`try {`
[CONTROLLER][Security] Refactor and make clearer errors with duplicate nicknames and emails. Return notes as a callable, since they're not used in the default template, in the login and register pages 2021-07-28 22:38:27 +01:00			`// This already checks if the nickname is being used`
[Controller][Security] Fullname is not setup automatically upon registering anymore. [ENTITY][Actor] Changes to accomodate fullname from potentially being null. [ENTITY][Note] Changes to accomodate fullname from potentially being null. 2021-10-29 22:05:10 +01:00			`$actor = Actor::create(['nickname' => $sanitized_nickname]);`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`$user = LocalUser::create([`
			`'nickname' => $sanitized_nickname,`
[DB] Remove unique constraint from GSActor.nickname and fix register and related functionality 2021-04-11 12:03:32 +01:00			`'outgoing_email' => $data['email'],`
			`'incoming_email' => $data['email'],`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`'password' => LocalUser::hashPassword($data['password']),`
[DB] Remove unique constraint from GSActor.nickname and fix register and related functionality 2021-04-11 12:03:32 +01:00			`]);`
[SECURITY][DB] Make user register 'atomic', by using a single transaction for inserting all objects, to avoid partial inserts 2021-04-23 13:54:25 +01:00			`DB::persistWithSameId(`
			`$actor,`
			`$user,`
[ENTITY] Refactor Follow as Subscription 2021-11-08 13:44:35 +00:00			`// Self subscription`
			`fn (int $id) => DB::persist(Subscription::create(['subscriber' => $id, 'subscribed' => $id])),`
[SECURITY][DB] Make user register 'atomic', by using a single transaction for inserting all objects, to avoid partial inserts 2021-04-23 13:54:25 +01:00			`);`
[FreeNetwork] First steps porting webfinger/lrdd to v3, GET webfinger requests already have a basic result 2021-10-18 13:22:02 +01:00
			`Event::handle('SuccessfulLocalUserRegistration', [$actor, $user]);`

[SECURITY][DB] Make user register 'atomic', by using a single transaction for inserting all objects, to avoid partial inserts 2021-04-23 13:54:25 +01:00			`DB::flush();`
[TESTS] Raise test coverage for Controller/Security to 100% 2021-08-03 11:24:01 +01:00			`// @codeCoverageIgnoreStart`
[DB] Remove unique constraint from GSActor.nickname and fix register and related functionality 2021-04-11 12:03:32 +01:00			`} catch (UniqueConstraintViolationException $e) {`
[CONTROLLER][Security] Refactor and make clearer errors with duplicate nicknames and emails. Return notes as a callable, since they're not used in the default template, in the login and register pages 2021-07-28 22:38:27 +01:00			`// _something_ was duplicated, but since we already check if nickname is in use, we can't tell what went wrong`
			`$e = 'An error occurred while trying to register';`
[SECURITY] Fix nickname validation and properly allow email auth 2021-10-10 17:41:30 +01:00			`Log::critical($e . " with nickname: '{$sanitized_nickname}' and email '{$data['email']}'");`
[CONTROLLER][Security] Refactor and make clearer errors with duplicate nicknames and emails. Return notes as a callable, since they're not used in the default template, in the login and register pages 2021-07-28 22:38:27 +01:00			`throw new ServerException(_m($e));`
[DB] Remove unique constraint from GSActor.nickname and fix register and related functionality 2021-04-11 12:03:32 +01:00			`}`
[TESTS] Raise test coverage for Controller/Security to 100% 2021-08-03 11:24:01 +01:00			`// @codeCoverageIgnoreEnd`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00
			`// generate a signed url and email it to the user`
[SECURITY] Do not require email when in development 2021-08-04 17:48:00 +01:00			`if ($_ENV['APP_ENV'] !== 'dev' && Common::config('site', 'use_email')) {`
[TESTS] Raise test coverage for Controller/Security to 100% 2021-08-03 11:24:01 +01:00			`// @codeCoverageIgnoreStart`
[TOOLS] Fix all level 0 errors found by PHPStan and move constant definition to bootstrap file 2021-09-06 19:49:03 +01:00			`EmailVerifier::sendEmailConfirmation($user);`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`// @codeCoverageIgnoreEnd`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`} else {`
			`$user->setIsEmailVerified(true);`
			`}`

			`return $guard_handler->authenticateUserAndHandleSuccess(`
			`$user,`
			`$request,`
			`$authenticator,`
[TOOLS][CS-FIXER] Run new PHP CS Fixer config. Notably, adds strict_types 2021-10-10 09:26:18 +01:00			`'main', // firewall name in security.yaml`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`);`
			`}`

			`return [`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`'_template' => 'security/register.html.twig',`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`'registration_form' => $form->createView(),`
[TOOLS][PHPStan][DocCheck] Fix errors found by PHPStan and Doc Check 2021-10-21 14:45:18 +01:00			`'notes_fn' => fn () => Note::getAllNotes(VisibilityScope::$instance_scope),`
[USER][UI][AUTHENTICATION] Add registration form 2020-07-25 03:06:55 +01:00			`];`
			`}`
[UI][SESSION] Add login and logout pages 2020-07-22 02:58:25 +01:00			`}`