[SECURITY][DB] Make user register 'atomic', by using a single transaction for inserting all objects, to avoid partial inserts

2021-04-23 12:54:25 +00:00
parent 77655c1248
commit 7a90e844b7
2 changed files with 26 additions and 11 deletions
--- a/src/Controller/Security.php
+++ b/src/Controller/Security.php
@@ -93,17 +93,19 @@ class Security extends Controller

            try {
                $actor = GSActor::create(['nickname' => $data['nickname']]);
-                DB::persist($actor);
-                DB::flush();
-                $id   = $actor->getId();
-                $user = LocalUser::create([
-                    'id'             => $id,
+                $user  = LocalUser::create([
                    'nickname'       => $data['nickname'],
                    'outgoing_email' => $data['email'],
                    'incoming_email' => $data['email'],
                    'password'       => LocalUser::hashPassword($data['password']),
                ]);
-                DB::persist($user);
+                DB::persistWithSameId(
+                    $actor,
+                    $user,
+                    // Self follow
+                    fn (int $id) => DB::persist(Follow::create(['follower' => $id, 'followed' => $id]))
+                );
+                DB::flush();
            } catch (UniqueConstraintViolationException $e) {
                throw new NicknameTakenException;
            }
@@ -123,11 +125,6 @@ class Security extends Controller
                $user->setIsEmailVerified(true);
            }

-            // Self follow
-            $follow = Follow::create(['follower' => $id, 'followed' => $id]);
-            DB::persist($follow);
-            DB::flush();
-
            return $guard_handler->authenticateUserAndHandleSuccess(
                $user,
                $request,