feat(story-1.3): user registration with auto-login and inline validation
- RegistrationFormType: email + plainPassword, NotBlank/Email/Length(min=8) constraints
- SecurityController: register action hashes password, persists user, auto-logs in via Security::login()
- User entity: UniqueEntity constraint — "An account with this email already exists"
- Register Twig template: inline errors per field (role=alert), blur-validation JS
(client fires on blur not keystroke; server-error flag prevents blur clobbering server messages)
- csrf.yaml: switched from stateless UX-dependent tokens to standard session CSRF
(stateless token IDs require Stimulus JS to inject the real value — we removed Stimulus)
Verified: happy path → 302 + auto-login; duplicate email → 422 + inline error;
short password → 422 + inline error
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -4,8 +4,14 @@ declare(strict_types=1);
|
||||
|
||||
namespace App\Controller;
|
||||
|
||||
use App\Entity\User;
|
||||
use App\Form\RegistrationFormType;
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||
use Symfony\Bundle\SecurityBundle\Security;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
|
||||
use Symfony\Component\Routing\Attribute\Route;
|
||||
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
|
||||
|
||||
@@ -31,9 +37,35 @@ class SecurityController extends AbstractController
|
||||
}
|
||||
|
||||
#[Route('/register', name: 'app_register', methods: ['GET', 'POST'])]
|
||||
public function register(): Response
|
||||
{
|
||||
// Implemented in Story 1.3
|
||||
return $this->render('security/register.html.twig');
|
||||
public function register(
|
||||
Request $request,
|
||||
UserPasswordHasherInterface $hasher,
|
||||
EntityManagerInterface $em,
|
||||
Security $security,
|
||||
): Response {
|
||||
if ($this->getUser()) {
|
||||
return $this->redirectToRoute('spa');
|
||||
}
|
||||
|
||||
$user = new User();
|
||||
$form = $this->createForm(RegistrationFormType::class, $user);
|
||||
$form->handleRequest($request);
|
||||
|
||||
if ($form->isSubmitted() && $form->isValid()) {
|
||||
/** @var string $plainPassword */
|
||||
$plainPassword = $form->get('plainPassword')->getData();
|
||||
$user->setPassword($hasher->hashPassword($user, $plainPassword));
|
||||
|
||||
$em->persist($user);
|
||||
$em->flush();
|
||||
|
||||
$response = $security->login($user, 'form_login', 'main');
|
||||
|
||||
return $response ?? $this->redirectToRoute('spa');
|
||||
}
|
||||
|
||||
return $this->render('security/register.html.twig', [
|
||||
'form' => $form,
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user