football2801
694843bdf0
- RegistrationFormType: email + plainPassword, NotBlank/Email/Length(min=8) constraints
- SecurityController: register action hashes password, persists user, auto-logs in via Security::login()
- User entity: UniqueEntity constraint — "An account with this email already exists"
- Register Twig template: inline errors per field (role=alert), blur-validation JS
(client fires on blur not keystroke; server-error flag prevents blur clobbering server messages)
- csrf.yaml: switched from stateless UX-dependent tokens to standard session CSRF
(stateless token IDs require Stimulus JS to inject the real value — we removed Stimulus)
Verified: happy path → 302 + auto-login; duplicate email → 422 + inline error;
short password → 422 + inline error
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>