football2801/pictureFrame-webApp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a302ac09b48db4cb885350f6cd4f6b2f4c175dcf
pictureFrame-webApp/config/packages/csrf.yaml
T
football2801 694843bdf0 feat(story-1.3): user registration with auto-login and inline validation 
- RegistrationFormType: email + plainPassword, NotBlank/Email/Length(min=8) constraints
- SecurityController: register action hashes password, persists user, auto-logs in via Security::login()
- User entity: UniqueEntity constraint — "An account with this email already exists"
- Register Twig template: inline errors per field (role=alert), blur-validation JS
  (client fires on blur not keystroke; server-error flag prevents blur clobbering server messages)
- csrf.yaml: switched from stateless UX-dependent tokens to standard session CSRF
  (stateless token IDs require Stimulus JS to inject the real value — we removed Stimulus)

Verified: happy path → 302 + auto-login; duplicate email → 422 + inline error;
          short password → 422 + inline error

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-27 23:25:42 -04:00

4 lines
51 B
YAML
Raw Blame History

framework:
form:
csrf_protection: true
Reference in New Issue View Git Blame Copy Permalink