feat(story-1.3): user registration with auto-login and inline validation
CI / test (push) Has been cancelled
CI / test (push) Has been cancelled
- RegistrationFormType: email + plainPassword, NotBlank/Email/Length(min=8) constraints
- SecurityController: register action hashes password, persists user, auto-logs in via Security::login()
- User entity: UniqueEntity constraint — "An account with this email already exists"
- Register Twig template: inline errors per field (role=alert), blur-validation JS
(client fires on blur not keystroke; server-error flag prevents blur clobbering server messages)
- csrf.yaml: switched from stateless UX-dependent tokens to standard session CSRF
(stateless token IDs require Stimulus JS to inject the real value — we removed Stimulus)
Verified: happy path → 302 + auto-login; duplicate email → 422 + inline error;
short password → 422 + inline error
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,11 +1,3 @@
|
||||
# Enable stateless CSRF protection for forms and logins/logouts
|
||||
framework:
|
||||
form:
|
||||
csrf_protection:
|
||||
token_id: submit
|
||||
|
||||
csrf_protection:
|
||||
stateless_token_ids:
|
||||
- submit
|
||||
- authenticate
|
||||
- logout
|
||||
csrf_protection: true
|
||||
|
||||
Reference in New Issue
Block a user