football2801/pictureFrame
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(story-1.3): user registration with auto-login and inline validation
CI / test (push) Has been cancelled
Details

Browse Source 
- RegistrationFormType: email + plainPassword, NotBlank/Email/Length(min=8) constraints
- SecurityController: register action hashes password, persists user, auto-logs in via Security::login()
- User entity: UniqueEntity constraint — "An account with this email already exists"
- Register Twig template: inline errors per field (role=alert), blur-validation JS
  (client fires on blur not keystroke; server-error flag prevents blur clobbering server messages)
- csrf.yaml: switched from stateless UX-dependent tokens to standard session CSRF
  (stateless token IDs require Stimulus JS to inject the real value — we removed Stimulus)

Verified: happy path → 302 + auto-login; duplicate email → 422 + inline error;
          short password → 422 + inline error

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Matt Edholm
2026-04-27 23:25:42 -04:00
parent a957c5cdd0
commit 85363e98bd
5 changed files with 248 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
templates/security/register.html.twig
+163 -1
View File
@@ -4,8 +4,170 @@
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Create account — pictureFrame</title>
<style>
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
body {
font-family: system-ui, sans-serif;
display: flex;
align-items: center;
justify-content: center;
min-height: 100dvh;
background: #fdf6ee;
color: #3a2e22;
}
.card {
width: 100%;
max-width: 380px;
margin: 1rem;
padding: 2rem;
background: #fff9f2;
border-radius: 16px;
border: 1px solid #e8d9c4;
}
h1 { font-size: 1.4rem; font-weight: 700; margin-bottom: 1.5rem; }
.field { margin-bottom: 1rem; }
label { display: block; font-size: 0.8125rem; font-weight: 600; color: #8a7060; margin-bottom: 0.375rem; }
input[type="email"],
input[type="password"] {
width: 100%;
min-height: 44px;
padding: 0 0.875rem;
border: 1px solid #e8d9c4;
border-radius: 10px;
background: #fff;
font-size: 1rem;
color: #3a2e22;
transition: border-color 0.15s;
}
input:focus { outline: none; border-color: #c97c3a; }
input[aria-invalid="true"] { border-color: #c0392b; }
.field-error {
margin-top: 0.25rem;
font-size: 0.8125rem;
color: #c0392b;
min-height: 1.2em;
}
.field-error:empty { display: none; }
.btn {
display: flex;
align-items: center;
justify-content: center;
width: 100%;
min-height: 44px;
margin-top: 1.25rem;
padding: 0 1.25rem;
background: #c97c3a;
color: #fff;
border: none;
border-radius: 9999px;
font-size: 1rem;
font-weight: 700;
cursor: pointer;
transition: opacity 0.15s;
}
.btn:hover { opacity: 0.9; }
.login-link { display: block; text-align: center; margin-top: 1rem; font-size: 0.875rem; color: #8a7060; }
.login-link a { color: #c97c3a; text-decoration: none; font-weight: 600; }
</style>
</head>
<body>
<p>Registration — Story 1.3</p>
<div class="card">
<h1>Create account</h1>
{{ form_start(form, {attr: {novalidate: 'novalidate', id: 'reg-form'}}) }}
<div class="field">
{{ form_label(form.email) }}
{{ form_widget(form.email, {attr: {
id: 'reg-email',
autocomplete: 'email',
'aria-describedby': 'reg-email-error',
'aria-invalid': form.email.vars.errors|length > 0 ? 'true' : 'false'
}}) }}
<p id="reg-email-error" class="field-error" role="alert">
{% for error in form.email.vars.errors %}{{ error.message }}{% endfor %}
</p>
</div>
<div class="field">
{{ form_label(form.plainPassword) }}
{{ form_widget(form.plainPassword, {attr: {
id: 'reg-password',
autocomplete: 'new-password',
'aria-describedby': 'reg-password-error',
'aria-invalid': form.plainPassword.vars.errors|length > 0 ? 'true' : 'false'
}}) }}
<p id="reg-password-error" class="field-error" role="alert">
{% for error in form.plainPassword.vars.errors %}{{ error.message }}{% endfor %}
</p>
</div>
<button type="submit" class="btn">Create account</button>
{{ form_end(form) }}
<p class="login-link">Already have an account? <a href="/login">Sign in</a></p>
</div>
<script>
(function () {
var form = document.getElementById('reg-form');
var emailInput = document.getElementById('reg-email');
var emailError = document.getElementById('reg-email-error');
var pwInput = document.getElementById('reg-password');
var pwError = document.getElementById('reg-password-error');
function validateEmail() {
// Only run client-side validation when there is no server-side error already shown
if (emailError.dataset.serverError) return;
var val = emailInput.value.trim();
if (!val) {
setError(emailInput, emailError, 'Please enter your email address');
} else if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(val)) {
setError(emailInput, emailError, 'Please enter a valid email address');
} else {
clearError(emailInput, emailError);
}
}
function validatePassword() {
if (pwError.dataset.serverError) return;
var val = pwInput.value;
if (!val) {
setError(pwInput, pwError, 'Please enter a password');
} else if (val.length < 8) {
setError(pwInput, pwError, 'Your password must be at least 8 characters');
} else {
clearError(pwInput, pwError);
}
}
function setError(input, errorEl, message) {
input.setAttribute('aria-invalid', 'true');
errorEl.textContent = message;
}
function clearError(input, errorEl) {
input.setAttribute('aria-invalid', 'false');
errorEl.textContent = '';
}
// Mark existing server errors so client-side blur doesn't clobber them
if (emailError.textContent.trim()) emailError.dataset.serverError = '1';
if (pwError.textContent.trim()) pwError.dataset.serverError = '1';
// Clear server-error flag once user starts typing
emailInput.addEventListener('input', function () { delete emailError.dataset.serverError; });
pwInput.addEventListener('input', function () { delete pwError.dataset.serverError; });
emailInput.addEventListener('blur', validateEmail);
pwInput.addEventListener('blur', validatePassword);
form.addEventListener('submit', function () {
validateEmail();
validatePassword();
});
}());
</script>
</body>
</html>