25518434194

Committed 07 May 2026 07:49PM UTC coverage: 58.608% (-6.4%) from 64.989%

Build # 25518434194

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #47 from daycry/development

Implement security enhancements and new account features

Coverage Stats

277 of 1030 new or added lines in 55 files covered. (26.89%)

11 existing lines in 6 files now uncovered.

3544 of 6047 relevant lines covered (58.61%)

47.97 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/Controllers/RegisterController.php

<?php

declare(strict_types=1);

/**
 * This file is part of Daycry Auth.
 *
 * (c) Daycry <daycry9@proton.me>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace Daycry\Auth\Controllers;

use CodeIgniter\Events\Events;
use CodeIgniter\HTTP\RedirectResponse;
use CodeIgniter\HTTP\ResponseInterface;
use Daycry\Auth\Entities\User;
use Daycry\Auth\Exceptions\ValidationException;
use Daycry\Auth\Models\UserModel;
use Daycry\Auth\Validation\ValidationRules;

/**
 * Class RegisterController
 *
 * Handles displaying registration form,
 * and handling actual registration flow.
 */
class RegisterController extends BaseAuthController
{
    /**
     * Displays the registration form.
     */
    public function registerView(): ResponseInterface
    {
        // Check if already logged in
        if (($redirect = $this->redirectIfLoggedIn(config('Auth')->registerRedirect())) instanceof RedirectResponse) {
            return $redirect;
        }

        // Check if registration is allowed
        if (! setting('Auth.allowRegistration')) {
            return $this->handleError(
                $this->request->getUri()->getPath(),
                lang('Auth.registerDisabled'),
            );
        }

        // Check if there's a pending post-auth action
        if ($this->hasPostAuthAction()) {
            return $this->redirectToAuthAction();
        }

        $content = $this->view(setting('Auth.views')['register']);

        return $this->response->setBody($content);
    }

    /**
     * Attempts to register the user.
     */
    public function registerAction(): RedirectResponse
    {
        // Check if already logged in
        if (($redirect = $this->redirectIfLoggedIn(config('Auth')->registerRedirect())) instanceof RedirectResponse) {
            return $redirect;
        }

        // Check if registration is allowed
        if (! setting('Auth.allowRegistration')) {
            return $this->handleError(
                config('Auth')->registerRoute(),
                lang('Auth.registerDisabled'),
            );
        }

        // Validate input
        $rules    = $this->getValidationRules();
        $postData = $this->request->getPost();

        // Fire pre-register event before validation
        Events::trigger('pre-register', $postData);

        if (! $this->validateRequest($postData, $rules)) {
            return $this->handleValidationError(config('Auth')->registerRoute());
        }

        // Save the user
        $users             = $this->getUserProvider();
        $allowedPostFields = array_keys($rules);
        $user              = $this->getUserEntity();
        $user->fill($this->request->getPost($allowedPostFields));

        // Workaround for email only registration/login
        if ($user->username === null) {
            $user->username = null;
        }

        try {
            $users->save($user);
        } catch (ValidationException) {
            return $this->handleError(
                config('Auth')->registerRoute(),
                'Registration failed',
                true,
            )->with('errors', $users->errors());
        }

        // Get complete user object with ID
        $user = $users->findById($users->getInsertID());

        // Add to default group
        $users->addToDefaultGroup($user);

        Events::trigger('register', $user);

        // Start authentication process
        $authenticator = $this->getSessionAuthenticator();
        $authenticator->startLogin($user);

        // Check for post-registration action
        $hasAction = $authenticator->startUpAction('register', $user);
        if ($hasAction) {
            return $this->redirectToAuthAction();
        }

        // Set the user active and complete login
        $user->activate();
        $authenticator->completeLogin($user);

        return $this->handleSuccess(
            config('Auth')->registerRedirect(),
            lang('Auth.registerSuccess'),
        );
    }

    /**
     * Returns the User provider
     */
    protected function getUserProvider(): UserModel
    {
        $provider = model(setting('Auth.userProvider'));

        assert($provider instanceof UserModel, 'Config Auth.userProvider is not a valid UserProvider.');

        return $provider;
    }

    /**
     * Returns the Entity class that should be used
     */
    protected function getUserEntity(): User
    {
        return new User();
    }

    /**
     * Returns the rules that should be used for validation.
     *
     * @return         array<string, array<string, list<string>|string>>
     * @phpstan-return array<string, array<string, string|list<string>>>
     */
    protected function getValidationRules(): array
    {
        $rules = new ValidationRules();

        return $rules->getRegistrationRules();
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	/**
6	* This file is part of Daycry Auth.
7	*
8	* (c) Daycry <daycry9@proton.me>
9	*
10	* For the full copyright and license information, please view
11	* the LICENSE file that was distributed with this source code.
12	*/
13
14	namespace Daycry\Auth\Controllers;
15
16	use CodeIgniter\Events\Events;
17	use CodeIgniter\HTTP\RedirectResponse;
18	use CodeIgniter\HTTP\ResponseInterface;
19	use Daycry\Auth\Entities\User;
20	use Daycry\Auth\Exceptions\ValidationException;
21	use Daycry\Auth\Models\UserModel;
22	use Daycry\Auth\Validation\ValidationRules;
23
24	/**
25	* Class RegisterController
26	*
27	* Handles displaying registration form,
28	* and handling actual registration flow.
29	*/
30	class RegisterController extends BaseAuthController
31	{
32	/**
33	* Displays the registration form.
34	*/
35	public function registerView(): ResponseInterface	×
36	{
37	// Check if already logged in
38	if (($redirect = $this->redirectIfLoggedIn(config('Auth')->registerRedirect())) instanceof RedirectResponse) {	×
39	return $redirect;	×
40	}
41
42	// Check if registration is allowed
43	if (! setting('Auth.allowRegistration')) {	×
44	return $this->handleError(	×
45	$this->request->getUri()->getPath(),	×
46	lang('Auth.registerDisabled'),	×
47	);	×
48	}
49
50	// Check if there's a pending post-auth action
51	if ($this->hasPostAuthAction()) {	×
52	return $this->redirectToAuthAction();	×
53	}
54
55	$content = $this->view(setting('Auth.views')['register']);	×
56
57	return $this->response->setBody($content);	×
58	}
59
60	/**
61	* Attempts to register the user.
62	*/
63	public function registerAction(): RedirectResponse	×
64	{
65	// Check if already logged in
66	if (($redirect = $this->redirectIfLoggedIn(config('Auth')->registerRedirect())) instanceof RedirectResponse) {	×
67	return $redirect;	×
68	}
69
70	// Check if registration is allowed
71	if (! setting('Auth.allowRegistration')) {	×
72	return $this->handleError(	×
73	config('Auth')->registerRoute(),	×
74	lang('Auth.registerDisabled'),	×
75	);	×
76	}
77
78	// Validate input
79	$rules = $this->getValidationRules();	×
80	$postData = $this->request->getPost();	×
81
82	// Fire pre-register event before validation
83	Events::trigger('pre-register', $postData);	×
84
85	if (! $this->validateRequest($postData, $rules)) {	×
86	return $this->handleValidationError(config('Auth')->registerRoute());	×
87	}
88
89	// Save the user
90	$users = $this->getUserProvider();	×
91	$allowedPostFields = array_keys($rules);	×
92	$user = $this->getUserEntity();	×
93	$user->fill($this->request->getPost($allowedPostFields));	×
94
95	// Workaround for email only registration/login
96	if ($user->username === null) {	×
97	$user->username = null;	×
98	}
99
100	try {
101	$users->save($user);	×
NEW 102	} catch (ValidationException) {	×
103	return $this->handleError(	×
104	config('Auth')->registerRoute(),	×
105	'Registration failed',	×
106	true,	×
107	)->with('errors', $users->errors());	×
108	}
109
110	// Get complete user object with ID
111	$user = $users->findById($users->getInsertID());	×
112
113	// Add to default group
114	$users->addToDefaultGroup($user);	×
115
116	Events::trigger('register', $user);	×
117
118	// Start authentication process
119	$authenticator = $this->getSessionAuthenticator();	×
120	$authenticator->startLogin($user);	×
121
122	// Check for post-registration action
123	$hasAction = $authenticator->startUpAction('register', $user);	×
124	if ($hasAction) {	×
125	return $this->redirectToAuthAction();	×
126	}
127
128	// Set the user active and complete login
129	$user->activate();	×
130	$authenticator->completeLogin($user);	×
131
132	return $this->handleSuccess(	×
133	config('Auth')->registerRedirect(),	×
134	lang('Auth.registerSuccess'),	×
135	);	×
136	}
137
138	/**
139	* Returns the User provider
140	*/
141	protected function getUserProvider(): UserModel	×
142	{
143	$provider = model(setting('Auth.userProvider'));	×
144
145	assert($provider instanceof UserModel, 'Config Auth.userProvider is not a valid UserProvider.');	×
146
147	return $provider;	×
148	}
149
150	/**
151	* Returns the Entity class that should be used
152	*/
153	protected function getUserEntity(): User	×
154	{
155	return new User();	×
156	}
157
158	/**
159	* Returns the rules that should be used for validation.
160	*
161	* @return array<string, array<string, list<string>\|string>>
162	* @phpstan-return array<string, array<string, string\|list<string>>>
163	*/
164	protected function getValidationRules(): array	×
165	{
166	$rules = new ValidationRules();	×
167
168	return $rules->getRegistrationRules();	×
169	}
170	}

daycry / auth / 25518434194

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous