diff options
| -rw-r--r-- | app/Access/Controllers/RegisterController.php | 3 | ||||
| -rw-r--r-- | app/Access/RegistrationService.php | 6 | ||||
| -rw-r--r-- | tests/Auth/RegistrationTest.php | 24 |
3 files changed, 28 insertions, 5 deletions
diff --git a/app/Access/Controllers/RegisterController.php b/app/Access/Controllers/RegisterController.php index e9812aa5d..f0261fba8 100644 --- a/app/Access/Controllers/RegisterController.php +++ b/app/Access/Controllers/RegisterController.php @@ -48,8 +48,7 @@ class RegisterController extends Controller public function postRegister(Request $request) { $this->registrationService->ensureRegistrationAllowed(); - $this->validator($request->all())->validate(); - $userData = $request->all(); + $userData = $this->validator($request->all())->validate(); try { $user = $this->registrationService->registerUser($userData); diff --git a/app/Access/RegistrationService.php b/app/Access/RegistrationService.php index 68992fbc6..e47479e79 100644 --- a/app/Access/RegistrationService.php +++ b/app/Access/RegistrationService.php @@ -83,7 +83,7 @@ class RegistrationService // Email restriction $this->ensureEmailDomainAllowed($userEmail); - // Ensure user does not already exist + // Ensure the user does not already exist $alreadyUser = !is_null($this->userRepo->getByEmail($userEmail)); if ($alreadyUser) { throw new UserRegistrationException(trans('errors.error_user_exists_different_creds', ['email' => $userEmail]), '/login'); @@ -99,7 +99,7 @@ class RegistrationService $newUser = $this->userRepo->createWithoutActivity($userData, $emailConfirmed); $newUser->attachDefaultRole(); - // Assign social account if given + // Assign a social account if given if ($socialAccount) { $newUser->socialAccounts()->save($socialAccount); } @@ -107,7 +107,7 @@ class RegistrationService Activity::add(ActivityType::AUTH_REGISTER, $socialAccount ?? $newUser); Theme::dispatch(ThemeEvents::AUTH_REGISTER, $authSystem, $newUser); - // Start email confirmation flow if required + // Start the email confirmation flow if required if ($this->emailConfirmationService->confirmationRequired() && !$emailConfirmed) { $newUser->save(); diff --git a/tests/Auth/RegistrationTest.php b/tests/Auth/RegistrationTest.php index 2666fa3b4..e0d7c2626 100644 --- a/tests/Auth/RegistrationTest.php +++ b/tests/Auth/RegistrationTest.php @@ -188,6 +188,30 @@ class RegistrationTest extends TestCase $resp->assertSee('The password must be at least 8 characters.'); } + public function test_registration_input_filtered_to_validated_input() + { + $this->setSettings(['registration-enabled' => 'true']); + $roleIds = Role::all()->pluck('id')->toArray(); + + $resp = $this->post('/register', [ + 'name' => 'Barry', + 'email' => '[email protected]', + 'password' => 'superpassword', + 'password_confirmation' => 'superpassword', + 'external_auth_id' => 'ext5691284', + 'roles' => $roleIds, + ]); + + $resp->assertRedirect('/'); + + /** @var User $user */ + $user = auth()->user(); + $this->assertNotNull($user); + $this->assertFalse($user->isGuest()); + $this->assertEmpty($user->external_auth_id); + $this->assertEquals(0, $user->roles()->count()); + } + public function test_registration_simple_honeypot_active() { $this->setSettings(['registration-enabled' => 'true']); |