Merge branch 'sec_26_03_2' into development

2026-05-04 18:08:46 +03:00 · 2026-03-23 11:24:07 +00:00
parent 1763ac550b 5763d26b17
commit 25790fd024
3 changed files with 28 additions and 5 deletions
--- a/app/Access/Controllers/RegisterController.php
+++ b/app/Access/Controllers/RegisterController.php
@@ -48,8 +48,7 @@ class RegisterController extends Controller
    public function postRegister(Request $request)
    {
        $this->registrationService->ensureRegistrationAllowed();
-        $this->validator($request->all())->validate();
-        $userData = $request->all();
+        $userData = $this->validator($request->all())->validate();

        try {
            $user = $this->registrationService->registerUser($userData);
--- a/app/Access/RegistrationService.php
+++ b/app/Access/RegistrationService.php
@@ -83,7 +83,7 @@ class RegistrationService
        // Email restriction
        $this->ensureEmailDomainAllowed($userEmail);

-        // Ensure user does not already exist
+        // Ensure the user does not already exist
        $alreadyUser = !is_null($this->userRepo->getByEmail($userEmail));
        if ($alreadyUser) {
            throw new UserRegistrationException(trans('errors.error_user_exists_different_creds', ['email' => $userEmail]), '/login');
@@ -99,7 +99,7 @@ class RegistrationService
        $newUser = $this->userRepo->createWithoutActivity($userData, $emailConfirmed);
        $newUser->attachDefaultRole();

-        // Assign social account if given
+        // Assign a social account if given
        if ($socialAccount) {
            $newUser->socialAccounts()->save($socialAccount);
        }
@@ -107,7 +107,7 @@ class RegistrationService
        Activity::add(ActivityType::AUTH_REGISTER, $socialAccount ?? $newUser);
        Theme::dispatch(ThemeEvents::AUTH_REGISTER, $authSystem, $newUser);

-        // Start email confirmation flow if required
+        // Start the email confirmation flow if required
        if ($this->emailConfirmationService->confirmationRequired() && !$emailConfirmed) {
            $newUser->save();

--- a/tests/Auth/RegistrationTest.php
+++ b/tests/Auth/RegistrationTest.php
@@ -188,6 +188,30 @@ class RegistrationTest extends TestCase
        $resp->assertSee('The password must be at least 8 characters.');
    }

+    public function test_registration_input_filtered_to_validated_input()
+    {
+        $this->setSettings(['registration-enabled' => 'true']);
+        $roleIds = Role::all()->pluck('id')->toArray();
+
+        $resp = $this->post('/register', [
+            'name'     => 'Barry',
+            'email'    => 'barry@example.com',
+            'password' => 'superpassword',
+            'password_confirmation' => 'superpassword',
+            'external_auth_id' => 'ext5691284',
+            'roles' => $roleIds,
+        ]);
+
+        $resp->assertRedirect('/');
+
+        /** @var User $user */
+        $user = auth()->user();
+        $this->assertNotNull($user);
+        $this->assertFalse($user->isGuest());
+        $this->assertEmpty($user->external_auth_id);
+        $this->assertEquals(0, $user->roles()->count());
+    }
+
    public function test_registration_simple_honeypot_active()
    {
        $this->setSettings(['registration-enabled' => 'true']);