starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-05-04 18:08:46 +03:00
Code Issues 784 Packages Projects Releases 15 Wiki Activity

Merge branch 'sec_26_03_2' into development

Browse Source
This commit is contained in:
Dan Brown
2026-03-23 11:24:07 +00:00
parent 1763ac550b 5763d26b17
commit 25790fd024
3 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/Access/Controllers/RegisterController.php
View File

@@ -48,8 +48,7 @@ class RegisterController extends Controller
public function postRegister(Request $request) public function postRegister(Request $request)
{ {
$this->registrationService->ensureRegistrationAllowed(); $this->registrationService->ensureRegistrationAllowed();
$this->validator($request->all())->validate(); $userData = $this->validator($request->all())->validate();
$userData = $request->all();
try { try {
$user = $this->registrationService->registerUser($userData); $user = $this->registrationService->registerUser($userData);

6
app/Access/RegistrationService.php
View File

@@ -83,7 +83,7 @@ class RegistrationService
// Email restriction // Email restriction
$this->ensureEmailDomainAllowed($userEmail); $this->ensureEmailDomainAllowed($userEmail);
// Ensure user does not already exist // Ensure the user does not already exist
$alreadyUser = !is_null($this->userRepo->getByEmail($userEmail)); $alreadyUser = !is_null($this->userRepo->getByEmail($userEmail));
if ($alreadyUser) { if ($alreadyUser) {
throw new UserRegistrationException(trans('errors.error_user_exists_different_creds', ['email' => $userEmail]), '/login'); throw new UserRegistrationException(trans('errors.error_user_exists_different_creds', ['email' => $userEmail]), '/login');
@@ -99,7 +99,7 @@ class RegistrationService
$newUser = $this->userRepo->createWithoutActivity($userData, $emailConfirmed); $newUser = $this->userRepo->createWithoutActivity($userData, $emailConfirmed);
$newUser->attachDefaultRole(); $newUser->attachDefaultRole();
// Assign social account if given // Assign a social account if given
if ($socialAccount) { if ($socialAccount) {
$newUser->socialAccounts()->save($socialAccount); $newUser->socialAccounts()->save($socialAccount);
} }
@@ -107,7 +107,7 @@ class RegistrationService
Activity::add(ActivityType::AUTH_REGISTER, $socialAccount ?? $newUser); Activity::add(ActivityType::AUTH_REGISTER, $socialAccount ?? $newUser);
Theme::dispatch(ThemeEvents::AUTH_REGISTER, $authSystem, $newUser); Theme::dispatch(ThemeEvents::AUTH_REGISTER, $authSystem, $newUser);
// Start email confirmation flow if required // Start the email confirmation flow if required
if ($this->emailConfirmationService->confirmationRequired() && !$emailConfirmed) { if ($this->emailConfirmationService->confirmationRequired() && !$emailConfirmed) {
$newUser->save(); $newUser->save();

24
tests/Auth/RegistrationTest.php
View File

@@ -188,6 +188,30 @@ class RegistrationTest extends TestCase
$resp->assertSee('The password must be at least 8 characters.'); $resp->assertSee('The password must be at least 8 characters.');
} }
public function test_registration_input_filtered_to_validated_input()
{
$this->setSettings(['registration-enabled' => 'true']);
$roleIds = Role::all()->pluck('id')->toArray();
$resp = $this->post('/register', [
'name' => 'Barry',
'email' => 'barry@example.com',
'password' => 'superpassword',
'password_confirmation' => 'superpassword',
'external_auth_id' => 'ext5691284',
'roles' => $roleIds,
]);
$resp->assertRedirect('/');
/** @var User $user */
$user = auth()->user();
$this->assertNotNull($user);
$this->assertFalse($user->isGuest());
$this->assertEmpty($user->external_auth_id);
$this->assertEquals(0, $user->roles()->count());
}
public function test_registration_simple_honeypot_active() public function test_registration_simple_honeypot_active()
{ {
$this->setSettings(['registration-enabled' => 'true']); $this->setSettings(['registration-enabled' => 'true']);