diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index 7568fca09..230daea85 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -3,234 +3,239 @@ namespace App\Http\Controllers\Auth; use App\Http\Controllers\Controller; +use App\Services\BouncerService; +use App\Services\EmailService; use App\User; -use Purify; use App\Util\Lexer\RestrictedNames; +use Illuminate\Auth\Events\Registered; use Illuminate\Foundation\Auth\RegistersUsers; +use Illuminate\Http\Request; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Validator; -use Illuminate\Auth\Events\Registered; -use Illuminate\Http\Request; -use App\Services\EmailService; -use App\Services\BouncerService; +use Purify; class RegisterController extends Controller { - /* - |-------------------------------------------------------------------------- - | Register Controller - |-------------------------------------------------------------------------- - | - | This controller handles the registration of new users as well as their - | validation and creation. By default this controller uses a trait to - | provide this functionality without requiring any additional code. - | - */ + /* + |-------------------------------------------------------------------------- + | Register Controller + |-------------------------------------------------------------------------- + | + | This controller handles the registration of new users as well as their + | validation and creation. By default this controller uses a trait to + | provide this functionality without requiring any additional code. + | + */ - use RegistersUsers; + use RegistersUsers; - /** - * Where to redirect users after registration. - * - * @var string - */ - protected $redirectTo = '/i/web'; + /** + * Where to redirect users after registration. + * + * @var string + */ + protected $redirectTo = '/i/web'; - /** - * Create a new controller instance. - * - * @return void - */ - public function __construct() - { - $this->middleware('guest'); - } + /** + * Create a new controller instance. + * + * @return void + */ + public function __construct() + { + $this->middleware('guest'); + } - public function getRegisterToken() - { - return \Cache::remember('pf:register:rt', 900, function() { - return str_random(40); - }); - } + public function getRegisterToken() + { + return \Cache::remember('pf:register:rt', 900, function () { + return str_random(40); + }); + } - /** - * Get a validator for an incoming registration request. - * - * @param array $data - * - * @return \Illuminate\Contracts\Validation\Validator - */ - public function validator(array $data) - { - if(config('database.default') == 'pgsql') { - $data['username'] = strtolower($data['username']); - $data['email'] = strtolower($data['email']); - } + /** + * Get a validator for an incoming registration request. + * + * + * @return \Illuminate\Contracts\Validation\Validator + */ + public function validator(array $data) + { + if (config('database.default') == 'pgsql') { + $data['username'] = strtolower($data['username']); + $data['email'] = strtolower($data['email']); + } - $usernameRules = [ - 'required', - 'min:2', - 'max:15', - 'unique:users', - function ($attribute, $value, $fail) { - $dash = substr_count($value, '-'); - $underscore = substr_count($value, '_'); - $period = substr_count($value, '.'); + $usernameRules = [ + 'required', + 'min:2', + 'max:15', + 'unique:users', + function ($attribute, $value, $fail) { + $dash = substr_count($value, '-'); + $underscore = substr_count($value, '_'); + $period = substr_count($value, '.'); - if(ends_with($value, ['.php', '.js', '.css'])) { - return $fail('Username is invalid.'); - } + if (ends_with($value, ['.php', '.js', '.css'])) { + return $fail('Username is invalid.'); + } - if(($dash + $underscore + $period) > 1) { - return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).'); - } + if (($dash + $underscore + $period) > 1) { + return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).'); + } - if (!ctype_alnum($value[0])) { - return $fail('Username is invalid. Must start with a letter or number.'); - } + if (! ctype_alnum($value[0])) { + return $fail('Username is invalid. Must start with a letter or number.'); + } - if (!ctype_alnum($value[strlen($value) - 1])) { - return $fail('Username is invalid. Must end with a letter or number.'); - } + if (! ctype_alnum($value[strlen($value) - 1])) { + return $fail('Username is invalid. Must end with a letter or number.'); + } - $val = str_replace(['_', '.', '-'], '', $value); - if(!ctype_alnum($val)) { - return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).'); - } + $val = str_replace(['_', '.', '-'], '', $value); + if (! ctype_alnum($val)) { + return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).'); + } - $restricted = RestrictedNames::get(); - if (in_array(strtolower($value), array_map('strtolower', $restricted))) { - return $fail('Username cannot be used.'); - } - }, - ]; + if (! preg_match('/[a-zA-Z]/', $value)) { + return $fail('Username is invalid. Must contain at least one alphabetical character.'); + } - $emailRules = [ - 'required', - 'string', - 'email', - 'max:255', - 'unique:users', - function ($attribute, $value, $fail) { - $banned = EmailService::isBanned($value); - if($banned) { - return $fail('Email is invalid.'); - } - }, - ]; + $restricted = RestrictedNames::get(); + if (in_array(strtolower($value), array_map('strtolower', $restricted))) { + return $fail('Username cannot be used.'); + } + }, + ]; - $rt = [ - 'required', - function ($attribute, $value, $fail) { - if($value !== $this->getRegisterToken()) { - return $fail('Something went wrong'); - } - } - ]; + $emailRules = [ + 'required', + 'string', + 'email', + 'max:255', + 'unique:users', + function ($attribute, $value, $fail) { + $banned = EmailService::isBanned($value); + if ($banned) { + return $fail('Email is invalid.'); + } + }, + ]; - $rules = [ - 'agecheck' => 'required|accepted', - 'rt' => $rt, - 'name' => 'nullable|string|max:'.config('pixelfed.max_name_length'), - 'username' => $usernameRules, - 'email' => $emailRules, - 'password' => 'required|string|min:'.config('pixelfed.min_password_length').'|confirmed', - ]; + $rt = [ + 'required', + function ($attribute, $value, $fail) { + if ($value !== $this->getRegisterToken()) { + return $fail('Something went wrong'); + } + }, + ]; - if((bool) config_cache('captcha.enabled') && (bool) config_cache('captcha.active.register')) { - $rules['h-captcha-response'] = 'required|captcha'; - } + $rules = [ + 'agecheck' => 'required|accepted', + 'rt' => $rt, + 'name' => 'nullable|string|max:'.config('pixelfed.max_name_length'), + 'username' => $usernameRules, + 'email' => $emailRules, + 'password' => 'required|string|min:'.config('pixelfed.min_password_length').'|confirmed', + ]; - return Validator::make($data, $rules); - } + if ((bool) config_cache('captcha.enabled') && (bool) config_cache('captcha.active.register')) { + $rules['h-captcha-response'] = 'required|captcha'; + } - /** - * Create a new user instance after a valid registration. - * - * @param array $data - * - * @return \App\User - */ - public function create(array $data) - { - if(config('database.default') == 'pgsql') { - $data['username'] = strtolower($data['username']); - $data['email'] = strtolower($data['email']); - } + return Validator::make($data, $rules); + } - return User::create([ - 'name' => Purify::clean($data['name']), - 'username' => $data['username'], - 'email' => $data['email'], - 'password' => Hash::make($data['password']), - 'app_register_ip' => request()->ip() - ]); - } + /** + * Create a new user instance after a valid registration. + * + * + * @return \App\User + */ + public function create(array $data) + { + if (config('database.default') == 'pgsql') { + $data['username'] = strtolower($data['username']); + $data['email'] = strtolower($data['email']); + } - /** - * Show the application registration form. - * - * @return \Illuminate\Http\Response - */ - public function showRegistrationForm() - { - if((bool) config_cache('pixelfed.open_registration')) { - if(config('pixelfed.bouncer.cloud_ips.ban_signups')) { - abort_if(BouncerService::checkIp(request()->ip()), 404); - } - $hasLimit = config('pixelfed.enforce_max_users'); - if($hasLimit) { - $limit = config('pixelfed.max_users'); - $count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count(); - if($limit <= $count) { - return redirect(route('help.instance-max-users-limit')); - } - abort_if($limit <= $count, 404); - return view('auth.register'); - } else { - return view('auth.register'); - } - } else { - if((bool) config_cache('instance.curated_registration.enabled') && config('instance.curated_registration.state.fallback_on_closed_reg')) { - return redirect('/auth/sign_up'); - } else { - abort(404); - } - } - } + return User::create([ + 'name' => Purify::clean($data['name']), + 'username' => $data['username'], + 'email' => $data['email'], + 'password' => Hash::make($data['password']), + 'app_register_ip' => request()->ip(), + ]); + } - /** - * Handle a registration request for the application. - * - * @param \Illuminate\Http\Request $request - * @return \Illuminate\Http\Response - */ - public function register(Request $request) - { - abort_if(config_cache('pixelfed.open_registration') == false, 400); + /** + * Show the application registration form. + * + * @return \Illuminate\Http\Response + */ + public function showRegistrationForm() + { + if ((bool) config_cache('pixelfed.open_registration')) { + if (config('pixelfed.bouncer.cloud_ips.ban_signups')) { + abort_if(BouncerService::checkIp(request()->ip()), 404); + } + $hasLimit = config('pixelfed.enforce_max_users'); + if ($hasLimit) { + $limit = config('pixelfed.max_users'); + $count = User::where(function ($q) { + return $q->whereNull('status')->orWhereNotIn('status', ['deleted', 'delete']); + })->count(); + if ($limit <= $count) { + return redirect(route('help.instance-max-users-limit')); + } + abort_if($limit <= $count, 404); - if(config('pixelfed.bouncer.cloud_ips.ban_signups')) { - abort_if(BouncerService::checkIp($request->ip()), 404); - } + return view('auth.register'); + } else { + return view('auth.register'); + } + } else { + if ((bool) config_cache('instance.curated_registration.enabled') && config('instance.curated_registration.state.fallback_on_closed_reg')) { + return redirect('/auth/sign_up'); + } else { + abort(404); + } + } + } - $hasLimit = config('pixelfed.enforce_max_users'); - if($hasLimit) { - $count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count(); - $limit = config('pixelfed.max_users'); + /** + * Handle a registration request for the application. + * + * @return \Illuminate\Http\Response + */ + public function register(Request $request) + { + abort_if(config_cache('pixelfed.open_registration') == false, 400); - if($limit && $limit <= $count) { - return redirect(route('help.instance-max-users-limit')); - } - } + if (config('pixelfed.bouncer.cloud_ips.ban_signups')) { + abort_if(BouncerService::checkIp($request->ip()), 404); + } + $hasLimit = config('pixelfed.enforce_max_users'); + if ($hasLimit) { + $count = User::where(function ($q) { + return $q->whereNull('status')->orWhereNotIn('status', ['deleted', 'delete']); + })->count(); + $limit = config('pixelfed.max_users'); - $this->validator($request->all())->validate(); + if ($limit && $limit <= $count) { + return redirect(route('help.instance-max-users-limit')); + } + } - event(new Registered($user = $this->create($request->all()))); + $this->validator($request->all())->validate(); - $this->guard()->login($user); + event(new Registered($user = $this->create($request->all()))); - return $this->registered($request, $user) - ?: redirect($this->redirectPath()); - } + $this->guard()->login($user); + + return $this->registered($request, $user) + ?: redirect($this->redirectPath()); + } }