pixelfed/app/Http/Controllers/Auth/RegisterController.php

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\User;
use Purify;
use App\Util\Lexer\RestrictedNames;
use Illuminate\Foundation\Auth\RegistersUsers;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;
use Illuminate\Auth\Events\Registered;
use Illuminate\Http\Request;
use App\Services\EmailService;
use App\Services\BouncerService;

class RegisterController extends Controller
{
	/*
	|--------------------------------------------------------------------------
	| Register Controller
	|--------------------------------------------------------------------------
	|
	| This controller handles the registration of new users as well as their
	| validation and creation. By default this controller uses a trait to
	| provide this functionality without requiring any additional code.
	|
	*/

	use RegistersUsers;

	/**
	 * Where to redirect users after registration.
	 *
	 * @var string
	 */
	protected $redirectTo = '/i/web';

	/**
	 * Create a new controller instance.
	 *
	 * @return void
	 */
	public function __construct()
	{
		$this->middleware('guest');
	}

	public function getRegisterToken()
	{
		return \Cache::remember('pf:register:rt', 900, function() {
			return str_random(40);
		});
	}

	/**
	 * Get a validator for an incoming registration request.
	 *
	 * @param array $data
	 *
	 * @return \Illuminate\Contracts\Validation\Validator
	 */
	public function validator(array $data)
	{
		if(config('database.default') == 'pgsql') {
			$data['username'] = strtolower($data['username']);
			$data['email'] = strtolower($data['email']);
		}

		$usernameRules = [
			'required',
			'min:2',
			'max:15',
			'unique:users',
			function ($attribute, $value, $fail) {
				$dash = substr_count($value, '-');
				$underscore = substr_count($value, '_');
				$period = substr_count($value, '.');

				if(ends_with($value, ['.php', '.js', '.css'])) {
					return $fail('Username is invalid.');
				}

				if(($dash + $underscore + $period) > 1) {
					return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
				}

				if (!ctype_alnum($value[0])) {
					return $fail('Username is invalid. Must start with a letter or number.');
				}

				if (!ctype_alnum($value[strlen($value) - 1])) {
					return $fail('Username is invalid. Must end with a letter or number.');
				}

				$val = str_replace(['_', '.', '-'], '', $value);
				if(!ctype_alnum($val)) {
					return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
				}

				$restricted = RestrictedNames::get();
				if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
					return $fail('Username cannot be used.');
				}
			},
		];

		$emailRules = [
			'required',
			'string',
			'email',
			'max:255',
			'unique:users',
			function ($attribute, $value, $fail) {
				$banned = EmailService::isBanned($value);
				if($banned) {
					return $fail('Email is invalid.');
				}
			},
		];

		$rt = [
			'required',
			function ($attribute, $value, $fail) {
				if($value !== $this->getRegisterToken()) {
					return $fail('Something went wrong');
				}
			}
		];

		$rules = [
			'agecheck' => 'required|accepted',
			'rt' 	   => $rt,
			'name'     => 'nullable|string|max:'.config('pixelfed.max_name_length'),
			'username' => $usernameRules,
			'email'    => $emailRules,
			'password' => 'required|string|min:'.config('pixelfed.min_password_length').'|confirmed',
		];

		if(config('captcha.enabled') || config('captcha.active.register')) {
			$rules['h-captcha-response'] = 'required|captcha';
		}

		return Validator::make($data, $rules);
	}

	/**
	 * Create a new user instance after a valid registration.
	 *
	 * @param array $data
	 *
	 * @return \App\User
	 */
	public function create(array $data)
	{
		if(config('database.default') == 'pgsql') {
			$data['username'] = strtolower($data['username']);
			$data['email'] = strtolower($data['email']);
		}

		return User::create([
			'name'     => Purify::clean($data['name']),
			'username' => $data['username'],
			'email'    => $data['email'],
			'password' => Hash::make($data['password']),
			'app_register_ip' => request()->ip()
		]);
	}

	/**
	 * Show the application registration form.
	 *
	 * @return \Illuminate\Http\Response
	 */
	public function showRegistrationForm()
	{
		if((bool) config_cache('pixelfed.open_registration')) {
			if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
				abort_if(BouncerService::checkIp(request()->ip()), 404);
			}
			$hasLimit = config('pixelfed.enforce_max_users');
			if($hasLimit) {
				$limit = config('pixelfed.max_users');
				$count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count();
				if($limit <= $count) {
					return redirect(route('help.instance-max-users-limit'));
				}
				abort_if($limit <= $count, 404);
				return view('auth.register');
			} else {
				return view('auth.register');
			}
		} else {
			if((bool) config_cache('instance.curated_registration.enabled') && config('instance.curated_registration.state.fallback_on_closed_reg')) {
				return redirect('/auth/sign_up');
			} else {
				abort(404);
			}
		}
	}

	/**
	 * Handle a registration request for the application.
	 *
	 * @param  \Illuminate\Http\Request  $request
	 * @return \Illuminate\Http\Response
	 */
	public function register(Request $request)
	{
		abort_if(config_cache('pixelfed.open_registration') == false, 400);

		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
			abort_if(BouncerService::checkIp($request->ip()), 404);
		}

		$hasLimit = config('pixelfed.enforce_max_users');
		if($hasLimit) {
			$count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count();
			$limit = config('pixelfed.max_users');

    		if($limit && $limit <= $count) {
    			return redirect(route('help.instance-max-users-limit'));
    		}
		}


		$this->validator($request->all())->validate();

		event(new Registered($user = $this->create($request->all())));

		$this->guard()->login($user);

		return $this->registered($request, $user)
			?: redirect($this->redirectPath());
	}
}
Add Laravel Framework 2018-04-15 23:56:48 +00:00			`<?php`

			`namespace App\Http\Controllers\Auth;`

Apply fixes from StyleCI 2018-08-28 03:07:36 +00:00			`use App\Http\Controllers\Controller;`
Add Laravel Framework 2018-04-15 23:56:48 +00:00			`use App\User;`
Update v1.1 api, add post moderation endpoint 2023-02-24 04:51:27 +00:00			`use Purify;`
Update RegisterController, validate username against restricted names 2018-04-29 16:29:38 +00:00			`use App\Util\Lexer\RestrictedNames;`
Apply fixes from StyleCI 2018-08-28 03:07:36 +00:00			`use Illuminate\Foundation\Auth\RegistersUsers;`
Add Laravel Framework 2018-04-15 23:56:48 +00:00			`use Illuminate\Support\Facades\Hash;`
			`use Illuminate\Support\Facades\Validator;`
Update RegisterController 2018-10-24 17:56:56 +00:00			`use Illuminate\Auth\Events\Registered;`
			`use Illuminate\Http\Request;`
Update Auth controller 2019-08-09 19:33:02 +00:00			`use App\Services\EmailService;`
Add cloud ip bans to BouncerService 2023-04-20 07:08:54 +00:00			`use App\Services\BouncerService;`
Add Laravel Framework 2018-04-15 23:56:48 +00:00
			`class RegisterController extends Controller`
			`{`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Register Controller`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| This controller handles the registration of new users as well as their`
			`\| validation and creation. By default this controller uses a trait to`
			`\| provide this functionality without requiring any additional code.`
			`\|`
			`*/`

			`use RegistersUsers;`

			`/**`
			`* Where to redirect users after registration.`
			`*`
			`* @var string`
			`*/`
Improve onboarding 2022-01-25 06:26:38 +00:00			`protected $redirectTo = '/i/web';`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00
			`/**`
			`* Create a new controller instance.`
			`*`
			`* @return void`
			`*/`
			`public function __construct()`
			`{`
			`$this->middleware('guest');`
			`}`

Update RegisterController 2021-12-29 07:38:08 +00:00			`public function getRegisterToken()`
			`{`
			`return \Cache::remember('pf:register:rt', 900, function() {`
			`return str_random(40);`
			`});`
			`}`

Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`/**`
			`* Get a validator for an incoming registration request.`
			`*`
			`* @param array $data`
			`*`
			`* @return \Illuminate\Contracts\Validation\Validator`
			`*/`
Add Parental Controls feature 2024-01-11 08:35:15 +00:00			`public function validator(array $data)`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`{`
			`if(config('database.default') == 'pgsql') {`
			`$data['username'] = strtolower($data['username']);`
			`$data['email'] = strtolower($data['email']);`
			`}`

			`$usernameRules = [`
			`'required',`
			`'min:2',`
			`'max:15',`
			`'unique:users',`
			`function ($attribute, $value, $fail) {`
			`$dash = substr_count($value, '-');`
			`$underscore = substr_count($value, '_');`
			`$period = substr_count($value, '.');`

			`if(ends_with($value, ['.php', '.js', '.css'])) {`
			`return $fail('Username is invalid.');`
			`}`

			`if(($dash + $underscore + $period) > 1) {`
			`return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');`
			`}`

Fix starting check of username to allow numbers. The check for the first letter of username used to be !ctype_alpha, but the error message says "Must start with a letter or number." Updated check to be !ctype_alnum, to be coherent with the error message. 2021-09-17 05:36:30 +00:00			`if (!ctype_alnum($value[0])) {`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`return $fail('Username is invalid. Must start with a letter or number.');`
			`}`

			`if (!ctype_alnum($value[strlen($value) - 1])) {`
			`return $fail('Username is invalid. Must end with a letter or number.');`
			`}`

			`$val = str_replace(['_', '.', '-'], '', $value);`
			`if(!ctype_alnum($val)) {`
			`return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');`
			`}`

			`$restricted = RestrictedNames::get();`
			`if (in_array(strtolower($value), array_map('strtolower', $restricted))) {`
			`return $fail('Username cannot be used.');`
			`}`
			`},`
			`];`

			`$emailRules = [`
			`'required',`
			`'string',`
			`'email',`
			`'max:255',`
			`'unique:users',`
			`function ($attribute, $value, $fail) {`
			`$banned = EmailService::isBanned($value);`
			`if($banned) {`
			`return $fail('Email is invalid.');`
			`}`
			`},`
			`];`

Update RegisterController 2021-12-29 07:38:08 +00:00			`$rt = [`
			`'required',`
			`function ($attribute, $value, $fail) {`
			`if($value !== $this->getRegisterToken()) {`
			`return $fail('Something went wrong');`
			`}`
			`}`
			`];`

Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`$rules = [`
			`'agecheck' => 'required\|accepted',`
Update RegisterController 2021-12-29 07:38:08 +00:00			`'rt' => $rt,`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`'name' => 'nullable\|string\|max:'.config('pixelfed.max_name_length'),`
			`'username' => $usernameRules,`
			`'email' => $emailRules,`
			`'password' => 'required\|string\|min:'.config('pixelfed.min_password_length').'\|confirmed',`
			`];`

Update login/register views and captcha config, enable login or register captchas or both 2023-05-23 09:52:34 +00:00			`if(config('captcha.enabled') \|\| config('captcha.active.register')) {`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`$rules['h-captcha-response'] = 'required\|captcha';`
			`}`

			`return Validator::make($data, $rules);`
			`}`

			`/**`
			`* Create a new user instance after a valid registration.`
			`*`
			`* @param array $data`
			`*`
			`* @return \App\User`
			`*/`
Add Parental Controls feature 2024-01-11 08:35:15 +00:00			`public function create(array $data)`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`{`
			`if(config('database.default') == 'pgsql') {`
			`$data['username'] = strtolower($data['username']);`
			`$data['email'] = strtolower($data['email']);`
			`}`

			`return User::create([`
Update v1.1 api, add post moderation endpoint 2023-02-24 04:51:27 +00:00			`'name' => Purify::clean($data['name']),`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`'username' => $data['username'],`
			`'email' => $data['email'],`
			`'password' => Hash::make($data['password']),`
Update RegisterController, store client ip during registration 2023-04-20 07:54:23 +00:00			`'app_register_ip' => request()->ip()`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`]);`
			`}`

			`/**`
			`* Show the application registration form.`
			`*`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function showRegistrationForm()`
			`{`
Add Curated Onboarding 2024-02-19 11:00:31 +00:00			`if((bool) config_cache('pixelfed.open_registration')) {`
Add cloud ip bans to BouncerService 2023-04-20 07:08:54 +00:00			`if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {`
			`abort_if(BouncerService::checkIp(request()->ip()), 404);`
			`}`
Update RegisterController 2023-06-20 11:03:49 +00:00			`$hasLimit = config('pixelfed.enforce_max_users');`
			`if($hasLimit) {`
			`$limit = config('pixelfed.max_users');`
[Fix] Don't count inactive accounts for registration blocking 2023-04-24 09:21:26 +00:00			`$count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count();`
Update RegisterController, improve max_users calculation and add kb page to redirect to if conditions are met 2023-04-24 09:58:34 +00:00			`if($limit <= $count) {`
			`return redirect(route('help.instance-max-users-limit'));`
			`}`
[Fix] Don't count inactive accounts for registration blocking 2023-04-24 09:21:26 +00:00			`abort_if($limit <= $count, 404);`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`return view('auth.register');`
			`} else {`
			`return view('auth.register');`
			`}`
			`} else {`
Add Curated Onboarding 2024-02-19 11:00:31 +00:00			`if((bool) config_cache('instance.curated_registration.enabled') && config('instance.curated_registration.state.fallback_on_closed_reg')) {`
			`return redirect('/auth/sign_up');`
			`} else {`
			`abort(404);`
			`}`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`}`
			`}`

			`/**`
			`* Handle a registration request for the application.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function register(Request $request)`
			`{`
			`abort_if(config_cache('pixelfed.open_registration') == false, 400);`

Add cloud ip bans to BouncerService 2023-04-20 07:08:54 +00:00			`if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {`
			`abort_if(BouncerService::checkIp($request->ip()), 404);`
			`}`

Update RegisterController 2023-06-20 11:03:49 +00:00			`$hasLimit = config('pixelfed.enforce_max_users');`
			`if($hasLimit) {`
			`$count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count();`
			`$limit = config('pixelfed.max_users');`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00
Update RegisterController 2023-06-20 11:03:49 +00:00			`if($limit && $limit <= $count) {`
			`return redirect(route('help.instance-max-users-limit'));`
			`}`
Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`}`

Update RegisterController 2023-06-20 11:03:49 +00:00
Update config() to config_cache() 2021-05-11 05:23:09 +00:00			`$this->validator($request->all())->validate();`

			`event(new Registered($user = $this->create($request->all())));`

			`$this->guard()->login($user);`

			`return $this->registered($request, $user)`
			`?: redirect($this->redirectPath());`
			`}`
Add Laravel Framework 2018-04-15 23:56:48 +00:00			`}`