mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-07-30 05:00:56 +02:00
Code Issues Releases Wiki Activity

Move password confirmation validation to frontends

Browse Source 
Since this is not strictly speaking a domain invariant, but rather
specific to the user interface where passwords are not displayed, and
should therefore be entered twice to prevent mistakes going unnoticed,
this stuff should be checked in the frontend, not in the install steps.

Next step: Ensure that all domain-specific validation is done in the
installer's domain layer. This will ensure these validations cannot be
forgotten, and keep the frontends DRY.
This commit is contained in:
Franz Liedke
2019-01-26 00:51:28 +01:00
parent 0879829dc4
commit 0a59b7164e
6 changed files with 90 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
src/Install/Controller/InstallController.php
View File

@@ -14,6 +14,7 @@ namespace Flarum\Install\Controller;
use Flarum\Http\SessionAuthenticator;
use Flarum\Install\Installation;
use Flarum\Install\StepFailed;
use Flarum\Install\ValidationFailed;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface;
@@ -59,32 +60,35 @@ class InstallController implements RequestHandlerInterface
$baseUrl = rtrim((string) $request->getUri(), '/');
$pipeline = $this->installation
->baseUrl($baseUrl)
->databaseConfig([
'driver' => 'mysql',
'host' => $host,
'port' => $port,
'database' => array_get($input, 'mysqlDatabase'),
'username' => array_get($input, 'mysqlUsername'),
'password' => array_get($input, 'mysqlPassword'),
'charset' => 'utf8mb4',
'collation' => 'utf8mb4_unicode_ci',
'prefix' => array_get($input, 'tablePrefix'),
'strict' => false,
])
->adminUser([
'username' => array_get($input, 'adminUsername'),
'password' => array_get($input, 'adminPassword'),
'password_confirmation' => array_get($input, 'adminPasswordConfirmation'),
'email' => array_get($input, 'adminEmail'),
])
->settings([
'forum_title' => array_get($input, 'forumTitle'),
'mail_from' => 'noreply@'.preg_replace('/^www\./i', '', parse_url($baseUrl, PHP_URL_HOST)),
'welcome_title' => 'Welcome to '.array_get($input, 'forumTitle'),
])
->build();
try {
$pipeline = $this->installation
->baseUrl($baseUrl)
->databaseConfig([
'driver' => 'mysql',
'host' => $host,
'port' => $port,
'database' => array_get($input, 'mysqlDatabase'),
'username' => array_get($input, 'mysqlUsername'),
'password' => array_get($input, 'mysqlPassword'),
'charset' => 'utf8mb4',
'collation' => 'utf8mb4_unicode_ci',
'prefix' => array_get($input, 'tablePrefix'),
'strict' => false,
])
->adminUser([
'username' => array_get($input, 'adminUsername'),
'password' => $this->getConfirmedAdminPassword($input),
'email' => array_get($input, 'adminEmail'),
])
->settings([
'forum_title' => array_get($input, 'forumTitle'),
'mail_from' => 'noreply@'.preg_replace('/^www\./i', '', parse_url($baseUrl, PHP_URL_HOST)),
'welcome_title' => 'Welcome to '.array_get($input, 'forumTitle'),
])
->build();
} catch (ValidationFailed $e) {
return new Response\HtmlResponse($e->getMessage(), 500);
}
try {
$pipeline->run();
@@ -97,4 +101,16 @@ class InstallController implements RequestHandlerInterface
return new Response\EmptyResponse;
}
private function getConfirmedAdminPassword(array $input)
{
$password = array_get($input, 'adminPassword');
$confirmation = array_get($input, 'adminPasswordConfirmation');
if ($password !== $confirmation) {
throw new ValidationFailed('The admin password did not match its confirmation.');
}
return $password;
}
}