From 3779b9fe1deb3c244fd178bf80308173b5f18541 Mon Sep 17 00:00:00 2001
From: Manager Bot <manager@myjekyllblog.net>
Date: Mon, 14 Nov 2022 06:22:12 +0000
Subject: [PATCH] Refactor register.

---
 Web/lib/MJB/Web/Controller/Auth.pm  | 80 +++++++++++++++++++++++------
 Web/templates/auth/register.html.ep | 10 ++--
 2 files changed, 70 insertions(+), 20 deletions(-)

diff --git a/Web/lib/MJB/Web/Controller/Auth.pm b/Web/lib/MJB/Web/Controller/Auth.pm
index d93a73a..b68af83 100644
--- a/Web/lib/MJB/Web/Controller/Auth.pm
+++ b/Web/lib/MJB/Web/Controller/Auth.pm
@@ -6,18 +6,31 @@ use Email::Sender::Simple qw( sendmail );
 use Email::Sender::Transport::SMTP;
 use Email::MIME::Kit;
 
-sub show_register ( $c ) {
+#==
+# GET /register | show_register | templates/auth/register.html.ep
+#==
+sub register ( $c ) {
 
 }
 
+#==
+# POST /register | do_register
+#       name             | The name of the person who is registering an account
+#       email            | The email address of the person registering the account
+#       password         | The password they would like to use
+#       password_confirm | The same password again, in case they don't know it for sure
+#       invite           | An invite code -- required when config->{register}->{require_invite} is true
+#
+# Create an account for the user and login to that account once it has been created.
+#
+# If an invite code is used and is only valid once, it will be updated so it may no longer be used.
+#==
 sub do_register ( $c ) {
-    $c->stash->{template} = 'auth/register';
-    
-    my $name      = $c->stash->{form_name}             = $c->param('name');
-    my $email     = $c->stash->{form_email}            = $c->param('email');
-    my $password  = $c->stash->{form_password}         = $c->param('password');
-    my $p_confirm = $c->stash->{form_password_confirm} = $c->param('password_confirm');
-    my $invite    = $c->stash->{form_invite_code}      = $c->param('invite_code');
+    my $name      = $c->stash->{form}->{name}             = $c->param('name');
+    my $email     = $c->stash->{form}->{email}            = $c->param('email');
+    my $password  = $c->stash->{form}->{password}         = $c->param('password');
+    my $p_confirm = $c->stash->{form}->{password_confirm} = $c->param('password_confirm');
+    my $invite    = $c->stash->{form}->{invite_code}      = $c->param('invite_code');
 
     push @{$c->stash->{errors}}, "Name is required"             unless $name;
     push @{$c->stash->{errors}}, "Email is required"            unless $email;
@@ -28,7 +41,8 @@ sub do_register ( $c ) {
         push @{$c->stash->{errors}}, "Invite code is required" unless $invite;
     }
 
-    return if $c->stash->{errors};
+    return $c->redirect_error( 'show_register' )
+        if $c->stash->{errors};
 
     push @{$c->stash->{errors}}, "Password and confirm password must match"
         unless $p_confirm eq $password;
@@ -44,7 +58,8 @@ sub do_register ( $c ) {
             unless $c->db->invites( { code => $invite, is_active => 1 } )->count >= 1;
     }
     
-    return if $c->stash->{errors};
+    return $c->redirect_error( 'show_register' )
+        if $c->stash->{errors};
 
     my $person = try {
         $c->db->storage->schema->txn_do( sub {
@@ -53,19 +68,42 @@ sub do_register ( $c ) {
                 name      => $c->param('name'),
             });
             $person->new_related('auth_password', {})->set_password($c->param('password'));
+
+            # Notify the system about the new account.
+            $c->db->system_notes->create({
+                source => 'User Registration',
+                content => 'An account was created for ' . $person->email,
+            });
+
+            # If a one-time use invite code was used, invalidate it.
+            if ( $c->config->{register}->{require_invite} ) {
+                my $invite = $c->db->invites( { code => $invite, is_active => 1 } )->first;
+                if ( $invite->is_one_time_use ) {
+                    $invite->is_active( 0 );
+                    $invite->update;
+                }
+            }
+            
             return $person;
         });
     } catch {
         push @{$c->stash->{errors}}, "Account could not be created: $_";
     };
     
-    return if $c->stash->{errors};
+    return $c->redirect_error( 'show_register' )
+        if $c->stash->{errors};
 
+    # Log the user in and send them to the dashboard.
     $c->session->{uid} = $person->id;
-
-    $c->redirect_to( $c->url_for( 'dashboard' ) );
+    $c->redirect_to( $c->url_for( 'show_dashboard' ) );
 }
 
+#==
+# GET /login | show_login | templates/auth/login.html.ep
+#
+# If a user is already logged in, redirect them to the dashboard instead
+# of showing the login page.
+#==
 sub login ( $c ) {
     if ( $c->stash->{person} ) {
         $c->redirect_to( $c->url_for( 'show_dashboard' ) );
@@ -121,6 +159,15 @@ sub do_login ( $c ) {
     $c->redirect_to( $c->url_for( 'show_dashboard' ) );
 }
 
+#==
+# POST /logout | do_logout
+#
+# Log a user out of their account.
+#
+# If an admin has logged into a user's account through the admin_become interface,
+# then logging out will return the admin to their account instead of logging them
+# out completely.
+#==
 sub do_logout ( $c ) {
 
     # When an admin has impersonated a user, they'll have their uid
@@ -142,7 +189,10 @@ sub do_logout ( $c ) {
     $c->redirect_to( $c->url_for( 'show_homepage' ) );
 }
 
-sub show_forgot ( $c ) { }
+#==
+# GET /forgot | show_forgot | templates/auth/forgot.html.ep
+#==
+sub forgot ( $c ) { }
 
 sub do_forgot ( $c ) {
     $c->stash->{template} = 'auth/forgot';
@@ -177,7 +227,7 @@ sub do_forgot ( $c ) {
     $c->stash->{form_email} = '';
 }
 
-sub show_reset ( $c ) { }
+sub reset ( $c ) { }
 
 sub do_reset ( $c ) {
     $c->stash->{template} = 'auth/reset'; 
diff --git a/Web/templates/auth/register.html.ep b/Web/templates/auth/register.html.ep
index c5ce86e..7813886 100644
--- a/Web/templates/auth/register.html.ep
+++ b/Web/templates/auth/register.html.ep
@@ -9,32 +9,32 @@
     <%= include '_base/form/input', type => 'text', name => 'name', 
         title => 'Your name', 
         help  => '',
-        value => $c->stash->{form_name}
+        value => $c->stash->{form}->{name}
     %>
 
     <%= include '_base/form/input', type => 'email', name => 'email', 
         title => 'Email Address', 
         help  => '',
-        value => $c->stash->{form_email}
+        value => $c->stash->{form}->{email}
     %>
     
     <%= include '_base/form/input', type => 'password', name => 'password', 
         title => 'Password', 
         help  => '',
-        value => $c->stash->{form_password}
+        value => $c->stash->{form}->{password}
     %>
     
     <%= include '_base/form/input', type => 'password', name => 'password_confirm', 
         title => 'Confirm Password', 
         help  => '',
-        value => $c->stash->{form_password_confirm}
+        value => $c->stash->{form}->{password_confirm}
     %>
     
     % if ( $c->config->{register}->{require_invite} ) {
     <%= include '_base/form/input', type => 'text', name => 'invite_code', 
         title => 'Invitation Code', 
         help  => '',
-        value => $c->stash->{form_invite_code}
+        value => $c->stash->{form}->{invite_code}
     %>
     % }