diff --git a/assets/views/auth/register.html b/assets/views/auth/register.html index a9b3423..52ab0f5 100644 --- a/assets/views/auth/register.html +++ b/assets/views/auth/register.html @@ -22,6 +22,10 @@ {% if error == "exists" %} {{ ui::alert_danger(message=t(key="register-error-exists", lang=lang | default(value='sk')), extra="mt-3") }} + {% elif error == "mismatch" %} + {{ ui::alert_danger(message=t(key="set-password-mismatch", lang=lang | default(value='sk')), extra="mt-3") }} + {% elif error == "weak" %} + {{ ui::alert_danger(message=t(key="set-password-weak", lang=lang | default(value='sk')), extra="mt-3") }} {% elif error %} {{ ui::alert_danger(message=t(key="register-error-invalid", lang=lang | default(value='sk')), extra="mt-3") }} {% endif %} @@ -42,20 +46,12 @@ {{ t(key="account-type-locked", lang=lang | default(value='sk')) }} -
- - {{ ui::input(name="name", id="name", required=true, autocomplete="name", attrs="autofocus") }} -
-
- {{ ui::input(name="email", id="email", type="email", required=true, autocomplete="email") }} + {{ ui::input(name="email", id="email", type="email", required=true, autocomplete="email", attrs="autofocus") }}
@@ -66,6 +62,14 @@ {{ ui::input(name="password", id="password", type="password", required=true, autocomplete="new-password") }}
+
+ + {{ ui::input(name="password_confirm", id="password_confirm", type="password", required=true, autocomplete="new-password") }} +
+ {{ ui::button(label=t(key="register-submit", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full") }} diff --git a/src/controllers/auth_pages.rs b/src/controllers/auth_pages.rs index 9b0df32..3e7457a 100644 --- a/src/controllers/auth_pages.rs +++ b/src/controllers/auth_pages.rs @@ -106,13 +106,50 @@ async fn register_page( register_view(&v, &jar, None) } +/// Registration form. The name is no longer collected from the user — it is +/// derived from the email — and the password is entered twice to guard against +/// typos. +#[derive(Debug, serde::Deserialize)] +struct RegisterForm { + email: String, + password: String, + password_confirm: String, + #[serde(default)] + account_type: Option, +} + +/// Derive a display name from an email address (its local part), falling back to +/// the full address when the local part is too short for the name validator. +fn name_from_email(email: &str) -> String { + let local = email.split('@').next().unwrap_or("").trim(); + if local.chars().count() >= 2 { + local.to_string() + } else { + email.trim().to_string() + } +} + #[debug_handler] async fn register( jar: CookieJar, ViewEngine(v): ViewEngine, State(ctx): State, - Form(params): Form, + Form(form): Form, ) -> Result { + if form.password != form.password_confirm { + return register_view(&v, &jar, Some("mismatch")); + } + if form.password.len() < 8 { + return register_view(&v, &jar, Some("weak")); + } + + let params = RegisterParams { + name: name_from_email(&form.email), + email: form.email, + password: form.password, + account_type: form.account_type, + }; + let user = match users::Model::create_with_password(&ctx.db, ¶ms).await { Ok(user) => user, Err(ModelError::EntityAlreadyExists {}) => {