Ensure register records aren't created with uid = 0

- uid = 0 matches system account and public contact records, giving unexpected display in pending user list. More importantly, the originally created user can't be approved since its user id is lost.
This commit is contained in:
Hypolite Petovan 2022-11-18 16:04:02 -05:00
parent c07af2a0ed
commit 6460218c0e
2 changed files with 28 additions and 11 deletions

View File

@ -23,6 +23,7 @@ namespace Friendica\Model;
use Friendica\Content\Pager; use Friendica\Content\Pager;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Network\HTTPException;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings; use Friendica\Util\Strings;
@ -113,21 +114,27 @@ class Register
} }
/** /**
* Creates a register record for approval and returns the success of the database insert * Creates a register record for approval
* Checks for the existence of the provided user id * Checks for the existence of the provided user id
* *
* @param integer $uid The ID of the user needing approval * @param integer $uid The ID of the user needing approval
* @param string $language The registration language * @param string $language The registration language
* @param string $note An additional message from the user * @param string $note An additional message from the user
* @return boolean * @return void
* @throws \Exception * @throws \OutOfBoundsException
* @throws HTTPException\InternalServerErrorException
* @throws HTTPException\NotFoundException
*/ */
public static function createForApproval(int $uid, string $language, string $note = ''): bool public static function createForApproval(int $uid, string $language, string $note = ''): void
{ {
$hash = Strings::getRandomHex(); $hash = Strings::getRandomHex();
if (!$uid) {
throw new \OutOfBoundsException("User ID can't be empty");
}
if (!User::exists($uid)) { if (!User::exists($uid)) {
return false; throw new HTTPException\NotFoundException("User ID doesn't exist");
} }
$fields = [ $fields = [
@ -139,7 +146,9 @@ class Register
'note' => $note 'note' => $note
]; ];
return DBA::insert('register', $fields); if (!DBA::insert('register', $fields)) {
throw new HTTPException\InternalServerErrorException('Unable to insert a `register` record');
}
} }
/** /**

View File

@ -353,6 +353,7 @@ class Register extends BaseModule
} }
} elseif (intval(DI::config()->get('config', 'register_policy')) === self::APPROVE) { } elseif (intval(DI::config()->get('config', 'register_policy')) === self::APPROVE) {
if (!User::getAdminEmailList()) { if (!User::getAdminEmailList()) {
$this->logger->critical('Registration policy is set to APPROVE but no admin email address has been set in config.admin_email');
DI::sysmsg()->addNotice(DI::l10n()->t('Your registration can not be processed.')); DI::sysmsg()->addNotice(DI::l10n()->t('Your registration can not be processed.'));
DI::baseUrl()->redirect(); DI::baseUrl()->redirect();
} }
@ -362,10 +363,17 @@ class Register extends BaseModule
DI::sysmsg()->addNotice(DI::l10n()->t('You have to leave a request note for the admin.') DI::sysmsg()->addNotice(DI::l10n()->t('You have to leave a request note for the admin.')
. DI::l10n()->t('Your registration can not be processed.')); . DI::l10n()->t('Your registration can not be processed.'));
DI::baseUrl()->redirect('register/'); $this->baseUrl->redirect('register');
} }
Model\Register::createForApproval($user['uid'], DI::config()->get('system', 'language'), $_POST['permonlybox']); try {
Model\Register::createForApproval($user['uid'], DI::config()->get('system', 'language'), $_POST['permonlybox']);
} catch (\Throwable $e) {
$this->logger->error('Unable to create a `register` record.', ['user' => $user]);
DI::sysmsg()->addNotice(DI::l10n()->t('An internal error occured.')
. DI::l10n()->t('Your registration can not be processed.'));
$this->baseUrl->redirect('register');
}
// invite system // invite system
if ($using_invites && $invite_id) { if ($using_invites && $invite_id) {