Add account registration with signup policy acceptance
CI / Tests (PHP 8.1) (pull_request) Successful in 47s
CI / No Debug Code (pull_request) Successful in 2s
CI / Build Plugin Zip (pull_request) Has been skipped
CI / Coding Standards (pull_request) Successful in 52s
CI / PHPStan (pull_request) Successful in 1m1s
CI / Tests (PHP 8.2) (pull_request) Successful in 48s
CI / Tests (PHP 8.3) (pull_request) Successful in 45s
CI / Tests (PHP 8.1) (pull_request) Successful in 47s
CI / No Debug Code (pull_request) Successful in 2s
CI / Build Plugin Zip (pull_request) Has been skipped
CI / Coding Standards (pull_request) Successful in 52s
CI / PHPStan (pull_request) Successful in 1m1s
CI / Tests (PHP 8.2) (pull_request) Successful in 48s
CI / Tests (PHP 8.3) (pull_request) Successful in 45s
Implements #16: invite-only student self-registration through a front-end page, accepting signup-scoped policies at account creation. Policy domain: - us_policies.acceptance_scope (signup/booking/both); Policy::appliesTo(); PolicyRepository::findForScope(); scope threaded through PolicyService, the REST create, the admin controller, and the Policies form. - PolicyAcceptance::REG_ACCOUNT (registration_id = the new user's ID). Auth: - Invite value object + InviteRepository; us_invites table. - RegistrationController + Invites admin page (manage_students): invite an email, share the registration link, revoke. - RegistrationPage ([us_student_register] shortcode): validates the invite token, collects name/password, renders signup-scoped published policies with required acceptance, creates the us_student user, records account-type acceptances, marks the invite accepted, and logs the user in. - RoleManager: manage_students cap added to STUDIO_ADMIN_CAPS. Invite-only is implemented; the us_registration_mode self_approval path is a documented future seam. Docs: docs/features/account-registration.md; policies.md updated. Tests: tests/Unit/Auth/ (Invite, InviteRepository) plus Policy scope updates. composer test (104), cs, and PHPStan level 6 all pass. Refs #16 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,159 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Unsupervised\Schedular\Auth;
|
||||
|
||||
use Unsupervised\Schedular\Policy\AcceptanceRepository;
|
||||
use Unsupervised\Schedular\Policy\Policy;
|
||||
use Unsupervised\Schedular\Policy\PolicyAcceptance;
|
||||
use Unsupervised\Schedular\Policy\PolicyRepository;
|
||||
use Unsupervised\Schedular\Policy\PolicyVersionRepository;
|
||||
|
||||
class RegistrationPage {
|
||||
|
||||
public function __construct(
|
||||
private InviteRepository $invites,
|
||||
private PolicyRepository $policies,
|
||||
private PolicyVersionRepository $versions,
|
||||
private AcceptanceRepository $acceptances,
|
||||
) {}
|
||||
|
||||
/**
|
||||
* Renders the student registration shortcode output.
|
||||
*
|
||||
* @param array<string, string> $atts Shortcode attributes (unused — reserved for future options).
|
||||
*/
|
||||
public function render( array $atts ): string { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter.Found
|
||||
if ( is_user_logged_in() ) {
|
||||
return '<p>' . esc_html__( 'You already have an account and are logged in.', 'unsupervised-schedular' ) . '</p>';
|
||||
}
|
||||
|
||||
// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- token identifies the invite; the form submit is nonce-checked below.
|
||||
$token = sanitize_text_field( wp_unslash( $_REQUEST['us_invite'] ?? '' ) );
|
||||
$invite = '' !== $token ? $this->invites->findByToken( $token ) : null;
|
||||
|
||||
$error = '';
|
||||
$success = false;
|
||||
|
||||
if ( isset( $_POST['us_register'] ) && check_admin_referer( 'us_student_register' ) ) {
|
||||
$result = $this->handleSubmit( $invite );
|
||||
if ( true === $result ) {
|
||||
$success = true;
|
||||
} else {
|
||||
$error = $result;
|
||||
}
|
||||
}
|
||||
|
||||
$policyForms = $this->signupPolicies();
|
||||
$canRegister = null !== $invite && $invite->isPending();
|
||||
|
||||
ob_start();
|
||||
include USC_PLUGIN_DIR . 'templates/frontend/register-page.php';
|
||||
return (string) ob_get_clean();
|
||||
}
|
||||
|
||||
/**
|
||||
* Process the submitted registration. Returns true on success or an error
|
||||
* message string on failure.
|
||||
*/
|
||||
private function handleSubmit( ?Invite $invite ): string|bool {
|
||||
if ( null === $invite || ! $invite->isPending() ) {
|
||||
return esc_html__( 'This invitation is invalid or has already been used.', 'unsupervised-schedular' );
|
||||
}
|
||||
|
||||
// The submit nonce is verified by the caller (render) before this runs.
|
||||
// phpcs:disable WordPress.Security.NonceVerification.Missing
|
||||
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- passwords must not be sanitized.
|
||||
$password = (string) wp_unslash( $_POST['password'] ?? '' );
|
||||
$displayName = sanitize_text_field( wp_unslash( $_POST['display_name'] ?? '' ) );
|
||||
|
||||
if ( strlen( $password ) < 8 ) {
|
||||
return esc_html__( 'Please choose a password of at least 8 characters.', 'unsupervised-schedular' );
|
||||
}
|
||||
|
||||
$policyForms = $this->signupPolicies();
|
||||
$accepted = array_map( 'absint', (array) ( $_POST['accept'] ?? [] ) );
|
||||
// phpcs:enable WordPress.Security.NonceVerification.Missing
|
||||
|
||||
foreach ( $policyForms as $form ) {
|
||||
if ( ! in_array( (int) $form['version']->id, $accepted, true ) ) {
|
||||
return esc_html__( 'You must accept all required policies to register.', 'unsupervised-schedular' );
|
||||
}
|
||||
}
|
||||
|
||||
if ( email_exists( $invite->email ) ) {
|
||||
return esc_html__( 'An account already exists for this email.', 'unsupervised-schedular' );
|
||||
}
|
||||
|
||||
$userId = wp_insert_user(
|
||||
[
|
||||
'user_login' => $invite->email,
|
||||
'user_email' => $invite->email,
|
||||
'user_pass' => $password,
|
||||
'display_name' => '' !== $displayName ? $displayName : $invite->email,
|
||||
'role' => $invite->role,
|
||||
]
|
||||
);
|
||||
|
||||
if ( is_wp_error( $userId ) ) {
|
||||
return esc_html__( 'Could not create the account. Please contact the studio.', 'unsupervised-schedular' );
|
||||
}
|
||||
|
||||
$this->recordAcceptances( $policyForms, (int) $userId );
|
||||
$this->invites->markAccepted( (int) $invite->id, (int) $userId );
|
||||
|
||||
wp_set_current_user( (int) $userId );
|
||||
wp_set_auth_cookie( (int) $userId );
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Record account-time acceptances for each signup policy version.
|
||||
*
|
||||
* @param list<array{policy: Policy, version: \Unsupervised\Schedular\Policy\PolicyVersion}> $policyForms
|
||||
*/
|
||||
private function recordAcceptances( array $policyForms, int $userId ): void {
|
||||
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash -- IP is stored verbatim for audit.
|
||||
$ip = sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ?? '' ) );
|
||||
|
||||
foreach ( $policyForms as $form ) {
|
||||
$this->acceptances->insert(
|
||||
new PolicyAcceptance(
|
||||
policyVersionId: (int) $form['version']->id,
|
||||
studentId: $userId,
|
||||
registrationType: PolicyAcceptance::REG_ACCOUNT,
|
||||
registrationId: $userId,
|
||||
ipAddress: '' !== $ip ? $ip : null,
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Signup-scoped policies that have a current published version.
|
||||
*
|
||||
* @return list<array{policy: Policy, version: \Unsupervised\Schedular\Policy\PolicyVersion}>
|
||||
*/
|
||||
private function signupPolicies(): array {
|
||||
$out = [];
|
||||
|
||||
foreach ( $this->policies->findForScope( Policy::SCOPE_SIGNUP ) as $policy ) {
|
||||
if ( null === $policy->currentVersionId ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$version = $this->versions->findById( $policy->currentVersionId );
|
||||
if ( null === $version || ! $version->isPublished() ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$out[] = [
|
||||
'policy' => $policy,
|
||||
'version' => $version,
|
||||
];
|
||||
}
|
||||
|
||||
return $out;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user