From 6460218c0eafbb0e567885e1166e2427c6f41068 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Fri, 18 Nov 2022 16:04:02 -0500 Subject: [PATCH] Ensure register records aren't created with uid = 0 - uid = 0 matches system account and public contact records, giving unexpected display in pending user list. More importantly, the originally created user can't be approved since its user id is lost. --- src/Model/Register.php | 27 ++++++++++++++++++--------- src/Module/Register.php | 12 ++++++++++-- 2 files changed, 28 insertions(+), 11 deletions(-) diff --git a/src/Model/Register.php b/src/Model/Register.php index c24e66d4d..396524673 100644 --- a/src/Model/Register.php +++ b/src/Model/Register.php @@ -23,6 +23,7 @@ namespace Friendica\Model; use Friendica\Content\Pager; use Friendica\Database\DBA; +use Friendica\Network\HTTPException; use Friendica\Util\DateTimeFormat; use Friendica\Util\Strings; @@ -113,21 +114,27 @@ class Register } /** - * Creates a register record for approval and returns the success of the database insert + * Creates a register record for approval * Checks for the existence of the provided user id * - * @param integer $uid The ID of the user needing approval - * @param string $language The registration language - * @param string $note An additional message from the user - * @return boolean - * @throws \Exception + * @param integer $uid The ID of the user needing approval + * @param string $language The registration language + * @param string $note An additional message from the user + * @return void + * @throws \OutOfBoundsException + * @throws HTTPException\InternalServerErrorException + * @throws HTTPException\NotFoundException */ - public static function createForApproval(int $uid, string $language, string $note = ''): bool + public static function createForApproval(int $uid, string $language, string $note = ''): void { $hash = Strings::getRandomHex(); + if (!$uid) { + throw new \OutOfBoundsException("User ID can't be empty"); + } + if (!User::exists($uid)) { - return false; + throw new HTTPException\NotFoundException("User ID doesn't exist"); } $fields = [ @@ -139,7 +146,9 @@ class Register 'note' => $note ]; - return DBA::insert('register', $fields); + if (!DBA::insert('register', $fields)) { + throw new HTTPException\InternalServerErrorException('Unable to insert a `register` record'); + } } /** diff --git a/src/Module/Register.php b/src/Module/Register.php index b71fb777c..cd963c17a 100644 --- a/src/Module/Register.php +++ b/src/Module/Register.php @@ -353,6 +353,7 @@ class Register extends BaseModule } } elseif (intval(DI::config()->get('config', 'register_policy')) === self::APPROVE) { if (!User::getAdminEmailList()) { + $this->logger->critical('Registration policy is set to APPROVE but no admin email address has been set in config.admin_email'); DI::sysmsg()->addNotice(DI::l10n()->t('Your registration can not be processed.')); DI::baseUrl()->redirect(); } @@ -362,10 +363,17 @@ class Register extends BaseModule DI::sysmsg()->addNotice(DI::l10n()->t('You have to leave a request note for the admin.') . DI::l10n()->t('Your registration can not be processed.')); - DI::baseUrl()->redirect('register/'); + $this->baseUrl->redirect('register'); } - Model\Register::createForApproval($user['uid'], DI::config()->get('system', 'language'), $_POST['permonlybox']); + try { + Model\Register::createForApproval($user['uid'], DI::config()->get('system', 'language'), $_POST['permonlybox']); + } catch (\Throwable $e) { + $this->logger->error('Unable to create a `register` record.', ['user' => $user]); + DI::sysmsg()->addNotice(DI::l10n()->t('An internal error occured.') + . DI::l10n()->t('Your registration can not be processed.')); + $this->baseUrl->redirect('register'); + } // invite system if ($using_invites && $invite_id) {