refactor: use form requests in auth controllers, remove double hashing

2026-03-19 23:14:52 +01:00
parent da97c45dd4
commit 44c1cbe5f6
5 changed files with 41 additions and 93 deletions
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@@ -3,13 +3,11 @@
 namespace App\Http\Controllers\Auth;

 use App\Http\Controllers\Controller;
+use App\Http\Requests\Auth\RegisterRequest;
 use App\Models\User;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Http\RedirectResponse;
-use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Hash;
-use Illuminate\Validation\Rules;
 use Inertia\Inertia;
 use Inertia\Response;

@@ -30,40 +28,26 @@ class RegisterController extends Controller
    /**
     * Handle an incoming registration request.
     */
-    public function store(Request $request): RedirectResponse
+    public function store(RegisterRequest $request): RedirectResponse
    {
-        if (! config('auth-ui.features.registration')) {
-            abort(404);
-        }
-
-        $request->validate([
-            'username' => [
-                'required', 'string', 'max:255', 'alpha_dash',
-                function ($attribute, $value, $fail) {
-                    $exists = User::whereRaw('LOWER(username) = ?', [strtolower($value)])->exists();
-                    if ($exists) {
-                        $fail('The username has already been taken.');
-                    }
-                },
-            ],
-            'first_name' => ['required', 'string', 'max:255'],
-            'last_name' => ['required', 'string', 'max:255'],
-            'email' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:'.User::class],
-            'password' => ['required', 'confirmed', Rules\Password::defaults()],
-        ]);
+        $validated = $request->validated();

        $user = User::create([
-            'username' => $request->username,
-            'first_name' => $request->first_name,
-            'last_name' => $request->last_name,
-            'email' => $request->email,
-            'password' => Hash::make($request->password),
+            'username' => $validated['username'],
+            'first_name' => $validated['first_name'],
+            'last_name' => $validated['last_name'],
+            'email' => $validated['email'],
+            'password' => $validated['password'],
        ]);

        event(new Registered($user));

        Auth::login($user);

+        if (config('auth-ui.features.email_verification')) {
+            return redirect()->route('verification.notice');
+        }
+
        return redirect(config('auth-ui.redirects.register', '/'));
    }
 }