Revert "refactor: move deSEC password-reveal logic from JS to Twig (PRG pattern)"

This reverts commit 1c6ca098d5.

php/src/Controller/DesecController.php

@@ -3,7 +3,6 @@ declare(strict_types=1);
 
 namespace AIO\Controller;
 
-use AIO\Desec\AlreadyRegisteredException;
 use AIO\Desec\DesecManager;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
@@ -15,23 +14,15 @@ readonly class DesecController {
     }
 
     public function Register(Request $request, Response $response, array $args): Response {
-        $email    = (string)($request->getParsedBody()['desec_email']    ?? '');
-        $slug     = (string)($request->getParsedBody()['desec_slug']     ?? '');
-        $password = (string)($request->getParsedBody()['desec_password'] ?? '');
-
         try {
+            $email    = (string)($request->getParsedBody()['desec_email']    ?? '');
+            $slug     = (string)($request->getParsedBody()['desec_slug']     ?? '');
+            $password = (string)($request->getParsedBody()['desec_password'] ?? '');
             $this->desecManager->register($email, $slug, $password);
-        } catch (AlreadyRegisteredException $ex) {
-            $_SESSION['desec_show_password'] = true;
-            $_SESSION['desec_prefill_email'] = $ex->email;
-            $_SESSION['desec_error']         = $ex->getMessage();
+            return $response->withStatus(201)->withHeader('Location', '.');
         } catch (\Exception $ex) {
-            $_SESSION['desec_error'] = $ex->getMessage();
+            $response->getBody()->write($ex->getMessage());
+            return $response->withStatus(422);
         }
-
-        // Post/Redirect/Get: always redirect back to the containers page.
-        // The browser follows the Location header and issues a fresh GET,
-        // which prevents form-resubmission on reload.
-        return $response->withStatus(303)->withHeader('Location', '../../containers');
     }
 }

php/src/Desec/AlreadyRegisteredException.php

@@ -1,20 +0,0 @@
-<?php
-declare(strict_types=1);
-
-namespace AIO\Desec;
-
-/**
- * Thrown when a deSEC account registration attempt fails because the email address
- * is already associated with an existing account.  The controller catches this to
- * redirect the user back to the registration form with the password field revealed.
- */
-class AlreadyRegisteredException extends \Exception {
-    public function __construct(
-        public readonly string $email,
-    ) {
-        parent::__construct(
-            'This email address is already registered at deSEC. '
-            . 'If this is your account, please enter your deSEC password in the password field and try again.',
-        );
-    }
-}

php/src/Desec/DesecManager.php

@@ -122,7 +122,10 @@ class DesecManager {
         if ($code === 400) {
             $data = json_decode($body, true, 512, JSON_THROW_ON_ERROR);
             if (is_array($data) && isset($data['email'])) {
-                throw new AlreadyRegisteredException($email);
+                throw new \Exception(
+                    'This email address is already registered at deSEC. '
+                    . 'If this is your account, please enter your deSEC password in the password field and try again.',
+                );
             }
             throw new \Exception('Registration at deSEC failed (HTTP 400): ' . $body);
         }