From d58a34b605f5c3a03638ccc0a8de82260805af47 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sun, 26 Apr 2026 18:37:19 +0200
Subject: [PATCH] Revert "feat: show deSEC password field only after
 email-already-registered failure, via POST /containers and Twig (no sessions,
 no query params)"

This reverts commit 44b257a2b54ed2e8fb43186586f75085fc8c5032.
---
 php/public/index.php                         | 43 ++------------------
 php/src/Desec/AlreadyRegisteredException.php | 17 --------
 php/src/Desec/DesecManager.php               |  5 ++-
 php/templates/includes/desec-register.twig   | 16 +++-----
 4 files changed, 12 insertions(+), 69 deletions(-)
 delete mode 100644 php/src/Desec/AlreadyRegisteredException.php

diff --git a/php/public/index.php b/php/public/index.php
index f2ee97c9..9d34eabd 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -112,13 +112,7 @@ $app->post('/api/configuration', \AIO\Controller\ConfigurationController::class
 $app->post('/api/desec/register', \AIO\Controller\DesecController::class . ':Register');
 
 // Views
-// Shared closure that renders the containers page.
-// $desecVars can override 'desec_show_password', 'desec_prefill_email', and 'desec_error'.
-$renderContainersPage = function (
-    Response $response,
-    Request  $request,
-    array    $desecVars = [],
-) use ($container): Response {
+$app->get('/containers', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     $view->addExtension(new \AIO\Twig\ClassExtension());
     /** @var \AIO\Data\ConfigurationManager $configurationManager */
@@ -136,7 +130,7 @@ $renderContainersPage = function (
     $bypass_container_update = isset($params['bypass_container_update']);
     $skip_domain_validation = isset($params['skip_domain_validation']);
 
-    return $view->render($response, 'containers.twig', array_merge([
+    return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->domain,
         'apache_port' => $configurationManager->apachePort,
         'borg_backup_host_location' => $configurationManager->borgBackupHostLocation,
@@ -191,39 +185,8 @@ $renderContainersPage = function (
         'desec_password' => $configurationManager->desecPassword,
         'is_desec_domain' => $configurationManager->isDesecDomain(),
         'desec_account_registered' => $configurationManager->isDesecAccountRegistered(),
-        'desec_show_password' => false,
-        'desec_prefill_email' => '',
-        'desec_error' => '',
-    ], $desecVars));
-};
-
-$app->get('/containers', function (Request $request, Response $response, array $args) use ($renderContainersPage): Response {
-    return $renderContainersPage($response, $request);
+    ]);
 })->setName('profile');
-
-$app->post('/containers', function (Request $request, Response $response, array $args) use ($container, $renderContainersPage): Response {
-    $email    = (string)($request->getParsedBody()['desec_email']    ?? '');
-    $slug     = (string)($request->getParsedBody()['desec_slug']     ?? '');
-    $password = (string)($request->getParsedBody()['desec_password'] ?? '');
-
-    /** @var \AIO\Desec\DesecManager $desecManager */
-    $desecManager = $container->get(\AIO\Desec\DesecManager::class);
-    try {
-        $desecManager->register($email, $slug, $password);
-        return $response->withStatus(303)->withHeader('Location', '/containers');
-    } catch (\AIO\Desec\AlreadyRegisteredException $ex) {
-        return $renderContainersPage($response, $request, [
-            'desec_show_password' => true,
-            'desec_prefill_email' => $email,
-            'desec_error'         => $ex->getMessage(),
-        ]);
-    } catch (\Exception $ex) {
-        return $renderContainersPage($response, $request, [
-            'desec_prefill_email' => $email,
-            'desec_error'         => $ex->getMessage(),
-        ]);
-    }
-});
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Docker\DockerActionManager $dockerActionManager */
diff --git a/php/src/Desec/AlreadyRegisteredException.php b/php/src/Desec/AlreadyRegisteredException.php
deleted file mode 100644
index 54ce2ee2..00000000
--- a/php/src/Desec/AlreadyRegisteredException.php
+++ /dev/null
@@ -1,17 +0,0 @@
-<?php
-declare(strict_types=1);
-
-namespace AIO\Desec;
-
-/**
- * Thrown when the deSEC API reports that the supplied email address is already
- * associated with an existing account (HTTP 400 with an "email" error field).
- */
-class AlreadyRegisteredException extends \Exception {
-    public function __construct(string $email) {
-        parent::__construct(
-            'This email address is already registered at deSEC. '
-            . 'If this is your account, please enter your deSEC password in the password field and try again.',
-        );
-    }
-}
diff --git a/php/src/Desec/DesecManager.php b/php/src/Desec/DesecManager.php
index 9ac45d41..13f7a08b 100644
--- a/php/src/Desec/DesecManager.php
+++ b/php/src/Desec/DesecManager.php
@@ -122,7 +122,10 @@ class DesecManager {
         if ($code === 400) {
             $data = json_decode($body, true, 512, JSON_THROW_ON_ERROR);
             if (is_array($data) && isset($data['email'])) {
-                throw new AlreadyRegisteredException($email);
+                throw new \Exception(
+                    'This email address is already registered at deSEC. '
+                    . 'If this is your account, please enter your deSEC password in the password field and try again.',
+                );
             }
             throw new \Exception('Registration at deSEC failed (HTTP 400): ' . $body);
         }
diff --git a/php/templates/includes/desec-register.twig b/php/templates/includes/desec-register.twig
index 2b9e97f7..6a015194 100644
--- a/php/templates/includes/desec-register.twig
+++ b/php/templates/includes/desec-register.twig
@@ -4,8 +4,7 @@
     {% if desec_account_registered %}
         <p>Your deSEC account (<strong>{{ desec_email }}</strong>) was registered successfully but the domain could not be registered. Please enter a desired subdomain slug (the part before <code>.dedyn.io</code>) and try again, or leave it blank for a random one.</p>
         <p>Your deSEC login credentials (for <a target="_blank" href="https://desec.io">desec.io</a>): Email: <strong>{{ desec_email }}</strong>. <details style="display:inline"><summary>Reveal deSEC password</summary><strong>{{ desec_password }}</strong></details>. Please save these in a safe place.</p>
-        {% if desec_error %}<p class="error">{{ desec_error }}</p>{% endif %}
-        <form method="POST" action="/containers">
+        <form method="POST" action="api/desec/register" class="xhr">
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
             <input type="text" name="desec_slug" placeholder="my-nextcloud (optional)" pattern="[a-z0-9]([a-z0-9\-]{0,61}[a-z0-9])?" title="Only lowercase letters, digits and hyphens (1–63 characters). No leading or trailing hyphen." />
@@ -13,17 +12,12 @@
         </form>
     {% else %}
         <p>Please enter your email address. You can also enter a desired subdomain slug (the part before <code>.dedyn.io</code>); leave it blank for a random one.</p>
-        {% if desec_show_password %}
-            <p>If you already have a deSEC account for this email address, enter your deSEC password in the optional password field below to log in with it instead of creating a new account.</p>
-        {% endif %}
-        {% if desec_error %}<p class="error">{{ desec_error }}</p>{% endif %}
-        <form method="POST" action="/containers">
+        <p>If you already have a deSEC account for this email address, enter your deSEC password in the optional password field below to log in with it instead of creating a new account.</p>
+        <form method="POST" action="api/desec/register" class="xhr">
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-            <input type="email" name="desec_email" placeholder="your@email.com" value="{{ desec_prefill_email }}" required />
-            {% if desec_show_password %}
-                <input type="password" name="desec_password" placeholder="deSEC password" autocomplete="current-password" />
-            {% endif %}
+            <input type="email" name="desec_email" placeholder="your@email.com" required />
+            <input type="password" name="desec_password" placeholder="deSEC password (only if already registered)" autocomplete="current-password" />
             <input type="text" name="desec_slug" placeholder="my-nextcloud (optional)" pattern="[a-z0-9]([a-z0-9\-]{0,61}[a-z0-9])?" title="Only lowercase letters, digits and hyphens (1–63 characters). No leading or trailing hyphen." />
             <input type="submit" value="Register free domain via deSEC" />
         </form>