fix: Add null validation to RegistrationContext and extract error code constant

devondragon · devondragon · commit 25a89c8cf9ba · 2026-03-12T10:31:27.000-06:00
- Add compact constructor to RegistrationContext requiring non-null source;
  email remains nullable since some OAuth2 providers don't expose it
- Extract ERROR_CODE_REGISTRATION_DENIED constant in UserAPI to replace
  magic number 6
diff --git a/src/main/java/com/digitalsanctuary/spring/user/api/UserAPI.java b/src/main/java/com/digitalsanctuary/spring/user/api/UserAPI.java
@@ -65,6 +65,9 @@
 @RequestMapping(path = "/user", produces = "application/json")
 public class UserAPI {
 
+	/** Error code returned when the {@link RegistrationGuard} denies a registration attempt. */
+	private static final int ERROR_CODE_REGISTRATION_DENIED = 6;
+
 	private final UserService userService;
 	private final UserEmailService userEmailService;
 	private final MessageSource messages;
@@ -113,7 +116,7 @@ public ResponseEntity<JSONResponse> registerUserAccount(@Valid @RequestBody User
 					new RegistrationContext(userDto.getEmail(), RegistrationSource.FORM, null));
 			if (!decision.allowed()) {
 				log.info("Registration denied for email: {} source: FORM reason: {}", userDto.getEmail(), decision.reason());
-				return buildErrorResponse(decision.reason(), 6, HttpStatus.FORBIDDEN);
+				return buildErrorResponse(decision.reason(), ERROR_CODE_REGISTRATION_DENIED, HttpStatus.FORBIDDEN);
 			}
 
 			User registeredUser = userService.registerNewUserAccount(userDto);
@@ -411,7 +414,7 @@ public ResponseEntity<JSONResponse> registerPasswordlessAccount(@Valid @RequestB
 					new RegistrationContext(dto.getEmail(), RegistrationSource.PASSWORDLESS, null));
 			if (!decision.allowed()) {
 				log.info("Registration denied for email: {} source: PASSWORDLESS reason: {}", dto.getEmail(), decision.reason());
-				return buildErrorResponse(decision.reason(), 6, HttpStatus.FORBIDDEN);
+				return buildErrorResponse(decision.reason(), ERROR_CODE_REGISTRATION_DENIED, HttpStatus.FORBIDDEN);
 			}
 
 			User registeredUser = userService.registerPasswordlessAccount(dto);
diff --git a/src/main/java/com/digitalsanctuary/spring/user/registration/RegistrationContext.java b/src/main/java/com/digitalsanctuary/spring/user/registration/RegistrationContext.java
@@ -1,13 +1,20 @@
 package com.digitalsanctuary.spring.user.registration;
 
+import java.util.Objects;
+
 /**
  * Immutable context passed to {@link RegistrationGuard#evaluate(RegistrationContext)}
  * describing the registration attempt being evaluated.
  *
- * @param email        the email address of the user attempting to register
- * @param source       the registration path (form, passwordless, OAuth2, or OIDC)
+ * @param email        the email address of the user attempting to register; may be {@code null}
+ *                     if the OAuth2/OIDC provider does not expose the user's email
+ * @param source       the registration path (form, passwordless, OAuth2, or OIDC); never {@code null}
  * @param providerName the OAuth2/OIDC provider registration ID (e.g. {@code "google"},
  *                     {@code "keycloak"}), or {@code null} for form/passwordless registrations
  */
 public record RegistrationContext(String email, RegistrationSource source, String providerName) {
+
+    public RegistrationContext {
+        Objects.requireNonNull(source, "source must not be null");
+    }
 }
