Phase 3b: Registration controller migration (Spring Boot)

[devin-ai-integration]

Phase 3b: Registration Controller Migration

Summary

Migrates EditRegistrationAction and SaveRegistrationAction from Struts 1.x to a Spring MVC RegistrationController, as part of the struts-faces-example2 Spring Boot migration. Converts RegistrationForm from a ValidatorForm subclass to a plain POJO with JSR-380 Bean Validation, and introduces a custom @PasswordMatch cross-field constraint.

New files:

• form/RegistrationForm.java — POJO with @NotBlank, @Email, @PasswordMatch
• validation/PasswordMatch.java + PasswordMatchValidator.java — custom class-level constraint for password confirmation
• controller/RegistrationController.java — GET /editRegistration (form prep) + POST /saveRegistration (validate & persist)
• templates/registration.html — minimal Thymeleaf template (unblocks controller tests; full UI is Phase 4)
• RegistrationFormTest.java, PasswordMatchValidatorTest.java, RegistrationControllerTest.java

All 110 tests pass (13 form + 7 validator + 13 controller + existing 77).

Review & Testing Checklist for Human

• Test isolation / shared mutable state: RegistrationControllerTest mutates the shared in-memory UserDatabase (e.g., createNewUserWithValidData creates "newuser", editExistingUserWithValidData changes the "user" object's fields). There is no @DirtiesContext or per-test reset, so test ordering could cause flaky failures. Verify this doesn't bite in CI or when new tests are added.
• Dropped Struts token/cancel handling: The original SaveRegistrationAction had isTokenValid/resetToken/saveToken (CSRF-like) and isCancelled checks. These are absent from the new controller. Spring's built-in CSRF support may cover the token case, but confirm this is acceptable for the migration.
• Password validation edge cases: In saveRegistration, password-required checks only run for action="Create". For action="Edit", the @PasswordMatch validator allows both-null or both-empty, and the controller preserves the old password if the new one is empty. Verify this matches the original Struts behavior and handles edge cases (e.g., one password field empty, the other not).
• Duplicate username check timing: The controller checks for duplicate usernames after @Valid runs. If other fields have validation errors, the duplicate check still fires and adds another error. This is probably fine but differs slightly from Struts' ordering.

Notes

• This PR targets devin/1771291744-spring-boot-migration-phase1-2 (Phase 1 & 2 base).
• Two parallel sessions are handling Logon/Logoff and Subscription controllers; this PR only touches registration-related files.
• The registration.html template is a minimal placeholder to unblock tests. Full Thymeleaf UI work is Phase 4.
• Requested by @cogjack
• Link to Devin run: https://jack-meigel.devinenterprise.com/sessions/37cf42f8a8684ff9a27a7aba69cafa7f

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring