Merge branch 'dev/3551-improve_username_validation_security_on_account_creation_stage' into 'main'

	private IConfig $config;

	private IInitialState $initialState;

	private IAppData $appData;

	private const SESSION_USERNAME_CHECK = 'username_check_passed';

	private const SESSION_VERIFIED_USERNAME = 'verified_username';

	private const SESSION_VERIFIED_DISPLAYNAME = 'verified_displayname';

	private const CAPTCHA_VERIFIED_CHECK = 'captcha_verified';

	private const ALLOWED_CAPTCHA_PROVIDERS = ['image', 'hcaptcha'];

	private const DEFAULT_CAPTCHA_PROVIDER = 'image';

	 *

	 * @return \OCP\AppFramework\Http\DataResponse

	 */

	public function create(string $displayname = '', string $recoveryEmail = '', string $username = '', string $password = '', string $language = 'en', bool $newsletterEos = false, bool $newsletterProduct = false): DataResponse {

	public function create(string $recoveryEmail = '', string $password = '', string $language = 'en', bool $newsletterEos = false, bool $newsletterProduct = false): DataResponse {

		$response = new DataResponse();

			return $response;

		}

		if (!$this->session->get(self::SESSION_USERNAME_CHECK)) {

		$displayname = $this->session->get(self::SESSION_VERIFIED_DISPLAYNAME);

		$username = $this->session->get(self::SESSION_VERIFIED_USERNAME);

		if ($this->isNullOrEmptyInput($displayname) || $this->isNullOrEmptyInput($username)) {

			$response->setData(['message' => 'Username is already taken.', 'success' => false]);

			$response->setStatus(400);

			return $response;

			$this->userService->sendWelcomeEmail($displayname, $username, $userEmail, $language);

			$this->session->remove(self::SESSION_USERNAME_CHECK);

			$this->session->remove(self::SESSION_VERIFIED_USERNAME);

			$this->session->remove(self::SESSION_VERIFIED_DISPLAYNAME);

			$this->session->remove(self::CAPTCHA_VERIFIED_CHECK);

			$ipAddress = $this->request->getRemoteAddress();

			$this->userService->addUsernameToCommonDataStore($username, $ipAddress, $recoveryEmail);

		return $response;

	}

	private function isNullOrEmptyInput(string|null $input): bool {

		if($input === null || empty(trim($input))) {

			return true;

		}

		return false;

	}

	/**

	 * Validate input for a given input name, value, and optional maximum length.

	 *

	 * @return \OCP\AppFramework\Http\DataResponse

	 */

	public function validateFields(string $username, string $displayname) : DataResponse {

		$this->session->remove(self::SESSION_USERNAME_CHECK);

		$this->session->remove(self::SESSION_VERIFIED_DISPLAYNAME);

		$this->session->remove(self::SESSION_VERIFIED_USERNAME);

		$response = new DataResponse();

		$response->setStatus(400);

				$response->setData(['message' => 'Username is already taken.', 'field' => 'username', 'success' => false]);

			} elseif (!$this->userService->userExists($username) && !$this->userService->isUsernameTaken($username)) {

				$response->setStatus(200);

				$this->session->set(self::SESSION_USERNAME_CHECK, true);

				$this->session->set(self::SESSION_VERIFIED_USERNAME, $username);

				$this->session->set(self::SESSION_VERIFIED_DISPLAYNAME, $displayname);

			} else {

				$response->setData(['message' => 'Username is already taken.', 'field' => 'username', 'success' => false]);

			}

		submitRecoveryEmailForm(data) {

			if (data.isFormValid) {

				const data = {

					displayname: this.formData.displayname,

					username: this.formData.username,

					password: this.formData.password,

					recoveryEmail: this.formData.email,

					language: this.formData.selectedLanguage,