Fix G3 auth redirect scaffold and G4 validator type inference

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: csharpfritz

.squad/agents/bishop/history.md

@@ -37,6 +37,8 @@
 - NEVER replace ListView/FormView/GridView — must use BWFC components (2026-05-07T09:24)
 
 ## Learnings
+- **2026-05-08T10:42:43-04:00:** Generated account-page stubs are far more benchmark-ready when the semantic rewrite, Program.cs scaffold, and redirect-handler annotator all agree on one POST-based auth contract. Emitting `/Account/LoginHandler` + `/Account/RegisterHandler`, preserving `ReturnUrl`, and configuring the application cookie paths in the scaffold removes a common first-pass auth failure without needing hand-edited Program.cs.
+- **2026-05-08T10:42:43-04:00:** `RequiredFieldValidator` generic inference should prefer the validated control's value type instead of a blanket default. In practice, mapping `TextBox` controls to `string` and only falling back to `object` when no control hint exists prevents noisy generic warnings while keeping the transform deterministic.
 - **2026-05-08T10:00:31-04:00:** `copilot-instructions.md` now needs explicit migration-tooling guidance: start from the CLI wrapper, preserve BWFC data controls, trust `WebFormsPageBase` shims, and keep transform registration instructions paired across `Program.cs` and `TestHelpers.CreateDefaultPipeline()` so future agents can repair WingtipToys-class migrations without outside help.
 - **2026-05-07T13:17:32-04:00:** ListView `GroupTemplate` and `LayoutTemplate` emission is more reliable when the CLI emits explicit `Context` names (`items`, `groups`) instead of leaving raw `@context` placeholders. That keeps generated placeholder markup readable and removes one common manual repair step on Wingtip fixtures.
 - **2026-05-07T13:17:32-04:00:** Typed `GridView` columns must inherit the parent grid `ItemType`; leaving `TemplateField` at `ItemType="object"` breaks migrated template expressions like `@Item.Quantity`. A dedicated post-attribute-strip pass that rewrites child BWFC column generics to the grid row type fixes this deterministically.

src/BlazorWebFormsComponents.Cli/Pipeline/RedirectHandlerAnnotator.cs

@@ -53,13 +53,13 @@ public async Task<int> AnnotateAsync(MigrationContext context, MigrationReport r
         if (context.SourceFiles.Any(IsLoginPage))
         {
             handlerBlocks.Add(BuildLoginHandlerBlock());
-            report.AddManualItem("Account/Login.aspx", 0, "bwfc-identity", "Login.razor submits to /Account/PerformLogin — replace the generated stub with your real authentication endpoint.", "high");
+            report.AddManualItem("Account/Login.aspx", 0, "bwfc-identity", "Login.razor now posts to /Account/LoginHandler — verify the generated Identity sign-in flow matches your app's redirect and claims requirements.", "medium");
         }
 
         if (context.SourceFiles.Any(IsRegisterPage))
         {
             handlerBlocks.Add(BuildRegisterHandlerBlock());
-            report.AddManualItem("Account/Register.aspx", 0, "bwfc-identity", "Register.razor submits to /Account/PerformRegister — replace the generated stub with your real registration endpoint.", "high");
+            report.AddManualItem("Account/Register.aspx", 0, "bwfc-identity", "Register.razor now posts to /Account/RegisterHandler — verify the generated Identity registration flow matches your app's user profile and confirmation requirements.", "medium");
         }
 
         if (handlerBlocks.Count == 0)
@@ -139,30 +139,88 @@ private static bool IsRegisterPage(SourceFile sourceFile) =>
 
     private static string BuildLoginHandlerBlock() =>
         """
-app.MapGet("/Account/PerformLogin", (string? email, string? password, string? returnUrl) =>
+app.MapPost("/Account/LoginHandler", async (HttpContext context, SignInManager<IdentityUser> signInManager) =>
 {
+    var form = await context.Request.ReadFormAsync();
+    var email = form["Email"].ToString().Trim();
+    var password = form["Password"].ToString();
+    var returnUrl = form["ReturnUrl"].ToString();
+    var rememberMe = string.Equals(form["RememberMe"], "on", StringComparison.OrdinalIgnoreCase)
+        || string.Equals(form["RememberMe"], "true", StringComparison.OrdinalIgnoreCase);
+    var hasLocalReturnUrl = !string.IsNullOrWhiteSpace(returnUrl)
+        && Uri.IsWellFormedUriString(returnUrl, UriKind.Relative)
+        && returnUrl.StartsWith("/", StringComparison.Ordinal);
+
     if (string.IsNullOrWhiteSpace(email) || string.IsNullOrWhiteSpace(password))
-        return Results.Redirect("/Account/Login?error=Email%20and%20password%20are%20required");
+    {
+        var missingCredentialsUrl = hasLocalReturnUrl
+            ? $"/Account/Login?error=Email%20and%20password%20are%20required&returnUrl={Uri.EscapeDataString(returnUrl)}"
+            : "/Account/Login?error=Email%20and%20password%20are%20required";
+        return Results.LocalRedirect(missingCredentialsUrl);
+    }
+
+    var result = await signInManager.PasswordSignInAsync(email, password, rememberMe, lockoutOnFailure: false);
+    if (!result.Succeeded)
+    {
+        var invalidLoginUrl = hasLocalReturnUrl
+            ? $"/Account/Login?error=Invalid%20login%20attempt&returnUrl={Uri.EscapeDataString(returnUrl)}"
+            : "/Account/Login?error=Invalid%20login%20attempt";
+        return Results.LocalRedirect(invalidLoginUrl);
+    }
 
-    // TODO(bwfc-identity): Replace this stub with a real authentication endpoint that issues cookies.
-    return Results.Redirect(string.IsNullOrWhiteSpace(returnUrl)
-        ? "/Account/Login?error=Authentication%20is%20not%20wired%20yet"
-        : $"/Account/Login?error=Authentication%20is%20not%20wired%20yet&returnUrl={Uri.EscapeDataString(returnUrl)}");
+    return Results.LocalRedirect(hasLocalReturnUrl ? returnUrl : "/");
 });
 """;
 
     private static string BuildRegisterHandlerBlock() =>
         """
-app.MapGet("/Account/PerformRegister", (string? email, string? password, string? confirmPassword) =>
+app.MapPost("/Account/RegisterHandler", async (HttpContext context, UserManager<IdentityUser> userManager) =>
 {
+    var form = await context.Request.ReadFormAsync();
+    var email = form["Email"].ToString().Trim();
+    var password = form["Password"].ToString();
+    var confirmPassword = form["ConfirmPassword"].ToString();
+    var returnUrl = form["ReturnUrl"].ToString();
+    var hasLocalReturnUrl = !string.IsNullOrWhiteSpace(returnUrl)
+        && Uri.IsWellFormedUriString(returnUrl, UriKind.Relative)
+        && returnUrl.StartsWith("/", StringComparison.Ordinal);
+
     if (string.IsNullOrWhiteSpace(email) || string.IsNullOrWhiteSpace(password))
-        return Results.Redirect("/Account/Register?error=Email%20and%20password%20are%20required");
+    {
+        var missingCredentialsUrl = hasLocalReturnUrl
+            ? $"/Account/Register?error=Email%20and%20password%20are%20required&returnUrl={Uri.EscapeDataString(returnUrl)}"
+            : "/Account/Register?error=Email%20and%20password%20are%20required";
+        return Results.LocalRedirect(missingCredentialsUrl);
+    }
 
     if (!string.Equals(password, confirmPassword, StringComparison.Ordinal))
-        return Results.Redirect("/Account/Register?error=Passwords%20do%20not%20match");
+    {
+        var mismatchedPasswordUrl = hasLocalReturnUrl
+            ? $"/Account/Register?error=Passwords%20do%20not%20match&returnUrl={Uri.EscapeDataString(returnUrl)}"
+            : "/Account/Register?error=Passwords%20do%20not%20match";
+        return Results.LocalRedirect(mismatchedPasswordUrl);
+    }
+
+    var user = new IdentityUser
+    {
+        UserName = email,
+        Email = email
+    };
+
+    var result = await userManager.CreateAsync(user, password);
+    if (!result.Succeeded)
+    {
+        var error = result.Errors.FirstOrDefault()?.Description ?? "Registration failed";
+        var registrationErrorUrl = hasLocalReturnUrl
+            ? $"/Account/Register?error={Uri.EscapeDataString(error)}&returnUrl={Uri.EscapeDataString(returnUrl)}"
+            : $"/Account/Register?error={Uri.EscapeDataString(error)}";
+        return Results.LocalRedirect(registrationErrorUrl);
+    }
 
-    // TODO(bwfc-identity): Replace this stub with a real registration endpoint that creates a user record.
-    return Results.Redirect("/Account/Login?registered=1");
+    var registeredUrl = hasLocalReturnUrl
+        ? $"/Account/Login?registered=1&returnUrl={Uri.EscapeDataString(returnUrl)}"
+        : "/Account/Login?registered=1";
+    return Results.LocalRedirect(registeredUrl);
 });
 """;
 }

src/BlazorWebFormsComponents.Cli/Scaffolding/ProgramCsEmitter.cs

@@ -23,6 +23,7 @@ public string Generate(string projectName, RuntimeProfile profile, DatabaseProvi
         builder.AppendLine("var builder = WebApplication.CreateBuilder(args);");
         builder.AppendLine();
         builder.AppendLine("builder.Services.AddRazorComponents();");
+        builder.AppendLine("builder.Services.AddAntiforgery();");
 
         if (profile.NeedsSession)
         {
@@ -65,6 +66,11 @@ public string Generate(string projectName, RuntimeProfile profile, DatabaseProvi
                 builder.AppendLine("// Add identityBuilder.AddEntityFrameworkStores<YourDbContext>() after migrating your auth store.");
             }
 
+            builder.AppendLine("builder.Services.ConfigureApplicationCookie(options =>");
+            builder.AppendLine("{");
+            builder.AppendLine("    options.LoginPath = \"/Account/Login\";");
+            builder.AppendLine("    options.LogoutPath = \"/Account/Logout\";");
+            builder.AppendLine("});");
             builder.AppendLine("builder.Services.AddAuthorization();");
             builder.AppendLine("builder.Services.AddCascadingAuthenticationState();");
         }

src/BlazorWebFormsComponents.Cli/SemanticPatterns/AccountPagesSemanticPattern.cs

@@ -122,11 +122,12 @@ private static string BuildNormalizedAccountMarkup(string markup, string fileNam
         builder.AppendLine("}");
         builder.AppendLine($"<form method=\"{GetFormMethod(fileName)}\" action=\"{formAction}\" class=\"form-horizontal\">");
 
-        if (fileName.Equals("Login", StringComparison.OrdinalIgnoreCase))
+        if (fileName.Equals("Login", StringComparison.OrdinalIgnoreCase)
+            || fileName.Equals("Register", StringComparison.OrdinalIgnoreCase))
         {
             builder.AppendLine("    @if (!string.IsNullOrWhiteSpace(ReturnUrl))");
             builder.AppendLine("    {");
-            builder.AppendLine("        <input type=\"hidden\" name=\"returnUrl\" value=\"@ReturnUrl\" />");
+            builder.AppendLine("        <input type=\"hidden\" name=\"ReturnUrl\" value=\"@ReturnUrl\" />");
             builder.AppendLine("    }");
         }
 
@@ -327,15 +328,11 @@ private static string DefaultButtonText(string fileName) =>
         : "Submit";
 
     private static string GetFormAction(string fileName) =>
-        fileName.Equals("Login", StringComparison.OrdinalIgnoreCase) ? "/Account/PerformLogin"
-        : fileName.Equals("Register", StringComparison.OrdinalIgnoreCase) ? "/Account/PerformRegister"
+        fileName.Equals("Login", StringComparison.OrdinalIgnoreCase) ? "/Account/LoginHandler"
+        : fileName.Equals("Register", StringComparison.OrdinalIgnoreCase) ? "/Account/RegisterHandler"
         : $"/Account/{fileName}Handler";
 
-    private static string GetFormMethod(string fileName) =>
-        fileName.Equals("Login", StringComparison.OrdinalIgnoreCase)
-        || fileName.Equals("Register", StringComparison.OrdinalIgnoreCase)
-            ? "get"
-            : "post";
+    private static string GetFormMethod(string fileName) => "post";
 
     private static string ToTitle(string value)
     {
@@ -371,6 +368,10 @@ private static string EnsureAccountQueryParameters(string markup, string fileNam
             AddParameterIfMissing(markup, parameterLines, "Registered", "registered", "int?");
             AddParameterIfMissing(markup, parameterLines, "ReturnUrl", "returnUrl", "string?");
         }
+        else if (fileName.Equals("Register", StringComparison.OrdinalIgnoreCase))
+        {
+            AddParameterIfMissing(markup, parameterLines, "ReturnUrl", "returnUrl", "string?");
+        }
 
         if (parameterLines.Count == 0)
         {

src/BlazorWebFormsComponents.Cli/Transforms/Markup/ValidatorGenericTypeTransform.cs

@@ -5,28 +5,149 @@ namespace BlazorWebFormsComponents.Cli.Transforms.Markup;
 
 /// <summary>
 /// Adds explicit generic type arguments to validator components whose BWFC API
-/// requires them and defaults migrated form validators to string when the input
-/// type cannot be inferred mechanically.
+/// requires them. RequiredFieldValidator defaults to the validated control type
+/// when it can be inferred and falls back to object only when no type hint exists.
 /// </summary>
 public class ValidatorGenericTypeTransform : IMarkupTransform
 {
     public string Name => "ValidatorGenericType";
     public int Order => 615;
 
-    private static readonly (Regex Pattern, string TypeAttribute)[] ValidatorPatterns =
+    private static readonly Regex AttributeRegex = new(
+        @"\b(?<name>[A-Za-z_:][\w:.-]*)\s*=\s*""(?<value>[^""]*)""",
+        RegexOptions.Compiled);
+
+    private static readonly Regex ControlTagRegex = new(
+        @"<(?<tag>[A-Za-z][\w]*)\b(?<attributes>[^>]*)/?>",
+        RegexOptions.Compiled | RegexOptions.IgnoreCase);
+
+    private static readonly Regex RequiredFieldValidatorRegex = new(
+        @"<RequiredFieldValidator\b(?<attributes>[^>]*?)(?<selfClosing>\s*/?)>",
+        RegexOptions.Compiled | RegexOptions.IgnoreCase);
+
+    private static readonly (Regex Pattern, string TypeAttribute, string DefaultType)[] SimpleValidatorPatterns =
     [
-        (new Regex(@"<RequiredFieldValidator\b(?!(?:(?!>).)*\bType=)", RegexOptions.Compiled | RegexOptions.IgnoreCase), "Type"),
-        (new Regex(@"<CompareValidator\b(?!(?:(?!>).)*\bInputType=)", RegexOptions.Compiled | RegexOptions.IgnoreCase), "InputType"),
-        (new Regex(@"<RangeValidator\b(?!(?:(?!>).)*\bInputType=)", RegexOptions.Compiled | RegexOptions.IgnoreCase), "InputType")
+        (new Regex(@"<CompareValidator\b(?<attributes>[^>]*?)(?<selfClosing>\s*/?)>", RegexOptions.Compiled | RegexOptions.IgnoreCase), "InputType", "string"),
+        (new Regex(@"<RangeValidator\b(?<attributes>[^>]*?)(?<selfClosing>\s*/?)>", RegexOptions.Compiled | RegexOptions.IgnoreCase), "InputType", "string")
     ];
 
     public string Apply(string content, FileMetadata metadata)
     {
-        foreach (var (pattern, typeAttribute) in ValidatorPatterns)
+        var controlTypes = BuildControlTypeLookup(content);
+
+        content = RequiredFieldValidatorRegex.Replace(content, match =>
+        {
+            var attributes = match.Groups["attributes"].Value;
+            if (HasAttribute(attributes, "Type"))
+            {
+                return match.Value;
+            }
+
+            var validatorAttributes = ParseAttributes(attributes);
+            var validatedControl = validatorAttributes.GetValueOrDefault("ControlToValidate")
+                ?? validatorAttributes.GetValueOrDefault("ControlRef");
+            var inferredType = !string.IsNullOrWhiteSpace(validatedControl) && controlTypes.TryGetValue(validatedControl, out var controlType)
+                ? controlType
+                : "object";
+
+            return InsertAttribute(match.Value, "Type", inferredType);
+        });
+
+        foreach (var (pattern, typeAttribute, defaultType) in SimpleValidatorPatterns)
         {
-            content = pattern.Replace(content, match => $"{match.Value} {typeAttribute}=\"string\"");
+            content = pattern.Replace(content, match =>
+            {
+                if (HasAttribute(match.Groups["attributes"].Value, typeAttribute))
+                {
+                    return match.Value;
+                }
+
+                return InsertAttribute(match.Value, typeAttribute, defaultType);
+            });
         }
 
         return content;
     }
+
+    private static Dictionary<string, string> BuildControlTypeLookup(string content)
+    {
+        var controlTypes = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+
+        foreach (Match match in ControlTagRegex.Matches(content))
+        {
+            var tagName = match.Groups["tag"].Value;
+            if (tagName.Equals("RequiredFieldValidator", StringComparison.OrdinalIgnoreCase)
+                || tagName.Equals("CompareValidator", StringComparison.OrdinalIgnoreCase)
+                || tagName.Equals("RangeValidator", StringComparison.OrdinalIgnoreCase))
+            {
+                continue;
+            }
+
+            var attributes = ParseAttributes(match.Groups["attributes"].Value);
+            var controlId = attributes.GetValueOrDefault("ID") ?? attributes.GetValueOrDefault("id");
+            var inferredType = InferControlType(tagName, attributes);
+            if (string.IsNullOrWhiteSpace(controlId) || string.IsNullOrWhiteSpace(inferredType))
+            {
+                continue;
+            }
+
+            controlTypes[controlId] = inferredType;
+        }
+
+        return controlTypes;
+    }
+
+    private static string? InferControlType(string tagName, IReadOnlyDictionary<string, string> attributes)
+    {
+        if (tagName.Equals("TextBox", StringComparison.OrdinalIgnoreCase))
+        {
+            return "string";
+        }
+
+        if (attributes.TryGetValue("Type", out var explicitType) && !string.IsNullOrWhiteSpace(explicitType))
+        {
+            return explicitType;
+        }
+
+        if (attributes.TryGetValue("ValueType", out var valueType) && !string.IsNullOrWhiteSpace(valueType))
+        {
+            return valueType;
+        }
+
+        if (attributes.TryGetValue("TValue", out var tValue) && !string.IsNullOrWhiteSpace(tValue))
+        {
+            return tValue;
+        }
+
+        return null;
+    }
+
+    private static bool HasAttribute(string attributes, string attributeName) =>
+        AttributeRegex.Matches(attributes)
+            .Any(match => string.Equals(match.Groups["name"].Value, attributeName, StringComparison.OrdinalIgnoreCase));
+
+    private static Dictionary<string, string> ParseAttributes(string attributes)
+    {
+        var parsed = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+        foreach (Match match in AttributeRegex.Matches(attributes))
+        {
+            parsed[match.Groups["name"].Value] = match.Groups["value"].Value;
+        }
+
+        return parsed;
+    }
+
+    private static string InsertAttribute(string tag, string attributeName, string attributeValue)
+    {
+        var firstSpaceIndex = tag.IndexOf(' ');
+        if (firstSpaceIndex < 0)
+        {
+            var closeIndex = tag.IndexOf('>');
+            return closeIndex < 0
+                ? tag
+                : tag.Insert(closeIndex, $" {attributeName}=\"{attributeValue}\"");
+        }
+
+        return tag.Insert(firstSpaceIndex, $" {attributeName}=\"{attributeValue}\"");
+    }
 }