bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): registration auth, account creation, check-email & email notifications

Browse Source 
- Add POST /public/check-email endpoint with rate limiting (10/min)
- Create user accounts during volunteer registration (new or returning)
- Returning volunteers authenticate with existing password
- Add password validation to VolunteerRegistrationRequest
- Normalize emails to lowercase throughout registration flow
- Handle race condition on duplicate accounts gracefully
- Create RegistrationConfirmationMail, RegistrationApprovedMail, RegistrationRejectedMail
- Wire approval/rejection emails into PersonController
- Add POST persons/{person}/reject endpoint
- Trigger TagSyncService on registration and approval
- Add CheckEmailTest, PersonApprovalEmailTest, extend VolunteerRegistrationTest

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-13 00:37:04 +02:00
parent 4df82d8358
commit 8435e74fd3
17 changed files with 802 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
api/app/Http/Controllers/Api/V1/CheckEmailController.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\CheckEmailRequest;
use App\Models\User;
use Illuminate\Http\JsonResponse;
final class CheckEmailController extends Controller
{
public function __invoke(CheckEmailRequest $request): JsonResponse
{
$exists = User::where('email', strtolower($request->validated('email')))->exists();
return response()->json(['exists' => $exists]);
}
}

26
api/app/Http/Controllers/Api/V1/PersonController.php
View File

@@ -9,17 +9,22 @@ use App\Http\Requests\Api\V1\StorePersonRequest;
use App\Http\Requests\Api\V1\UpdatePersonRequest;
use App\Http\Resources\Api\V1\PersonCollection;
use App\Http\Resources\Api\V1\PersonResource;
use App\Mail\RegistrationApprovedMail;
use App\Mail\RegistrationRejectedMail;
use App\Models\Event;
use App\Models\Person;
use App\Services\PersonIdentityService;
use App\Services\TagSyncService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Mail;
final class PersonController extends Controller
{
public function __construct(
private readonly PersonIdentityService $identityService,
private readonly TagSyncService $tagSyncService,
) {}
public function index(Request $request, Event $event): PersonCollection
@@ -107,6 +112,27 @@ final class PersonController extends Controller
$person->update(['status' => 'approved']);
$this->tagSyncService->syncFromRegistration($person);
if ($person->email) {
Mail::to($person->email)->queue(new RegistrationApprovedMail($person, $event));
}
return $this->success(new PersonResource($person->fresh()->load('crowdType')));
}
public function reject(Request $request, Event $event, Person $person): JsonResponse
{
Gate::authorize('approve', [$person, $event]);
$person->update(['status' => 'rejected']);
$reason = $request->input('reason');
if ($person->email) {
Mail::to($person->email)->queue(new RegistrationRejectedMail($person, $event, $reason));
}
return $this->success(new PersonResource($person->fresh()->load('crowdType')));
}
}

23
api/app/Http/Requests/Api/V1/CheckEmailRequest.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class CheckEmailRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'email' => ['required', 'email'],
];
}
}

12
api/app/Http/Requests/Api/V1/VolunteerRegistrationRequest.php
View File

@@ -30,7 +30,9 @@ final class VolunteerRegistrationRequest extends FormRequest
/** @return array<string, mixed> */
public function rules(): array
{
return [
$user = auth('sanctum')->user();
$rules = [
'first_name' => ['required_without:_authenticated', 'string', 'max:255'],
'last_name' => ['required_without:_authenticated', 'string', 'max:255'],
'email' => ['required_without:_authenticated', 'email', 'max:255'],
@@ -55,5 +57,13 @@ final class VolunteerRegistrationRequest extends FormRequest
'field_values' => ['nullable', 'array'],
];
// Password required for unauthenticated registrations
if ($user === null) {
$rules['password'] = ['required', 'string', 'min:8'];
$rules['password_confirmation'] = ['nullable', 'same:password'];
}
return $rules;
}
}

44
api/app/Mail/RegistrationApprovedMail.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
declare(strict_types=1);
namespace App\Mail;
use App\Models\Event;
use App\Models\Person;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Mail\Mailable;
use Illuminate\Mail\Mailables\Content;
use Illuminate\Mail\Mailables\Envelope;
use Illuminate\Queue\SerializesModels;
final class RegistrationApprovedMail extends Mailable implements ShouldQueue
{
use Queueable;
use SerializesModels;
public function __construct(
public readonly Person $person,
public readonly Event $event,
) {}
public function envelope(): Envelope
{
return new Envelope(
subject: "Je bent goedgekeurd! — {$this->event->name}",
);
}
public function content(): Content
{
return new Content(
markdown: 'emails.registration-approved',
with: [
'personName' => $this->person->first_name,
'eventName' => $this->event->name,
'portalUrl' => config('app.frontend_portal_url'),
],
);
}
}

46
api/app/Mail/RegistrationConfirmationMail.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
declare(strict_types=1);
namespace App\Mail;
use App\Models\Event;
use App\Models\Person;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Mail\Mailable;
use Illuminate\Mail\Mailables\Content;
use Illuminate\Mail\Mailables\Envelope;
use Illuminate\Queue\SerializesModels;
final class RegistrationConfirmationMail extends Mailable implements ShouldQueue
{
use Queueable;
use SerializesModels;
public function __construct(
public readonly Person $person,
public readonly Event $event,
) {}
public function envelope(): Envelope
{
return new Envelope(
subject: "Bevestiging aanmelding {$this->event->name}",
);
}
public function content(): Content
{
return new Content(
markdown: 'emails.registration-confirmation',
with: [
'personName' => $this->person->first_name,
'eventName' => $this->event->name,
'startDate' => $this->event->start_date->format('d-m-Y'),
'endDate' => $this->event->end_date->format('d-m-Y'),
'portalUrl' => config('app.frontend_portal_url'),
],
);
}
}

45
api/app/Mail/RegistrationRejectedMail.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
declare(strict_types=1);
namespace App\Mail;
use App\Models\Event;
use App\Models\Person;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Mail\Mailable;
use Illuminate\Mail\Mailables\Content;
use Illuminate\Mail\Mailables\Envelope;
use Illuminate\Queue\SerializesModels;
final class RegistrationRejectedMail extends Mailable implements ShouldQueue
{
use Queueable;
use SerializesModels;
public function __construct(
public readonly Person $person,
public readonly Event $event,
public readonly ?string $reason = null,
) {}
public function envelope(): Envelope
{
return new Envelope(
subject: "Update over je aanmelding — {$this->event->name}",
);
}
public function content(): Content
{
return new Content(
markdown: 'emails.registration-rejected',
with: [
'personName' => $this->person->first_name,
'eventName' => $this->event->name,
'reason' => $this->reason,
],
);
}
}

91
api/app/Services/VolunteerRegistrationService.php
View File

@@ -5,22 +5,24 @@ declare(strict_types=1);
namespace App\Services;
use App\Enums\PersonStatus;
use App\Mail\RegistrationConfirmationMail;
use App\Models\CrowdType;
use App\Models\Event;
use App\Models\Person;
use App\Models\User;
use App\Models\VolunteerAvailability;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Schema;
use Illuminate\Support\Facades\Mail;
use Illuminate\Validation\ValidationException;
final class VolunteerRegistrationService
{
public function __construct(
private readonly PersonIdentityService $identityService,
private readonly RegistrationFormFieldService $registrationFormFieldService,
private readonly PersonSectionPreferenceService $personSectionPreferenceService,
private readonly TagSyncService $tagSyncService,
) {}
/**
@@ -37,23 +39,28 @@ final class VolunteerRegistrationService
}
$festivalEvent = $this->resolveFestivalEvent($event);
$email = $user?->email ?? $validated['email'];
$email = strtolower($user?->email ?? $validated['email']);
$this->checkDuplicateRegistration($festivalEvent, $email);
// Resolve or create user account for unauthenticated registrations
if ($user === null) {
$user = $this->resolveUserAccount($email, $validated);
}
$volunteerCrowdType = $this->resolveVolunteerCrowdType($event);
return DB::transaction(function () use ($festivalEvent, $validated, $user, $email, $volunteerCrowdType): Person {
$person = DB::transaction(function () use ($festivalEvent, $validated, $user, $email, $volunteerCrowdType): Person {
$person = Person::updateOrCreate(
[
'event_id' => $festivalEvent->id,
'email' => $email,
],
[
'user_id' => $user?->id,
'user_id' => $user->id,
'crowd_type_id' => $volunteerCrowdType->id,
'first_name' => $user?->first_name ?? $validated['first_name'],
'last_name' => $user?->last_name ?? $validated['last_name'],
'first_name' => $validated['first_name'] ?? $user->first_name,
'last_name' => $validated['last_name'] ?? $user->last_name,
'phone' => $validated['phone'] ?? null,
'date_of_birth' => $validated['date_of_birth'] ?? null,
'status' => PersonStatus::PENDING,
@@ -84,11 +91,10 @@ final class VolunteerRegistrationService
);
}
if ($user === null) {
$this->detectIdentityMatch($person);
}
// Trigger tag sync — user_id is always known now
$this->tagSyncService->syncFromRegistration($person);
$source = $user !== null ? 'authenticated_form' : 'public_form';
$source = auth('sanctum')->check() ? 'authenticated_form' : 'public_form';
$activityLogger = activity('volunteer_registration')
->performedOn($person)
@@ -97,16 +103,55 @@ final class VolunteerRegistrationService
'event_id' => $festivalEvent->id,
'person_id' => $person->id,
'email' => $email,
]);
if ($user !== null) {
$activityLogger->causedBy($user);
}
])
->causedBy($user);
$activityLogger->log('person.registered');
return $person;
});
// Send confirmation email (queued, outside transaction)
Mail::to($person->email)->queue(new RegistrationConfirmationMail($person, $festivalEvent));
return $person;
}
/**
* Resolve or create user account for the registering email.
*
* @param array<string, mixed> $validated
*
* @throws ValidationException
*/
private function resolveUserAccount(string $email, array $validated): User
{
$existingUser = User::where('email', $email)->first();
if ($existingUser !== null) {
// Returning volunteer: authenticate with provided password
if (!Hash::check($validated['password'], $existingUser->password)) {
throw ValidationException::withMessages([
'password' => ['Wachtwoord onjuist.'],
]);
}
return $existingUser;
}
// New volunteer: create user account
try {
return User::create([
'first_name' => $validated['first_name'],
'last_name' => $validated['last_name'],
'email' => $email,
'password' => Hash::make($validated['password']),
]);
} catch (\Illuminate\Database\UniqueConstraintViolationException) {
throw ValidationException::withMessages([
'email' => ['Dit emailadres heeft al een account. Gebruik je bestaande wachtwoord.'],
]);
}
}
private function resolveFestivalEvent(Event $event): Event
@@ -188,18 +233,4 @@ final class VolunteerRegistrationService
]);
}
}
private function detectIdentityMatch(Person $person): void
{
if (! Schema::hasTable('person_identity_matches')) {
activity('volunteer_registration')
->performedOn($person)
->withProperties(['email' => $person->email])
->log('person.identity_match_skipped_table_missing');
return;
}
$this->identityService->detectMatchForPerson($person);
}
}

1
api/config/app.php
View File

@@ -124,5 +124,6 @@ return [
],
'frontend_app_url' => env('FRONTEND_APP_URL', 'http://localhost:5174'),
'frontend_portal_url' => env('FRONTEND_PORTAL_URL', 'http://localhost:5175'),
];

14
api/resources/views/emails/registration-approved.blade.php Normal file
View File

@@ -0,0 +1,14 @@
<x-mail::message>
# Goed nieuws, {{ $personName }}!
Goed nieuws! Je bent goedgekeurd als vrijwilliger voor **{{ $eventName }}**.
Log in op het portaal om je shifts te bekijken en te claimen.
<x-mail::button :url="$portalUrl">
Naar het portaal
</x-mail::button>
Met vriendelijke groet,<br>
{{ config('app.name') }}
</x-mail::message>

19
api/resources/views/emails/registration-confirmation.blade.php Normal file
View File

@@ -0,0 +1,19 @@
<x-mail::message>
# Bedankt voor je aanmelding, {{ $personName }}!
Bedankt voor je aanmelding als vrijwilliger voor **{{ $eventName }}**!
Je registratie wordt beoordeeld door de organisatie. Je ontvangt een e-mail zodra je aanmelding is verwerkt.
Je kunt inloggen op het vrijwilligersportaal om je status te volgen.
<x-mail::button :url="$portalUrl">
Naar het portaal
</x-mail::button>
**Evenement:** {{ $eventName }}<br>
**Datum:** {{ $startDate }} t/m {{ $endDate }}
Met vriendelijke groet,<br>
{{ config('app.name') }}
</x-mail::message>

14
api/resources/views/emails/registration-rejected.blade.php Normal file
View File

@@ -0,0 +1,14 @@
<x-mail::message>
# Update over je aanmelding, {{ $personName }}
Helaas hebben we je aanmelding voor **{{ $eventName }}** niet kunnen goedkeuren.
@if($reason)
**Reden:** {{ $reason }}
@endif
Neem contact op met de organisatie als je vragen hebt.
Met vriendelijke groet,<br>
{{ config('app.name') }}
</x-mail::message>

3
api/routes/api.php
View File

@@ -2,6 +2,7 @@
declare(strict_types=1);
use App\Http\Controllers\Api\V1\CheckEmailController;
use App\Http\Controllers\Api\V1\CompanyController;
use App\Http\Controllers\Api\V1\CrowdListController;
use App\Http\Controllers\Api\V1\CrowdTypeController;
@@ -60,6 +61,7 @@ Route::post('invitations/{token}/accept', [InvitationController::class, 'accept'
// Public portal routes
Route::get('public/events/{slug}/registration-data', PublicRegistrationDataController::class);
Route::post('public/check-email', CheckEmailController::class)->middleware('throttle:10,1');
Route::post('events/{event}/volunteer-register', VolunteerRegistrationController::class);
Route::post('portal/token-auth', [PortalTokenController::class, 'auth']);
@@ -164,6 +166,7 @@ Route::middleware('auth:sanctum')->group(function () {
Route::apiResource('persons', PersonController::class);
Route::post('persons/{person}/approve', [PersonController::class, 'approve']);
Route::post('persons/{person}/reject', [PersonController::class, 'reject']);
// Volunteer availabilities
Route::get('persons/{person}/availabilities', [VolunteerAvailabilityController::class, 'index']);

81
api/tests/Feature/Api/V1/CheckEmailTest.php Normal file
View File

@@ -0,0 +1,81 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\Api\V1;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class CheckEmailTest extends TestCase
{
use RefreshDatabase;
public function test_existing_email_returns_exists_true(): void
{
User::factory()->create(['email' => 'lisa@test.nl']);
$response = $this->postJson('/api/v1/public/check-email', [
'email' => 'lisa@test.nl',
]);
$response->assertOk();
$response->assertJson(['exists' => true]);
}
public function test_unknown_email_returns_exists_false(): void
{
$response = $this->postJson('/api/v1/public/check-email', [
'email' => 'nobody@test.nl',
]);
$response->assertOk();
$response->assertJson(['exists' => false]);
}
public function test_email_check_is_case_insensitive(): void
{
User::factory()->create(['email' => 'lisa@test.nl']);
$response = $this->postJson('/api/v1/public/check-email', [
'email' => 'LISA@TEST.NL',
]);
$response->assertOk();
$response->assertJson(['exists' => true]);
}
public function test_rate_limiting_returns_429(): void
{
for ($i = 0; $i < 10; $i++) {
$this->postJson('/api/v1/public/check-email', [
'email' => 'test@test.nl',
])->assertOk();
}
$response = $this->postJson('/api/v1/public/check-email', [
'email' => 'test@test.nl',
]);
$response->assertStatus(429);
}
public function test_invalid_email_returns_422(): void
{
$response = $this->postJson('/api/v1/public/check-email', [
'email' => 'not-an-email',
]);
$response->assertStatus(422);
$response->assertJsonValidationErrors('email');
}
public function test_missing_email_returns_422(): void
{
$response = $this->postJson('/api/v1/public/check-email', []);
$response->assertStatus(422);
$response->assertJsonValidationErrors('email');
}
}

153
api/tests/Feature/Api/V1/PersonApprovalEmailTest.php Normal file
View File

@@ -0,0 +1,153 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\Api\V1;
use App\Mail\RegistrationApprovedMail;
use App\Mail\RegistrationRejectedMail;
use App\Models\CrowdType;
use App\Models\Event;
use App\Models\Organisation;
use App\Models\Person;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Mail;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class PersonApprovalEmailTest extends TestCase
{
use RefreshDatabase;
private User $orgAdmin;
private Organisation $organisation;
private Event $event;
private CrowdType $crowdType;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
$this->organisation = Organisation::factory()->create();
$this->orgAdmin = User::factory()->create();
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
$this->event = Event::factory()->create([
'organisation_id' => $this->organisation->id,
]);
$this->crowdType = CrowdType::factory()->systemType('VOLUNTEER')->create([
'organisation_id' => $this->organisation->id,
]);
}
public function test_approving_person_sends_approved_email(): void
{
Mail::fake();
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
'status' => 'pending',
'email' => 'volunteer@test.nl',
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/persons/{$person->id}/approve");
$response->assertOk();
Mail::assertQueued(RegistrationApprovedMail::class, function ($mail) {
return $mail->hasTo('volunteer@test.nl');
});
}
public function test_rejecting_person_sends_rejected_email_with_reason(): void
{
Mail::fake();
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
'status' => 'pending',
'email' => 'volunteer@test.nl',
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/persons/{$person->id}/reject", [
'reason' => 'Geen beschikbaarheid op de juiste momenten.',
]);
$response->assertOk();
$this->assertDatabaseHas('persons', [
'id' => $person->id,
'status' => 'rejected',
]);
Mail::assertQueued(RegistrationRejectedMail::class, function ($mail) {
return $mail->hasTo('volunteer@test.nl')
&& $mail->reason === 'Geen beschikbaarheid op de juiste momenten.';
});
}
public function test_rejecting_person_sends_rejected_email_without_reason(): void
{
Mail::fake();
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
'status' => 'pending',
'email' => 'volunteer@test.nl',
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/persons/{$person->id}/reject");
$response->assertOk();
Mail::assertQueued(RegistrationRejectedMail::class, function ($mail) {
return $mail->hasTo('volunteer@test.nl')
&& $mail->reason === null;
});
}
public function test_unauthenticated_cannot_approve(): void
{
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
'status' => 'pending',
]);
$response = $this->postJson("/api/v1/events/{$this->event->id}/persons/{$person->id}/approve");
$response->assertStatus(401);
}
public function test_outsider_cannot_approve(): void
{
$outsider = User::factory()->create();
$otherOrg = Organisation::factory()->create();
$otherOrg->users()->attach($outsider, ['role' => 'org_admin']);
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
'status' => 'pending',
]);
Sanctum::actingAs($outsider);
$response = $this->postJson("/api/v1/events/{$this->event->id}/persons/{$person->id}/approve");
$response->assertStatus(403);
}
}

18
api/tests/Feature/Api/V1/RegistrationSettingsTest.php
View File

@@ -195,8 +195,10 @@ class RegistrationSettingsTest extends TestCase
->assertJsonPath('data.0.section_count', 1);
}
public function test_section_preferences_stored_as_section_name(): void
public function test_section_preferences_stored_in_table(): void
{
\Illuminate\Support\Facades\Mail::fake();
// This is a regression check for the VolunteerRegistration flow
$event = Event::factory()->create([
'organisation_id' => $this->organisation->id,
@@ -207,7 +209,7 @@ class RegistrationSettingsTest extends TestCase
'organisation_id' => $this->organisation->id,
]);
FestivalSection::factory()->create([
$section = FestivalSection::factory()->create([
'event_id' => $event->id,
'name' => 'Backstage',
'show_in_registration' => true,
@@ -217,18 +219,20 @@ class RegistrationSettingsTest extends TestCase
'first_name' => 'Test',
'last_name' => 'Vrijwilliger',
'email' => 'test-section-pref@example.nl',
'password' => 'wachtwoord123',
'section_preferences' => [
['section_name' => 'Backstage', 'priority' => 1],
['festival_section_id' => $section->id, 'priority' => 1],
],
]);
$response->assertStatus(201);
$person = \App\Models\Person::where('email', 'test-section-pref@example.nl')->first();
$prefs = $person->custom_fields['section_preferences'];
$this->assertCount(1, $prefs);
$this->assertEquals('Backstage', $prefs[0]['section_name']);
$this->assertEquals(1, $prefs[0]['priority']);
$this->assertDatabaseHas('person_section_preferences', [
'person_id' => $person->id,
'festival_section_id' => $section->id,
'priority' => 1,
]);
}
}

230
api/tests/Feature/Api/V1/VolunteerRegistrationTest.php
View File

@@ -5,6 +5,7 @@ declare(strict_types=1);
namespace Tests\Feature\Api\V1;
use App\Enums\PersonStatus;
use App\Mail\RegistrationConfirmationMail;
use App\Models\CrowdType;
use App\Models\Event;
use App\Models\FestivalSection;
@@ -15,6 +16,8 @@ use App\Models\TimeSlot;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\Schema;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
@@ -54,10 +57,13 @@ class VolunteerRegistrationTest extends TestCase
public function test_volunteer_can_register_with_all_fields(): void
{
Mail::fake();
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Jan',
'last_name' => 'de Vries',
'email' => 'jan@voorbeeld.nl',
'password' => 'wachtwoord123',
'phone' => '+31612345678',
'tshirt_size' => 'L',
'motivation' => 'Ik wil graag helpen bij dit festival!',
@@ -77,10 +83,13 @@ class VolunteerRegistrationTest extends TestCase
public function test_volunteer_can_register_with_minimal_fields(): void
{
Mail::fake();
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Sophie',
'last_name' => 'Bakker',
'email' => 'sophie@voorbeeld.nl',
'password' => 'wachtwoord123',
]);
$response->assertStatus(201);
@@ -108,6 +117,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Pieter',
'last_name' => 'Jansen',
'email' => 'pieter@voorbeeld.nl',
'password' => 'wachtwoord123',
]);
$response->assertStatus(201);
@@ -120,12 +130,14 @@ class VolunteerRegistrationTest extends TestCase
public function test_registration_syncs_availabilities(): void
{
Mail::fake();
$timeSlot2 = TimeSlot::factory()->create(['event_id' => $this->event->id]);
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Fleur',
'last_name' => 'Vermeer',
'email' => 'fleur@voorbeeld.nl',
'password' => 'wachtwoord123',
'availabilities' => [
['time_slot_id' => $this->timeSlot->id, 'preference_level' => 4],
['time_slot_id' => $timeSlot2->id, 'preference_level' => 2],
@@ -150,10 +162,13 @@ class VolunteerRegistrationTest extends TestCase
public function test_registration_stores_custom_fields(): void
{
Mail::fake();
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Daan',
'last_name' => 'Mulder',
'email' => 'daan@voorbeeld.nl',
'password' => 'wachtwoord123',
'tshirt_size' => 'XL',
'motivation' => 'Ik vind festivals geweldig.',
'section_preferences' => [
@@ -178,10 +193,13 @@ class VolunteerRegistrationTest extends TestCase
public function test_volunteer_can_register_with_date_of_birth(): void
{
Mail::fake();
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Mila',
'last_name' => 'de Boer',
'email' => 'mila@voorbeeld.nl',
'password' => 'wachtwoord123',
'date_of_birth' => '1998-05-12',
]);
@@ -193,10 +211,13 @@ class VolunteerRegistrationTest extends TestCase
public function test_volunteer_can_register_without_date_of_birth(): void
{
Mail::fake();
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Sem',
'last_name' => 'van Beek',
'email' => 'sem@voorbeeld.nl',
'password' => 'wachtwoord123',
]);
$response->assertStatus(201);
@@ -211,6 +232,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Tijn',
'last_name' => 'Kuiper',
'email' => 'tijn@voorbeeld.nl',
'password' => 'wachtwoord123',
'date_of_birth' => now()->addDay()->format('Y-m-d'),
]);
@@ -220,16 +242,20 @@ class VolunteerRegistrationTest extends TestCase
public function test_duplicate_email_rejected(): void
{
Mail::fake();
$this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Anna',
'last_name' => 'Smit',
'email' => 'anna@voorbeeld.nl',
'password' => 'wachtwoord123',
]);
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Anna',
'last_name' => 'Smit',
'email' => 'anna@voorbeeld.nl',
'password' => 'wachtwoord123',
]);
$response->assertStatus(422);
@@ -238,6 +264,8 @@ class VolunteerRegistrationTest extends TestCase
public function test_rejected_person_can_reregister(): void
{
Mail::fake();
Person::factory()->rejected()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->volunteerCrowdType->id,
@@ -248,6 +276,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Herkan',
'last_name' => 'Poging',
'email' => 'herkan@voorbeeld.nl',
'password' => 'wachtwoord123',
]);
$response->assertStatus(200);
@@ -269,6 +298,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Test',
'last_name' => 'Persoon',
'email' => 'test@voorbeeld.nl',
'password' => 'wachtwoord123',
]);
$response->assertStatus(422);
@@ -280,6 +310,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Bas',
'last_name' => 'van Dijk',
'email' => 'bas@voorbeeld.nl',
'password' => 'wachtwoord123',
'availabilities' => [
['time_slot_id' => '01JNONEXISTENT00000000000', 'preference_level' => 3],
],
@@ -439,6 +470,8 @@ class VolunteerRegistrationTest extends TestCase
public function test_volunteer_can_register_with_field_values(): void
{
Mail::fake();
$selectField = RegistrationFormField::factory()->selectField()->create([
'event_id' => $this->event->id,
'sort_order' => 0,
@@ -453,6 +486,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Noor',
'last_name' => 'Janssen',
'email' => 'noor@voorbeeld.nl',
'password' => 'wachtwoord123',
'field_values' => [
$selectField->slug => 'L',
$textField->slug => 'Ik ben een ervaren vrijwilliger',
@@ -478,6 +512,8 @@ class VolunteerRegistrationTest extends TestCase
public function test_volunteer_can_register_with_section_preferences(): void
{
Mail::fake();
$section1 = FestivalSection::factory()->create([
'event_id' => $this->event->id,
'name' => 'Hoofdpodium Bar',
@@ -492,6 +528,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Rick',
'last_name' => 'Peters',
'email' => 'rick@voorbeeld.nl',
'password' => 'wachtwoord123',
'section_preferences' => [
['festival_section_id' => $section1->id, 'priority' => 1],
['festival_section_id' => $section2->id, 'priority' => 2],
@@ -517,6 +554,8 @@ class VolunteerRegistrationTest extends TestCase
public function test_volunteer_can_register_with_multiselect_field_values(): void
{
Mail::fake();
$multiselectField = RegistrationFormField::factory()->multiselectField()->create([
'event_id' => $this->event->id,
]);
@@ -525,6 +564,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Femke',
'last_name' => 'de Jong',
'email' => 'femke@voorbeeld.nl',
'password' => 'wachtwoord123',
'field_values' => [
$multiselectField->slug => ['Vegetarisch', 'Glutenvrij'],
],
@@ -546,6 +586,196 @@ class VolunteerRegistrationTest extends TestCase
$this->assertEquals(['Vegetarisch', 'Glutenvrij'], $value->selected_options);
}
// ─── User Account Creation ──────────────────────────────────────────
public function test_new_volunteer_registration_creates_user_account(): void
{
Mail::fake();
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Nieuwe',
'last_name' => 'Vrijwilliger',
'email' => 'nieuw@voorbeeld.nl',
'password' => 'wachtwoord123',
]);
$response->assertStatus(201);
$this->assertDatabaseHas('users', [
'email' => 'nieuw@voorbeeld.nl',
'first_name' => 'Nieuwe',
'last_name' => 'Vrijwilliger',
]);
$user = User::where('email', 'nieuw@voorbeeld.nl')->first();
$this->assertDatabaseHas('persons', [
'email' => 'nieuw@voorbeeld.nl',
'user_id' => $user->id,
'event_id' => $this->event->id,
]);
}
public function test_returning_volunteer_with_correct_password_creates_person(): void
{
Mail::fake();
$existingUser = User::factory()->create([
'first_name' => 'Terug',
'last_name' => 'Keerder',
'email' => 'terug@voorbeeld.nl',
'password' => Hash::make('bestaandwachtwoord'),
]);
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Terug',
'last_name' => 'Keerder',
'email' => 'terug@voorbeeld.nl',
'password' => 'bestaandwachtwoord',
]);
$response->assertStatus(201);
$this->assertDatabaseHas('persons', [
'email' => 'terug@voorbeeld.nl',
'user_id' => $existingUser->id,
'event_id' => $this->event->id,
]);
// Should not have created a new user
$this->assertEquals(1, User::where('email', 'terug@voorbeeld.nl')->count());
}
public function test_returning_volunteer_with_wrong_password_returns_422(): void
{
User::factory()->create([
'email' => 'bestaand@voorbeeld.nl',
'password' => Hash::make('echtgeheim'),
]);
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Fout',
'last_name' => 'Wachtwoord',
'email' => 'bestaand@voorbeeld.nl',
'password' => 'foutwachtwoord',
]);
$response->assertStatus(422);
$response->assertJsonValidationErrors('password');
}
public function test_registration_sends_confirmation_email(): void
{
Mail::fake();
$this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Mail',
'last_name' => 'Test',
'email' => 'mailtest@voorbeeld.nl',
'password' => 'wachtwoord123',
]);
Mail::assertQueued(RegistrationConfirmationMail::class, function ($mail) {
return $mail->hasTo('mailtest@voorbeeld.nl');
});
}
public function test_email_is_always_stored_lowercase(): void
{
Mail::fake();
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Hoofdletter',
'last_name' => 'Email',
'email' => 'HOOFDLETTER@VOORBEELD.NL',
'password' => 'wachtwoord123',
]);
$response->assertStatus(201);
$this->assertDatabaseHas('persons', [
'email' => 'hoofdletter@voorbeeld.nl',
]);
$this->assertDatabaseHas('users', [
'email' => 'hoofdletter@voorbeeld.nl',
]);
}
public function test_password_required_for_unauthenticated_registration(): void
{
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Zonder',
'last_name' => 'Wachtwoord',
'email' => 'geenww@voorbeeld.nl',
]);
$response->assertStatus(422);
$response->assertJsonValidationErrors('password');
}
public function test_password_not_required_for_authenticated_registration(): void
{
Mail::fake();
$user = User::factory()->create([
'first_name' => 'Auth',
'last_name' => 'User',
'email' => 'authuser@voorbeeld.nl',
]);
$this->organisation->users()->attach($user, ['role' => 'org_member']);
Sanctum::actingAs($user);
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", []);
$response->assertStatus(201);
}
// ─── Registration Data Endpoint ─────────────────────────────────────
public function test_registration_data_includes_registration_fields(): void
{
$field = RegistrationFormField::factory()->selectField()->create([
'event_id' => $this->event->id,
'is_portal_visible' => true,
'is_admin_only' => false,
]);
$response = $this->getJson("/api/v1/public/events/{$this->event->slug}/registration-data");
$response->assertOk();
$response->assertJsonPath('data.registration_fields.0.slug', $field->slug);
}
public function test_registration_data_excludes_admin_only_fields(): void
{
RegistrationFormField::factory()->selectField()->create([
'event_id' => $this->event->id,
'is_portal_visible' => true,
'is_admin_only' => true,
]);
$response = $this->getJson("/api/v1/public/events/{$this->event->slug}/registration-data");
$response->assertOk();
$response->assertJsonCount(0, 'data.registration_fields');
}
public function test_registration_data_includes_form_toggles(): void
{
$response = $this->getJson("/api/v1/public/events/{$this->event->slug}/registration-data");
$response->assertOk();
$response->assertJsonStructure([
'data' => [
'event' => [
'registration_show_section_preferences',
'registration_show_availability',
],
],
]);
}
public function test_portal_me_includes_field_values_and_section_preferences(): void
{
$user = User::factory()->create(['first_name' => 'Lotte', 'last_name' => 'Vos']);