feat(api): registration auth, account creation, check-email & email notifications
- Add POST /public/check-email endpoint with rate limiting (10/min)
- Create user accounts during volunteer registration (new or returning)
- Returning volunteers authenticate with existing password
- Add password validation to VolunteerRegistrationRequest
- Normalize emails to lowercase throughout registration flow
- Handle race condition on duplicate accounts gracefully
- Create RegistrationConfirmationMail, RegistrationApprovedMail, RegistrationRejectedMail
- Wire approval/rejection emails into PersonController
- Add POST persons/{person}/reject endpoint
- Trigger TagSyncService on registration and approval
- Add CheckEmailTest, PersonApprovalEmailTest, extend VolunteerRegistrationTest
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
20
api/app/Http/Controllers/Api/V1/CheckEmailController.php
Normal file
20
api/app/Http/Controllers/Api/V1/CheckEmailController.php
Normal file
@@ -0,0 +1,20 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Controllers\Api\V1;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\V1\CheckEmailRequest;
|
||||
use App\Models\User;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
|
||||
final class CheckEmailController extends Controller
|
||||
{
|
||||
public function __invoke(CheckEmailRequest $request): JsonResponse
|
||||
{
|
||||
$exists = User::where('email', strtolower($request->validated('email')))->exists();
|
||||
|
||||
return response()->json(['exists' => $exists]);
|
||||
}
|
||||
}
|
||||
@@ -9,17 +9,22 @@ use App\Http\Requests\Api\V1\StorePersonRequest;
|
||||
use App\Http\Requests\Api\V1\UpdatePersonRequest;
|
||||
use App\Http\Resources\Api\V1\PersonCollection;
|
||||
use App\Http\Resources\Api\V1\PersonResource;
|
||||
use App\Mail\RegistrationApprovedMail;
|
||||
use App\Mail\RegistrationRejectedMail;
|
||||
use App\Models\Event;
|
||||
use App\Models\Person;
|
||||
use App\Services\PersonIdentityService;
|
||||
use App\Services\TagSyncService;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Support\Facades\Mail;
|
||||
|
||||
final class PersonController extends Controller
|
||||
{
|
||||
public function __construct(
|
||||
private readonly PersonIdentityService $identityService,
|
||||
private readonly TagSyncService $tagSyncService,
|
||||
) {}
|
||||
|
||||
public function index(Request $request, Event $event): PersonCollection
|
||||
@@ -107,6 +112,27 @@ final class PersonController extends Controller
|
||||
|
||||
$person->update(['status' => 'approved']);
|
||||
|
||||
$this->tagSyncService->syncFromRegistration($person);
|
||||
|
||||
if ($person->email) {
|
||||
Mail::to($person->email)->queue(new RegistrationApprovedMail($person, $event));
|
||||
}
|
||||
|
||||
return $this->success(new PersonResource($person->fresh()->load('crowdType')));
|
||||
}
|
||||
|
||||
public function reject(Request $request, Event $event, Person $person): JsonResponse
|
||||
{
|
||||
Gate::authorize('approve', [$person, $event]);
|
||||
|
||||
$person->update(['status' => 'rejected']);
|
||||
|
||||
$reason = $request->input('reason');
|
||||
|
||||
if ($person->email) {
|
||||
Mail::to($person->email)->queue(new RegistrationRejectedMail($person, $event, $reason));
|
||||
}
|
||||
|
||||
return $this->success(new PersonResource($person->fresh()->load('crowdType')));
|
||||
}
|
||||
}
|
||||
|
||||
23
api/app/Http/Requests/Api/V1/CheckEmailRequest.php
Normal file
23
api/app/Http/Requests/Api/V1/CheckEmailRequest.php
Normal file
@@ -0,0 +1,23 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
|
||||
final class CheckEmailRequest extends FormRequest
|
||||
{
|
||||
public function authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/** @return array<string, mixed> */
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'email' => ['required', 'email'],
|
||||
];
|
||||
}
|
||||
}
|
||||
@@ -30,7 +30,9 @@ final class VolunteerRegistrationRequest extends FormRequest
|
||||
/** @return array<string, mixed> */
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
$user = auth('sanctum')->user();
|
||||
|
||||
$rules = [
|
||||
'first_name' => ['required_without:_authenticated', 'string', 'max:255'],
|
||||
'last_name' => ['required_without:_authenticated', 'string', 'max:255'],
|
||||
'email' => ['required_without:_authenticated', 'email', 'max:255'],
|
||||
@@ -55,5 +57,13 @@ final class VolunteerRegistrationRequest extends FormRequest
|
||||
|
||||
'field_values' => ['nullable', 'array'],
|
||||
];
|
||||
|
||||
// Password required for unauthenticated registrations
|
||||
if ($user === null) {
|
||||
$rules['password'] = ['required', 'string', 'min:8'];
|
||||
$rules['password_confirmation'] = ['nullable', 'same:password'];
|
||||
}
|
||||
|
||||
return $rules;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user