bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: passwordless registration — defer account creation to approval

Browse Source 
Removes password from the volunteer registration form. Account
creation is now deferred to the approval step:

Backend:
- Registration creates Person without User (user_id=null)
- On approval, system finds or creates User by person.email
- New accounts get a "set password" email with activation link
- Existing accounts get a portal link email
- Added registration_source column to persons (self/organizer)
- Fuzzy name matching skipped for self-registered persons
- person.email is always source of truth for account linking

Frontend:
- Registration form no longer collects password
- Email check shows info alert with login suggestion
- New wachtwoord-instellen.vue page for account activation
- PasswordRequirements.vue component (reused on reset page)
- Success page updated with activation messaging

Tests: 837 passed (all updated for new flow)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-16 03:27:47 +02:00
parent 0221e7f6d3
commit c4a23b6763
22 changed files with 539 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/app/Enums/EmailTemplateType.php
View File

@@ -57,7 +57,7 @@ enum EmailTemplateType: string
self::REGISTRATION_APPROVED => [
'subject' => 'Je registratie voor {event_name} is goedgekeurd!',
'heading' => 'Welkom aan boord!',
'body_text' => 'Goed nieuws! Je registratie als vrijwilliger voor {event_name} is goedgekeurd. Je kunt nu inloggen op het portaal om je diensten te bekijken en te claimen.',
'body_text' => 'Goed nieuws! Je registratie voor {event_name} is goedgekeurd. Klik op de knop hieronder om toegang te krijgen tot het portaal.',
'button_text' => 'Ga naar het portaal',
],
self::REGISTRATION_REJECTED => [

45
api/app/Http/Controllers/Api/V1/PersonController.php
View File

@@ -23,6 +23,9 @@ use App\Services\TagSyncService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Password;
use Illuminate\Support\Str;
use Illuminate\Validation\ValidationException;
final class PersonController extends Controller
@@ -166,9 +169,40 @@ final class PersonController extends Controller
$person->update(['status' => 'approved']);
// Link person to user account (create if needed) using person.email as source of truth
$userCreated = false;
if ($person->email && ! $person->user_id) {
$user = User::where('email', strtolower($person->email))->first();
if (! $user) {
$user = User::create([
'first_name' => $person->first_name,
'last_name' => $person->last_name,
'email' => strtolower($person->email),
'password' => Hash::make(Str::random(40)),
]);
$userCreated = true;
}
$person->user_id = $user->id;
$person->save();
}
$this->tagSyncService->syncFromRegistration($person);
if ($person->email) {
$portalUrl = config('app.frontend_portal_url');
if ($userCreated) {
// New account — send "set password" email with token
$user = User::find($person->user_id);
$token = Password::broker()->createToken($user);
$actionUrl = $portalUrl . '/wachtwoord-instellen?token=' . $token . '&email=' . urlencode($user->email);
} else {
// Existing account — send portal link
$actionUrl = $portalUrl . '/evenementen';
}
$this->emailService->send(
type: EmailTemplateType::REGISTRATION_APPROVED,
recipientEmail: $person->email,
@@ -177,7 +211,7 @@ final class PersonController extends Controller
'event_name' => $event->name,
'organisation_name' => $organisation->name,
],
actionUrl: config('app.frontend_portal_url'),
actionUrl: $actionUrl,
organisation: $organisation,
eventId: $event->id,
personId: $person->id,
@@ -185,6 +219,15 @@ final class PersonController extends Controller
);
}
activity('registration')
->causedBy(auth()->user())
->performedOn($person)
->withProperties([
'user_created' => $userCreated,
'user_email' => $person->email,
])
->log('person.approved');
return $this->success(new PersonResource($person->fresh()->load('crowdType')));
}

7
api/app/Http/Controllers/Api/V1/VolunteerRegistrationController.php
View File

@@ -4,12 +4,10 @@ declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Enums\IdentityMatchStatus;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\VolunteerRegistrationRequest;
use App\Http\Resources\Api\V1\PersonResource;
use App\Models\Event;
use App\Models\PersonIdentityMatch;
use App\Services\VolunteerRegistrationService;
use Illuminate\Http\JsonResponse;
@@ -31,13 +29,8 @@ final class VolunteerRegistrationController extends Controller
$person->load('crowdType');
$hasExistingAccount = PersonIdentityMatch::where('person_id', $person->id)
->where('status', IdentityMatchStatus::PENDING)
->exists();
$responseData = [
'person' => new PersonResource($person),
'has_existing_account' => $hasExistingAccount,
];
if ($person->wasRecentlyCreated) {

7
api/app/Http/Requests/Api/V1/VolunteerRegistrationRequest.php
View File

@@ -5,7 +5,6 @@ declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rules\Password;
final class VolunteerRegistrationRequest extends FormRequest
{
@@ -59,12 +58,6 @@ final class VolunteerRegistrationRequest extends FormRequest
'field_values' => ['nullable', 'array'],
];
// Password required for unauthenticated registrations
if ($user === null) {
$rules['password'] = ['required', 'string', Password::min(8)->mixedCase()->numbers()];
$rules['password_confirmation'] = ['nullable', 'same:password'];
}
return $rules;
}
}

1
api/app/Models/Person.php
View File

@@ -42,6 +42,7 @@ final class Person extends Model
'email',
'phone',
'status',
'registration_source',
'is_blacklisted',
'admin_notes',
'remarks',

6
api/app/Services/PersonIdentityService.php
View File

@@ -106,7 +106,11 @@ final class PersonIdentityService
}
// === Strategy 2: Fuzzy name match (only if no email match found) ===
if ($matches->isEmpty() && $person->first_name && $person->last_name) {
// Skip fuzzy matching for self-registered persons — they provided their
// own email, so that's the canonical identity. Fuzzy name matching with
// a different user would be confusing.
if ($matches->isEmpty() && $person->first_name && $person->last_name
&& ($person->registration_source ?? 'organizer') !== 'self') {
$nameMatches = $orgUsers->filter(function (User $user) use ($person) {
// Skip if same email (already handled above, or would be email match)
if ($person->email && strtolower(trim($user->email)) === strtolower(trim($person->email))) {

67
api/app/Services/VolunteerRegistrationService.php
View File

@@ -12,7 +12,6 @@ use App\Models\Person;
use App\Models\User;
use App\Models\VolunteerAvailability;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Mail;
use Illuminate\Validation\ValidationException;
@@ -43,11 +42,6 @@ final class VolunteerRegistrationService
$this->checkDuplicateRegistration($festivalEvent, $email);
// Resolve or create user account for unauthenticated registrations
if ($user === null) {
$user = $this->resolveUserAccount($email, $validated);
}
$volunteerCrowdType = $this->resolveVolunteerCrowdType($event);
$person = DB::transaction(function () use ($festivalEvent, $validated, $user, $email, $volunteerCrowdType): Person {
@@ -63,6 +57,7 @@ final class VolunteerRegistrationService
'phone' => $validated['phone'] ?? null,
'date_of_birth' => $validated['date_of_birth'] ?? null,
'status' => PersonStatus::PENDING,
'registration_source' => 'self',
'custom_fields' => [
'tshirt_size' => $validated['tshirt_size'] ?? null,
'first_aid' => $validated['first_aid'] ?? false,
@@ -74,9 +69,11 @@ final class VolunteerRegistrationService
]
);
// Set user_id explicitly (not mass-assignable)
$person->user_id = $user->id;
$person->save();
// Link to authenticated user directly (they already have an account)
if ($user) {
$person->user_id = $user->id;
$person->save();
}
$this->syncAvailabilities($person, $festivalEvent, $validated['availabilities'] ?? []);
@@ -94,10 +91,12 @@ final class VolunteerRegistrationService
);
}
// Trigger tag sync user_id is always known now
$this->tagSyncService->syncFromRegistration($person);
// Trigger tag sync if user_id is known
if ($person->user_id) {
$this->tagSyncService->syncFromRegistration($person);
}
$source = auth('sanctum')->check() ? 'authenticated_form' : 'public_form';
$source = $user ? 'authenticated_form' : 'public_form';
$activityLogger = activity('volunteer_registration')
->performedOn($person)
@@ -106,8 +105,11 @@ final class VolunteerRegistrationService
'event_id' => $festivalEvent->id,
'person_id' => $person->id,
'email' => $email,
])
->causedBy($user);
]);
if ($user) {
$activityLogger->causedBy($user);
}
$activityLogger->log('person.registered');
@@ -120,43 +122,6 @@ final class VolunteerRegistrationService
return $person;
}
/**
* Resolve or create user account for the registering email.
*
* @param array<string, mixed> $validated
*
* @throws ValidationException
*/
private function resolveUserAccount(string $email, array $validated): User
{
$existingUser = User::where('email', $email)->first();
if ($existingUser !== null) {
// Returning volunteer: authenticate with provided password
if (!Hash::check($validated['password'], $existingUser->password)) {
throw ValidationException::withMessages([
'password' => ['Wachtwoord onjuist.'],
]);
}
return $existingUser;
}
// New volunteer: create user account
try {
return User::create([
'first_name' => $validated['first_name'],
'last_name' => $validated['last_name'],
'email' => $email,
'password' => Hash::make($validated['password']),
]);
} catch (\Illuminate\Database\UniqueConstraintViolationException) {
throw ValidationException::withMessages([
'email' => ['Dit emailadres heeft al een account. Gebruik je bestaande wachtwoord.'],
]);
}
}
private function resolveFestivalEvent(Event $event): Event
{
if ($event->isSubEvent()) {