feat: passwordless registration — defer account creation to approval
Removes password from the volunteer registration form. Account creation is now deferred to the approval step: Backend: - Registration creates Person without User (user_id=null) - On approval, system finds or creates User by person.email - New accounts get a "set password" email with activation link - Existing accounts get a portal link email - Added registration_source column to persons (self/organizer) - Fuzzy name matching skipped for self-registered persons - person.email is always source of truth for account linking Frontend: - Registration form no longer collects password - Email check shows info alert with login suggestion - New wachtwoord-instellen.vue page for account activation - PasswordRequirements.vue component (reused on reset page) - Success page updated with activation messaging Tests: 837 passed (all updated for new flow) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -12,7 +12,6 @@ use App\Models\Person;
|
||||
use App\Models\User;
|
||||
use App\Models\VolunteerAvailability;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Illuminate\Support\Facades\Mail;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
@@ -43,11 +42,6 @@ final class VolunteerRegistrationService
|
||||
|
||||
$this->checkDuplicateRegistration($festivalEvent, $email);
|
||||
|
||||
// Resolve or create user account for unauthenticated registrations
|
||||
if ($user === null) {
|
||||
$user = $this->resolveUserAccount($email, $validated);
|
||||
}
|
||||
|
||||
$volunteerCrowdType = $this->resolveVolunteerCrowdType($event);
|
||||
|
||||
$person = DB::transaction(function () use ($festivalEvent, $validated, $user, $email, $volunteerCrowdType): Person {
|
||||
@@ -63,6 +57,7 @@ final class VolunteerRegistrationService
|
||||
'phone' => $validated['phone'] ?? null,
|
||||
'date_of_birth' => $validated['date_of_birth'] ?? null,
|
||||
'status' => PersonStatus::PENDING,
|
||||
'registration_source' => 'self',
|
||||
'custom_fields' => [
|
||||
'tshirt_size' => $validated['tshirt_size'] ?? null,
|
||||
'first_aid' => $validated['first_aid'] ?? false,
|
||||
@@ -74,9 +69,11 @@ final class VolunteerRegistrationService
|
||||
]
|
||||
);
|
||||
|
||||
// Set user_id explicitly (not mass-assignable)
|
||||
$person->user_id = $user->id;
|
||||
$person->save();
|
||||
// Link to authenticated user directly (they already have an account)
|
||||
if ($user) {
|
||||
$person->user_id = $user->id;
|
||||
$person->save();
|
||||
}
|
||||
|
||||
$this->syncAvailabilities($person, $festivalEvent, $validated['availabilities'] ?? []);
|
||||
|
||||
@@ -94,10 +91,12 @@ final class VolunteerRegistrationService
|
||||
);
|
||||
}
|
||||
|
||||
// Trigger tag sync — user_id is always known now
|
||||
$this->tagSyncService->syncFromRegistration($person);
|
||||
// Trigger tag sync if user_id is known
|
||||
if ($person->user_id) {
|
||||
$this->tagSyncService->syncFromRegistration($person);
|
||||
}
|
||||
|
||||
$source = auth('sanctum')->check() ? 'authenticated_form' : 'public_form';
|
||||
$source = $user ? 'authenticated_form' : 'public_form';
|
||||
|
||||
$activityLogger = activity('volunteer_registration')
|
||||
->performedOn($person)
|
||||
@@ -106,8 +105,11 @@ final class VolunteerRegistrationService
|
||||
'event_id' => $festivalEvent->id,
|
||||
'person_id' => $person->id,
|
||||
'email' => $email,
|
||||
])
|
||||
->causedBy($user);
|
||||
]);
|
||||
|
||||
if ($user) {
|
||||
$activityLogger->causedBy($user);
|
||||
}
|
||||
|
||||
$activityLogger->log('person.registered');
|
||||
|
||||
@@ -120,43 +122,6 @@ final class VolunteerRegistrationService
|
||||
return $person;
|
||||
}
|
||||
|
||||
/**
|
||||
* Resolve or create user account for the registering email.
|
||||
*
|
||||
* @param array<string, mixed> $validated
|
||||
*
|
||||
* @throws ValidationException
|
||||
*/
|
||||
private function resolveUserAccount(string $email, array $validated): User
|
||||
{
|
||||
$existingUser = User::where('email', $email)->first();
|
||||
|
||||
if ($existingUser !== null) {
|
||||
// Returning volunteer: authenticate with provided password
|
||||
if (!Hash::check($validated['password'], $existingUser->password)) {
|
||||
throw ValidationException::withMessages([
|
||||
'password' => ['Wachtwoord onjuist.'],
|
||||
]);
|
||||
}
|
||||
|
||||
return $existingUser;
|
||||
}
|
||||
|
||||
// New volunteer: create user account
|
||||
try {
|
||||
return User::create([
|
||||
'first_name' => $validated['first_name'],
|
||||
'last_name' => $validated['last_name'],
|
||||
'email' => $email,
|
||||
'password' => Hash::make($validated['password']),
|
||||
]);
|
||||
} catch (\Illuminate\Database\UniqueConstraintViolationException) {
|
||||
throw ValidationException::withMessages([
|
||||
'email' => ['Dit emailadres heeft al een account. Gebruik je bestaande wachtwoord.'],
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
private function resolveFestivalEvent(Event $event): Event
|
||||
{
|
||||
if ($event->isSubEvent()) {
|
||||
|
||||
Reference in New Issue
Block a user