bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: passwordless registration — defer account creation to approval

Browse Source 
Removes password from the volunteer registration form. Account
creation is now deferred to the approval step:

Backend:
- Registration creates Person without User (user_id=null)
- On approval, system finds or creates User by person.email
- New accounts get a "set password" email with activation link
- Existing accounts get a portal link email
- Added registration_source column to persons (self/organizer)
- Fuzzy name matching skipped for self-registered persons
- person.email is always source of truth for account linking

Frontend:
- Registration form no longer collects password
- Email check shows info alert with login suggestion
- New wachtwoord-instellen.vue page for account activation
- PasswordRequirements.vue component (reused on reset page)
- Success page updated with activation messaging

Tests: 837 passed (all updated for new flow)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-16 03:27:47 +02:00
parent 0221e7f6d3
commit c4a23b6763
22 changed files with 539 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files

214
api/tests/Feature/Api/V1/PortalRegistrationFlowTest.php
View File

@@ -16,9 +16,9 @@ use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
/**
* End-to-end test: public registration organizer approval portal login portal/me
* End-to-end test: public registration organizer approval account creation portal access
*
* Reproduces: "Portal shows 'registratie niet ophalen' after approved volunteer logs in"
* New flow: registration creates Person without User. Approval creates/links User.
*/
class PortalRegistrationFlowTest extends TestCase
{
@@ -43,40 +43,37 @@ class PortalRegistrationFlowTest extends TestCase
'status' => 'registration_open',
]);
// Create org admin for approval
$this->orgAdmin = User::factory()->create();
$this->orgAdmin->assignRole('super_admin');
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
}
/**
* The golden path: register approve portal/me works.
* Golden path: register person without user approve user created portal works.
*/
public function test_full_flow_register_approve_portal_me(): void
public function test_full_flow_register_approve_creates_user_and_portal_works(): void
{
Mail::fake();
// ── Step 1: Volunteer registers via public form ──
// ── Step 1: Volunteer registers (no password) ──
$regResponse = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Vrijwilliger',
'last_name' => 'Test',
'email' => 'vrijwilliger@test.nl',
'password' => 'Wachtwoord1',
]);
$regResponse->assertStatus(201);
// Verify person was created with user_id
$person = Person::where('email', 'vrijwilliger@test.nl')->first();
$this->assertNotNull($person, 'Person record should exist');
$this->assertNotNull($person->user_id, 'Person should have user_id after registration');
$this->assertNotNull($person);
$this->assertNull($person->user_id, 'Person should NOT have user_id after registration');
$this->assertEquals('pending', $person->status);
$this->assertEquals('self', $person->registration_source);
$user = User::where('email', 'vrijwilliger@test.nl')->first();
$this->assertNotNull($user, 'User account should exist');
$this->assertEquals($user->id, $person->user_id, 'Person.user_id should match created user');
// No user account should exist yet
$this->assertDatabaseMissing('users', ['email' => 'vrijwilliger@test.nl']);
// ── Step 2: Organizer approves the volunteer ─<><E29480><EFBFBD>
// ── Step 2: Organizer approves ──
Sanctum::actingAs($this->orgAdmin);
$approveResponse = $this->postJson(
@@ -85,38 +82,69 @@ class PortalRegistrationFlowTest extends TestCase
$approveResponse->assertOk();
// Verify person is now approved
// Approval should have created user account and linked it
$person->refresh();
$this->assertEquals('approved', $person->status);
$this->assertNotNull($person->user_id, 'user_id should still be set after approval');
$this->assertNotNull($person->user_id, 'user_id should be set after approval');
// ── Step 3: Volunteer logs into portal ──
$user = User::where('email', 'vrijwilliger@test.nl')->first();
$this->assertNotNull($user, 'User account should be created on approval');
$this->assertEquals($person->user_id, $user->id);
// ── Step 3: Volunteer accesses portal ──
Sanctum::actingAs($user);
// Step 3a: GET /auth/me should return portal_events
$meResponse = $this->getJson('/api/v1/auth/me');
$meResponse->assertOk();
$meResponse->assertJsonCount(1, 'data.portal_events');
$meResponse->assertJsonPath('data.portal_events.0.event_id', $this->event->id);
$meResponse->assertJsonPath('data.portal_events.0.person_status', 'approved');
// Step 3b: GET /portal/me should return person details
$portalMeResponse = $this->getJson("/api/v1/portal/me?event_id={$this->event->id}");
$portalMeResponse->assertOk();
$portalMeResponse->assertJsonPath('data.email', 'vrijwilliger@test.nl');
$portalMeResponse->assertJsonPath('data.status', 'approved');
}
/**
* Festival hierarchy: register via sub-event slug portal/me with parent event_id.
* Approval links existing user by person.email.
*/
public function test_approve_links_existing_user_by_person_email(): void
{
Mail::fake();
// Pre-existing user account
$existingUser = User::factory()->create(['email' => 'bestaand@test.nl']);
// Register with same email
$this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Bestaand',
'last_name' => 'Lid',
'email' => 'bestaand@test.nl',
])->assertStatus(201);
$person = Person::where('email', 'bestaand@test.nl')->first();
$this->assertNull($person->user_id);
// Approve
Sanctum::actingAs($this->orgAdmin);
$this->postJson(
"/api/v1/organisations/{$this->organisation->id}/events/{$this->event->id}/persons/{$person->id}/approve"
)->assertOk();
// Should link to existing user, not create a new one
$person->refresh();
$this->assertEquals($existingUser->id, $person->user_id);
$this->assertEquals(1, User::where('email', 'bestaand@test.nl')->count());
}
/**
* Festival hierarchy: register via sub-event, portal works with both IDs.
*/
public function test_full_flow_with_festival_sub_event(): void
{
Mail::fake();
// Create festival hierarchy
$festival = Event::factory()->festival()->create([
'organisation_id' => $this->organisation->id,
'status' => 'registration_open',
@@ -125,95 +153,93 @@ class PortalRegistrationFlowTest extends TestCase
'status' => 'registration_open',
]);
// ── Step 1: Register via sub-event route ──
$regResponse = $this->postJson("/api/v1/events/{$subEvent->id}/volunteer-register", [
// Register via sub-event
$this->postJson("/api/v1/events/{$subEvent->id}/volunteer-register", [
'first_name' => 'Festival',
'last_name' => 'Ganger',
'email' => 'festival@test.nl',
'password' => 'Wachtwoord1',
]);
])->assertStatus(201);
$regResponse->assertStatus(201);
// Person should be linked to parent (festival), not sub-event
$person = Person::where('email', 'festival@test.nl')->first();
$this->assertNotNull($person);
$this->assertEquals($festival->id, $person->event_id, 'Person should be linked to parent event');
$this->assertNotNull($person->user_id);
$user = User::where('email', 'festival@test.nl')->first();
// ── Step 2: Approve ──
// Approve
Sanctum::actingAs($this->orgAdmin);
$this->postJson(
"/api/v1/organisations/{$this->organisation->id}/events/{$festival->id}/persons/{$person->id}/approve"
)->assertOk();
// ── Step 3: Portal access ──
$person->refresh();
$user = User::find($person->user_id);
// Portal access
Sanctum::actingAs($user);
// portal/me with parent event ID should work
$this->getJson("/api/v1/portal/me?event_id={$festival->id}")
->assertOk()
->assertJsonPath('data.email', 'festival@test.nl');
// portal/me with sub-event ID should also work (controller resolves to parent)
$this->getJson("/api/v1/portal/me?event_id={$subEvent->id}")
->assertOk()
->assertJsonPath('data.email', 'festival@test.nl');
}
/**
* Returning volunteer: existing user registers for new event.
* Authenticated registration still links user_id directly.
*/
public function test_returning_volunteer_portal_access(): void
public function test_authenticated_registration_links_user_directly(): void
{
Mail::fake();
$existingUser = User::factory()->create([
'first_name' => 'Bestaand',
'last_name' => 'Lid',
'email' => 'bestaand@test.nl',
'password' => \Illuminate\Support\Facades\Hash::make('BestaandWw1'),
$user = User::factory()->create([
'first_name' => 'Ingelogd',
'last_name' => 'Gebruiker',
'email' => 'ingelogd@test.nl',
]);
$this->organisation->users()->attach($user, ['role' => 'org_member']);
Sanctum::actingAs($user);
// Register for event with existing account
$regResponse = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Bestaand',
'last_name' => 'Lid',
'email' => 'bestaand@test.nl',
'password' => 'BestaandWw1',
]);
$this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [])
->assertStatus(201);
$regResponse->assertStatus(201);
$person = Person::where('email', 'ingelogd@test.nl')->first();
$this->assertEquals($user->id, $person->user_id, 'Authenticated registration should set user_id directly');
}
$person = Person::where('email', 'bestaand@test.nl')->first();
$this->assertEquals($existingUser->id, $person->user_id);
/**
* Approval skips account creation if person already has user_id (authenticated registration).
*/
public function test_approve_skips_account_creation_if_user_already_linked(): void
{
Mail::fake();
// Approve
$user = User::factory()->create(['email' => 'al-gelinkt@test.nl']);
$this->organisation->users()->attach($user, ['role' => 'org_member']);
// Authenticated registration sets user_id
Sanctum::actingAs($user);
$this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [])
->assertStatus(201);
$person = Person::where('email', 'al-gelinkt@test.nl')->first();
$this->assertEquals($user->id, $person->user_id);
// Approve — should not create another user
Sanctum::actingAs($this->orgAdmin);
$this->postJson(
"/api/v1/organisations/{$this->organisation->id}/events/{$this->event->id}/persons/{$person->id}/approve"
)->assertOk();
// Portal access
Sanctum::actingAs($existingUser);
$this->getJson('/api/v1/auth/me')
->assertOk()
->assertJsonCount(1, 'data.portal_events');
$this->getJson("/api/v1/portal/me?event_id={$this->event->id}")
->assertOk()
->assertJsonPath('data.status', 'approved');
$person->refresh();
$this->assertEquals($user->id, $person->user_id);
$this->assertEquals(1, User::where('email', 'al-gelinkt@test.nl')->count());
}
/**
* Organizer-created person (no user account) identity match confirmed portal/me.
* Organizer-created person identity match confirmed portal/me works.
*/
public function test_organizer_created_person_then_identity_linked(): void
{
// ── Step 1: Organizer creates a person manually ──
$user = User::factory()->create([
'first_name' => 'Handmatig',
'last_name' => 'Toegevoegd',
@@ -223,7 +249,7 @@ class PortalRegistrationFlowTest extends TestCase
Sanctum::actingAs($this->orgAdmin);
$storeResponse = $this->postJson(
$this->postJson(
"/api/v1/organisations/{$this->organisation->id}/events/{$this->event->id}/persons",
[
'crowd_type_id' => $this->volunteerCrowdType->id,
@@ -232,61 +258,57 @@ class PortalRegistrationFlowTest extends TestCase
'email' => 'handmatig@test.nl',
'status' => 'approved',
]
);
$storeResponse->assertStatus(201);
)->assertStatus(201);
$person = Person::where('email', 'handmatig@test.nl')->first();
$this->assertNotNull($person);
$this->assertNull($person->user_id, 'Organizer-created person should not have user_id');
$this->assertNull($person->user_id);
// ── Step 2: Portal access should fail (no user_id link) ──
// Portal fails without user link
Sanctum::actingAs($user);
$this->getJson("/api/v1/portal/me?event_id={$this->event->id}")
->assertStatus(404);
// ── Step 3: Confirm identity match → links user_id ──
// Confirm identity match
$match = $person->pendingIdentityMatch;
$this->assertNotNull($match, 'Identity match should have been auto-detected');
$this->assertNotNull($match);
Sanctum::actingAs($this->orgAdmin);
$this->postJson(
"/api/v1/organisations/{$this->organisation->id}/identity-matches/{$match->id}/confirm"
)->assertOk();
$person->refresh();
$this->assertEquals($user->id, $person->user_id, 'user_id should be set after identity confirm');
// ── Step 4: Portal access should now work ──
// Portal now works
Sanctum::actingAs($user);
$this->getJson("/api/v1/portal/me?event_id={$this->event->id}")
->assertOk()
->assertJsonPath('data.email', 'handmatig@test.nl');
}
/**
* Pending volunteer can see their status via portal (before approval).
* Fuzzy name matching is skipped for self-registered persons.
*/
public function test_pending_volunteer_can_access_portal_me(): void
public function test_fuzzy_name_match_skipped_for_self_registered(): void
{
Mail::fake();
// Create a user with similar name but different email
$existingUser = User::factory()->create([
'first_name' => 'Jan',
'last_name' => 'de Vries',
'email' => 'jan.devries@other.nl',
]);
$this->organisation->users()->attach($existingUser, ['role' => 'org_member']);
// Self-register with same name but different email
$this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Wachtend',
'last_name' => 'Vrijwilliger',
'email' => 'wachtend@test.nl',
'password' => 'Wachtwoord1',
'first_name' => 'Jan',
'last_name' => 'de Vries',
'email' => 'jan@voorbeeld.nl',
])->assertStatus(201);
$user = User::where('email', 'wachtend@test.nl')->first();
Sanctum::actingAs($user);
$person = Person::where('email', 'jan@voorbeeld.nl')->first();
// Even without approval, portal/me should work (just shows pending status)
$this->getJson("/api/v1/portal/me?event_id={$this->event->id}")
->assertOk()
->assertJsonPath('data.status', 'pending');
// Should NOT have a fuzzy name match (self-registered)
$this->assertNull($person->pendingIdentityMatch);
}
}

120
api/tests/Feature/Api/V1/VolunteerRegistrationTest.php
View File

@@ -16,7 +16,6 @@ use App\Models\TimeSlot;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Mail;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
@@ -62,7 +61,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Jan',
'last_name' => 'de Vries',
'email' => 'jan@voorbeeld.nl',
'password' => 'Wachtwoord1',
'phone' => '+31612345678',
'tshirt_size' => 'L',
'motivation' => 'Ik wil graag helpen bij dit festival!',
@@ -88,7 +87,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Sophie',
'last_name' => 'Bakker',
'email' => 'sophie@voorbeeld.nl',
'password' => 'Wachtwoord1',
]);
$response->assertStatus(201);
@@ -116,7 +115,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Pieter',
'last_name' => 'Jansen',
'email' => 'pieter@voorbeeld.nl',
'password' => 'Wachtwoord1',
]);
$response->assertStatus(201);
@@ -136,7 +135,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Fleur',
'last_name' => 'Vermeer',
'email' => 'fleur@voorbeeld.nl',
'password' => 'Wachtwoord1',
'availabilities' => [
['time_slot_id' => $this->timeSlot->id, 'preference_level' => 4],
['time_slot_id' => $timeSlot2->id, 'preference_level' => 2],
@@ -167,7 +166,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Daan',
'last_name' => 'Mulder',
'email' => 'daan@voorbeeld.nl',
'password' => 'Wachtwoord1',
'tshirt_size' => 'XL',
'motivation' => 'Ik vind festivals geweldig.',
'section_preferences' => [
@@ -198,7 +197,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Mila',
'last_name' => 'de Boer',
'email' => 'mila@voorbeeld.nl',
'password' => 'Wachtwoord1',
'date_of_birth' => '1998-05-12',
]);
@@ -216,7 +215,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Sem',
'last_name' => 'van Beek',
'email' => 'sem@voorbeeld.nl',
'password' => 'Wachtwoord1',
]);
$response->assertStatus(201);
@@ -231,7 +230,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Tijn',
'last_name' => 'Kuiper',
'email' => 'tijn@voorbeeld.nl',
'password' => 'Wachtwoord1',
'date_of_birth' => now()->addDay()->format('Y-m-d'),
]);
@@ -247,14 +246,14 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Anna',
'last_name' => 'Smit',
'email' => 'anna@voorbeeld.nl',
'password' => 'Wachtwoord1',
]);
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Anna',
'last_name' => 'Smit',
'email' => 'anna@voorbeeld.nl',
'password' => 'Wachtwoord1',
]);
$response->assertStatus(422);
@@ -275,7 +274,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Herkan',
'last_name' => 'Poging',
'email' => 'herkan@voorbeeld.nl',
'password' => 'Wachtwoord1',
]);
$response->assertStatus(200);
@@ -297,7 +296,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Test',
'last_name' => 'Persoon',
'email' => 'test@voorbeeld.nl',
'password' => 'Wachtwoord1',
]);
$response->assertStatus(422);
@@ -309,7 +308,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Bas',
'last_name' => 'van Dijk',
'email' => 'bas@voorbeeld.nl',
'password' => 'Wachtwoord1',
'availabilities' => [
['time_slot_id' => '01JNONEXISTENT00000000000', 'preference_level' => 3],
],
@@ -481,7 +480,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Noor',
'last_name' => 'Janssen',
'email' => 'noor@voorbeeld.nl',
'password' => 'Wachtwoord1',
'field_values' => [
$selectField->slug => 'L',
$textField->slug => 'Ik ben een ervaren vrijwilliger',
@@ -523,7 +522,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Rick',
'last_name' => 'Peters',
'email' => 'rick@voorbeeld.nl',
'password' => 'Wachtwoord1',
'section_preferences' => [
['festival_section_id' => $section1->id, 'priority' => 1],
['festival_section_id' => $section2->id, 'priority' => 2],
@@ -559,7 +558,7 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Femke',
'last_name' => 'de Jong',
'email' => 'femke@voorbeeld.nl',
'password' => 'Wachtwoord1',
'field_values' => [
$multiselectField->slug => ['Vegetarisch', 'Glutenvrij'],
],
@@ -581,9 +580,9 @@ class VolunteerRegistrationTest extends TestCase
$this->assertEquals(['Vegetarisch', 'Glutenvrij'], $value->selected_options);
}
// ─── User Account Creation ──────────────────────────────────────────
// ─── Passwordless Registration (account deferred to approval) ─────────
public function test_new_volunteer_registration_creates_user_account(): void
public function test_registration_creates_person_without_user_account(): void
{
Mail::fake();
@@ -591,72 +590,39 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Nieuwe',
'last_name' => 'Vrijwilliger',
'email' => 'nieuw@voorbeeld.nl',
'password' => 'Wachtwoord1',
]);
$response->assertStatus(201);
$this->assertDatabaseHas('users', [
'email' => 'nieuw@voorbeeld.nl',
'first_name' => 'Nieuwe',
'last_name' => 'Vrijwilliger',
]);
$user = User::where('email', 'nieuw@voorbeeld.nl')->first();
$this->assertDatabaseHas('persons', [
'email' => 'nieuw@voorbeeld.nl',
'user_id' => $user->id,
'event_id' => $this->event->id,
'user_id' => null,
'registration_source' => 'self',
]);
// No user account should be created at registration time
$this->assertDatabaseMissing('users', [
'email' => 'nieuw@voorbeeld.nl',
]);
}
public function test_returning_volunteer_with_correct_password_creates_person(): void
public function test_registration_without_password_succeeds(): void
{
Mail::fake();
$existingUser = User::factory()->create([
'first_name' => 'Terug',
'last_name' => 'Keerder',
'email' => 'terug@voorbeeld.nl',
'password' => Hash::make('BestaandWw1'),
]);
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Terug',
'last_name' => 'Keerder',
'email' => 'terug@voorbeeld.nl',
'password' => 'BestaandWw1',
]);
$response->assertStatus(201);
$this->assertDatabaseHas('persons', [
'email' => 'terug@voorbeeld.nl',
'user_id' => $existingUser->id,
'event_id' => $this->event->id,
]);
// Should not have created a new user
$this->assertEquals(1, User::where('email', 'terug@voorbeeld.nl')->count());
}
public function test_returning_volunteer_with_wrong_password_returns_422(): void
{
User::factory()->create([
'email' => 'bestaand@voorbeeld.nl',
'password' => Hash::make('echtgeheim'),
]);
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Fout',
'first_name' => 'Zonder',
'last_name' => 'Wachtwoord',
'email' => 'bestaand@voorbeeld.nl',
'password' => 'foutwachtwoord',
'email' => 'geenww@voorbeeld.nl',
]);
$response->assertStatus(422);
$response->assertJsonValidationErrors('password');
$response->assertStatus(201);
$this->assertDatabaseHas('persons', [
'email' => 'geenww@voorbeeld.nl',
'user_id' => null,
]);
}
public function test_registration_sends_confirmation_email(): void
@@ -667,7 +633,6 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Mail',
'last_name' => 'Test',
'email' => 'mailtest@voorbeeld.nl',
'password' => 'Wachtwoord1',
]);
Mail::assertQueued(RegistrationConfirmationMail::class, function ($mail) {
@@ -683,7 +648,6 @@ class VolunteerRegistrationTest extends TestCase
'first_name' => 'Hoofdletter',
'last_name' => 'Email',
'email' => 'HOOFDLETTER@VOORBEELD.NL',
'password' => 'Wachtwoord1',
]);
$response->assertStatus(201);
@@ -691,22 +655,6 @@ class VolunteerRegistrationTest extends TestCase
$this->assertDatabaseHas('persons', [
'email' => 'hoofdletter@voorbeeld.nl',
]);
$this->assertDatabaseHas('users', [
'email' => 'hoofdletter@voorbeeld.nl',
]);
}
public function test_password_required_for_unauthenticated_registration(): void
{
$response = $this->postJson("/api/v1/events/{$this->event->id}/volunteer-register", [
'first_name' => 'Zonder',
'last_name' => 'Wachtwoord',
'email' => 'geenww@voorbeeld.nl',
]);
$response->assertStatus(422);
$response->assertJsonValidationErrors('password');
}
public function test_password_not_required_for_authenticated_registration(): void