bert.hausmans
8435e74fd3
- Add POST /public/check-email endpoint with rate limiting (10/min)
- Create user accounts during volunteer registration (new or returning)
- Returning volunteers authenticate with existing password
- Add password validation to VolunteerRegistrationRequest
- Normalize emails to lowercase throughout registration flow
- Handle race condition on duplicate accounts gracefully
- Create RegistrationConfirmationMail, RegistrationApprovedMail, RegistrationRejectedMail
- Wire approval/rejection emails into PersonController
- Add POST persons/{person}/reject endpoint
- Trigger TagSyncService on registration and approval
- Add CheckEmailTest, PersonApprovalEmailTest, extend VolunteerRegistrationTest
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
154 lines
4.5 KiB
PHP
154 lines
4.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Feature\Api\V1;
|
|
|
|
use App\Mail\RegistrationApprovedMail;
|
|
use App\Mail\RegistrationRejectedMail;
|
|
use App\Models\CrowdType;
|
|
use App\Models\Event;
|
|
use App\Models\Organisation;
|
|
use App\Models\Person;
|
|
use App\Models\User;
|
|
use Database\Seeders\RoleSeeder;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Mail;
|
|
use Laravel\Sanctum\Sanctum;
|
|
use Tests\TestCase;
|
|
|
|
class PersonApprovalEmailTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
private User $orgAdmin;
|
|
private Organisation $organisation;
|
|
private Event $event;
|
|
private CrowdType $crowdType;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
$this->seed(RoleSeeder::class);
|
|
|
|
$this->organisation = Organisation::factory()->create();
|
|
$this->orgAdmin = User::factory()->create();
|
|
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
|
|
|
|
$this->event = Event::factory()->create([
|
|
'organisation_id' => $this->organisation->id,
|
|
]);
|
|
|
|
$this->crowdType = CrowdType::factory()->systemType('VOLUNTEER')->create([
|
|
'organisation_id' => $this->organisation->id,
|
|
]);
|
|
}
|
|
|
|
public function test_approving_person_sends_approved_email(): void
|
|
{
|
|
Mail::fake();
|
|
|
|
$person = Person::factory()->create([
|
|
'event_id' => $this->event->id,
|
|
'crowd_type_id' => $this->crowdType->id,
|
|
'status' => 'pending',
|
|
'email' => 'volunteer@test.nl',
|
|
]);
|
|
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->postJson("/api/v1/events/{$this->event->id}/persons/{$person->id}/approve");
|
|
|
|
$response->assertOk();
|
|
|
|
Mail::assertQueued(RegistrationApprovedMail::class, function ($mail) {
|
|
return $mail->hasTo('volunteer@test.nl');
|
|
});
|
|
}
|
|
|
|
public function test_rejecting_person_sends_rejected_email_with_reason(): void
|
|
{
|
|
Mail::fake();
|
|
|
|
$person = Person::factory()->create([
|
|
'event_id' => $this->event->id,
|
|
'crowd_type_id' => $this->crowdType->id,
|
|
'status' => 'pending',
|
|
'email' => 'volunteer@test.nl',
|
|
]);
|
|
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->postJson("/api/v1/events/{$this->event->id}/persons/{$person->id}/reject", [
|
|
'reason' => 'Geen beschikbaarheid op de juiste momenten.',
|
|
]);
|
|
|
|
$response->assertOk();
|
|
|
|
$this->assertDatabaseHas('persons', [
|
|
'id' => $person->id,
|
|
'status' => 'rejected',
|
|
]);
|
|
|
|
Mail::assertQueued(RegistrationRejectedMail::class, function ($mail) {
|
|
return $mail->hasTo('volunteer@test.nl')
|
|
&& $mail->reason === 'Geen beschikbaarheid op de juiste momenten.';
|
|
});
|
|
}
|
|
|
|
public function test_rejecting_person_sends_rejected_email_without_reason(): void
|
|
{
|
|
Mail::fake();
|
|
|
|
$person = Person::factory()->create([
|
|
'event_id' => $this->event->id,
|
|
'crowd_type_id' => $this->crowdType->id,
|
|
'status' => 'pending',
|
|
'email' => 'volunteer@test.nl',
|
|
]);
|
|
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->postJson("/api/v1/events/{$this->event->id}/persons/{$person->id}/reject");
|
|
|
|
$response->assertOk();
|
|
|
|
Mail::assertQueued(RegistrationRejectedMail::class, function ($mail) {
|
|
return $mail->hasTo('volunteer@test.nl')
|
|
&& $mail->reason === null;
|
|
});
|
|
}
|
|
|
|
public function test_unauthenticated_cannot_approve(): void
|
|
{
|
|
$person = Person::factory()->create([
|
|
'event_id' => $this->event->id,
|
|
'crowd_type_id' => $this->crowdType->id,
|
|
'status' => 'pending',
|
|
]);
|
|
|
|
$response = $this->postJson("/api/v1/events/{$this->event->id}/persons/{$person->id}/approve");
|
|
|
|
$response->assertStatus(401);
|
|
}
|
|
|
|
public function test_outsider_cannot_approve(): void
|
|
{
|
|
$outsider = User::factory()->create();
|
|
$otherOrg = Organisation::factory()->create();
|
|
$otherOrg->users()->attach($outsider, ['role' => 'org_admin']);
|
|
|
|
$person = Person::factory()->create([
|
|
'event_id' => $this->event->id,
|
|
'crowd_type_id' => $this->crowdType->id,
|
|
'status' => 'pending',
|
|
]);
|
|
|
|
Sanctum::actingAs($outsider);
|
|
|
|
$response = $this->postJson("/api/v1/events/{$this->event->id}/persons/{$person->id}/approve");
|
|
|
|
$response->assertStatus(403);
|
|
}
|
|
}
|