From 61043e6dc8b87ce6c1ea718e309fd357ec151c3e Mon Sep 17 00:00:00 2001 From: Seazn Date: Sun, 15 Mar 2026 01:10:35 +0100 Subject: [PATCH] feat: update guest user handling to require email verification and adjust status flags --- middleware/guestRestriction.js | 6 +++++- services/status/UserStatusService.js | 17 ++++++++++------- services/user/guest/GuestUserService.js | 5 +++-- 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/middleware/guestRestriction.js b/middleware/guestRestriction.js index 00873a4..e4de08f 100644 --- a/middleware/guestRestriction.js +++ b/middleware/guestRestriction.js @@ -22,6 +22,8 @@ const GUEST_ALLOWED_PREFIXES = [ '/refresh', '/coffee/active', '/tax/vat-rates', + '/send-verification-email', + '/verify-email-code', ]; function guestRestriction(req, res, next) { @@ -31,8 +33,10 @@ function guestRestriction(req, res, next) { } const urlPath = req.originalUrl.split('?')[0]; + // Strip /api prefix if present (routes are mounted at /api but prefixes listed without it) + const normalizedPath = urlPath.startsWith('/api/') ? urlPath.slice(4) : urlPath; - const isAllowed = GUEST_ALLOWED_PREFIXES.some((prefix) => urlPath.startsWith(prefix)); + const isAllowed = GUEST_ALLOWED_PREFIXES.some((prefix) => normalizedPath.startsWith(prefix)); if (isAllowed) { return next(); diff --git a/services/status/UserStatusService.js b/services/status/UserStatusService.js index 539bd01..73bef1c 100644 --- a/services/status/UserStatusService.js +++ b/services/status/UserStatusService.js @@ -58,23 +58,26 @@ class UserStatusService { const status = await repo.getStatusByUserId(userId); if (!status) return null; - // Guest users are always fully onboarded — skip quickaction flow + // Guest users: check if email verification is still needed if (status.status === 'active') { - // Check if this is a guest user const conn = unitOfWork.connection; const [userRows] = await conn.query('SELECT role FROM users WHERE id = ? LIMIT 1', [userId]); if (userRows?.[0]?.role === 'guest') { - const allCompleteSteps = [ - { key: 'email_verified', label: 'Email Verified', completed: true }, + // For guests, only email_verified matters — other steps are auto-completed + const emailVerified = !!status.email_verified; + const guestSteps = [ + { key: 'email_verified', label: 'Email Verified', completed: emailVerified }, { key: 'profile_completed', label: 'Profile Completed', completed: true }, { key: 'documents_uploaded', label: 'Documents Uploaded', completed: true }, { key: 'contract_signed', label: 'Contract Signed', completed: true }, ]; + const completedCount = guestSteps.filter(s => s.completed).length; return { status: 'active', - steps: allCompleteSteps, - completedSteps: allCompleteSteps.map(s => s.label), - progressPercent: 100, + isGuest: true, + steps: guestSteps, + completedSteps: guestSteps.filter(s => s.completed).map(s => s.label), + progressPercent: Math.round((completedCount / guestSteps.length) * 100), }; } } diff --git a/services/user/guest/GuestUserService.js b/services/user/guest/GuestUserService.js index 37f7a73..7751f2b 100644 --- a/services/user/guest/GuestUserService.js +++ b/services/user/guest/GuestUserService.js @@ -48,9 +48,10 @@ class GuestUserService { // Initialize user status as active (skip full registration flow for guests) await UserStatusService.initializeUserStatus(userId, 'personal', unitOfWork, 'active'); - // Mark ALL status flags as completed for guests — they skip the entire quickaction flow + // Mark non-email status flags as completed for guests — they skip ID upload, profile, and contract + // email_verified stays FALSE so guests must verify their email on first login await conn.query( - `UPDATE user_status SET email_verified = TRUE, profile_completed = TRUE, documents_uploaded = TRUE, contract_signed = TRUE, registration_completed = TRUE, is_admin_verified = TRUE WHERE user_id = ?`, + `UPDATE user_status SET email_verified = FALSE, profile_completed = TRUE, documents_uploaded = TRUE, contract_signed = TRUE, registration_completed = TRUE, is_admin_verified = TRUE WHERE user_id = ?`, [userId] );