Jennie Robinson Faber
6f9e6a3d98
Non-members who register for an event now get a persistent identity: with consent, a status:"guest" Member is upserted and an auth cookie is set so the "You're Registered" state survives a page refresh. Tiered auto-login matches passwordless-auth norms — auto-login is only safe when the account holds no privileges: - New email → create guest + cookie - Returning guest → cookie - Existing non-guest (active/pending/etc.) → attach ticket only, no cookie, confirmation email includes a sign-in link Guests are gated on status === "guest", so admin/middleware code that keys on status === "active" naturally excludes them. Guests are also treated as non-members for ticket pricing/validation to prevent picking up member-only pricing on their second registration. |
||
|---|---|---|
| .. | ||
| api | ||
| config | ||
| emails | ||
| middleware | ||
| migrations | ||
| models | ||
| plugins | ||
| routes | ||
| utils | ||