Jennie Robinson Faber
6f9e6a3d98
Non-members who register for an event now get a persistent identity: with consent, a status:"guest" Member is upserted and an auth cookie is set so the "You're Registered" state survives a page refresh. Tiered auto-login matches passwordless-auth norms — auto-login is only safe when the account holds no privileges: - New email → create guest + cookie - Returning guest → cookie - Existing non-guest (active/pending/etc.) → attach ticket only, no cookie, confirmation email includes a sign-in link Guests are gated on status === "guest", so admin/middleware code that keys on status === "active" naturally excludes them. Guests are also treated as non-members for ticket pricing/validation to prevent picking up member-only pricing on their second registration. |
||
|---|---|---|
| .. | ||
| activityLog.js | ||
| adminAlerts.js | ||
| auth.js | ||
| checkSlackJoins.js | ||
| escapeHtml.js | ||
| escapeRegex.js | ||
| helcim.js | ||
| memberNumber.js | ||
| mongoose.js | ||
| oidc-mongodb-adapter.ts | ||
| oidc-provider.ts | ||
| outline.js | ||
| resend.js | ||
| schemas.js | ||
| slack.ts | ||
| syncWikiArticles.js | ||
| tickets.js | ||
| validateBody.js | ||
| validateTagSlugs.js | ||