I am adding this as an issue to archive my work, but I am immediately marking it as a won't-fix because it is not efficient.
Instead of allowing users to register themselves, which will then prompt the Secretary to verify their membership, it is much more efficient to daily check which users have bought membership on the EUSA website and immediately send them an activation email. Takes 2 minutes and prevents the Secretary from having to reply to emails.
[x] Add registration form to activate account -> Adapt the existing account activation form and add a captcha
[x] Create user field for activation_state and bool for ever_activated
[x] Error page when logging in needs to mention that you are not confirmed yet when you are not
[x] Update the error page when signing in without being a member to include a button to submit a request to reactivate your account
[ ] Add page for secretary with new registrations to confirm or send an email that membership has not been bought
[x] If someone logs in without consent being present, they need to consent before being able to do anything. -> This was included in a separate commit and is actually implemented.
[ ] Check the old activation form. Keep it, but share code with the registration form
[x] Hide users that have never been activated from standard user shenanigans
[ ] Email secretary about new registrations and reactivations
[ ] Secretary can respond that they can't find them and ask to double check if they have bought membership/send confirmation/generally email them. This email should be an editable block
[ ] Membership Activation tokens should be cleared after a month or something?
[ ] Secretary can remove requested accounts that have never been activated rather than just dismissing or accepting
[ ] Email people once their account is active.
[ ] If the secretary wants to use a membership activation token to send an activation email to someone who has requested activation, just confirm that request instead
Testing
[ ] Register an account -> get an email -> activate as secretary -> log in with account
[ ] Test that it actually works in production as well
[ ] Log in with once-activated account -> request reactivation -> get an email as sec -> see message on the access_denied page as the user -> deny request -> request again -> get another email -> request again
[ ] Create an account using the old workflow -> get email -> sign up and be able to log in immediately
I am adding this as an issue to archive my work, but I am immediately marking it as a won't-fix because it is not efficient.
Instead of allowing users to register themselves, which will then prompt the Secretary to verify their membership, it is much more efficient to daily check which users have bought membership on the EUSA website and immediately send them an activation email. Takes 2 minutes and prevents the Secretary from having to reply to emails.
Half-attempt at self-registration.zip
To Do
Testing