account type is permanent and password registration is now working at checkout

2026-06-18 22:10:17 +02:00
parent 46cc2459bd
commit f3daa27ce7
24 changed files with 483 additions and 103 deletions
--- a/assets/i18n/en/main.ftl
+++ b/assets/i18n/en/main.ftl
@@ -274,6 +274,18 @@ profile-intro = We'll use these details to prefill checkout.
 profile-saved = Profile saved.
 profile-save = Save profile
 profile-company-required = For a company account, please fill in company name, IČO and DIČ.
 account-type-locked = Account type can't be changed after registration.
 checkout-create-account = Create an account from this order
 checkout-create-account-hint = We'll email you a link to set your password. This order will be linked to your account.
 order-account-created = We created an account for you. Check your email to set your password.
 set-password-title = Set your password
 set-password-intro = Choose a password to finish setting up your account.
 set-password-new = New password
 set-password-confirm = Confirm password
 set-password-submit = Set password
 set-password-invalid = This link is invalid or has expired.
 set-password-weak = Password must be at least 8 characters.
 set-password-mismatch = Passwords don't match.
 order-confirmed-title = Thank you for your order!
 order-confirmed-sub = We have received your order.
 order-number = Order number
--- a/assets/i18n/sk/main.ftl
+++ b/assets/i18n/sk/main.ftl
@@ -274,6 +274,18 @@ profile-intro = Tieto údaje použijeme na predvyplnenie pokladne.
 profile-saved = Profil bol uložený.
 profile-save = Uložiť profil
 profile-company-required = Pri firemnom účte vyplňte názov firmy, IČO a DIČ.
 account-type-locked = Typ účtu sa po registrácii nedá zmeniť.
 checkout-create-account = Vytvoriť účet z tejto objednávky
 checkout-create-account-hint = Pošleme vám e-mail na nastavenie hesla. Objednávka sa priradí k vášmu účtu.
 order-account-created = Vytvorili sme vám účet. Skontrolujte si e-mail a nastavte si heslo.
 set-password-title = Nastavte si heslo
 set-password-intro = Zvoľte si heslo a dokončite vytvorenie účtu.
 set-password-new = Nové heslo
 set-password-confirm = Potvrďte heslo
 set-password-submit = Nastaviť heslo
 set-password-invalid = Odkaz je neplatný alebo vypršal.
 set-password-weak = Heslo musí mať aspoň 8 znakov.
 set-password-mismatch = Heslá sa nezhodujú.
 order-confirmed-title = Ďakujeme za objednávku!
 order-confirmed-sub = Vašu objednávku sme prijali.
 order-number = Číslo objednávky
--- a/assets/static/css/app.css
+++ b/assets/static/css/app.css
--- a/assets/views/account/profile.html
+++ b/assets/views/account/profile.html
@@ -17,25 +17,23 @@
  {{ ui::alert_danger(message=t(key="profile-company-required", lang=lang | default(value='sk')), extra="mt-4") }}
  {% endif %}
-  <form method="post" action="/account/profile" hx-boost="false" class="mt-6 space-y-6"
+  <form method="post" action="/account/profile" hx-boost="false" class="mt-6 space-y-6">
-    x-data="{ accountType: '{{ account_type | default(value='personal') }}' }">
+    <!-- account type is fixed at registration and shown read-only -->
-    <!-- personal vs company: an account is exactly one of the two -->
+    <fieldset class="space-y-2 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
    <fieldset class="space-y-3 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
      <legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</legend>
-      <div class="grid gap-3 sm:grid-cols-2">
+      <div class="flex items-center gap-2">
-        <label class="flex cursor-pointer items-center gap-3 rounded-radius border border-outline px-4 py-3 transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
+        {% if account_type == "company" %}
-          {{ ui::radio(name="account_type", value="personal", attrs='x-model="accountType"') }}
+        {{ ui::badge(label=t(key="account-company", lang=lang | default(value='sk')), variant="primary") }}
-          <span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-personal", lang=lang | default(value='sk')) }}</span>
+        {% else %}
-        </label>
+        {{ ui::badge(label=t(key="account-personal", lang=lang | default(value='sk')), variant="neutral") }}
-        <label class="flex cursor-pointer items-center gap-3 rounded-radius border border-outline px-4 py-3 transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
+        {% endif %}
-          {{ ui::radio(name="account_type", value="company", attrs='x-model="accountType"') }}
+        <span class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-type-locked", lang=lang | default(value='sk')) }}</span>
          <span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company", lang=lang | default(value='sk')) }}</span>
        </label>
      </div>
    </fieldset>
    {% if account_type == "company" %}
    <!-- company billing details (company accounts only) -->
-    <fieldset x-show="accountType === 'company'" x-cloak class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
+    <fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
      <legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company-details", lang=lang | default(value='sk')) }}</legend>
      <div class="space-y-1.5">
        <label for="company_name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="company-name", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
@@ -56,6 +54,7 @@
        </div>
      </div>
    </fieldset>
    {% endif %}
    <!-- contact (name/email are managed by the login) -->
    <fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
--- a/assets/views/auth/register.html
+++ b/assets/views/auth/register.html
@@ -27,6 +27,21 @@
      {% endif %}
      <form method="post" action="/register" hx-boost="false" class="mt-4 flex flex-col gap-4">
        <div class="flex flex-col gap-1.5">
          <span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</span>
          <div class="grid grid-cols-2 gap-2">
            <label class="flex cursor-pointer items-center gap-2 rounded-radius border border-outline px-3 py-2 text-sm transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
              {{ ui::radio(name="account_type", value="personal", checked=true) }}
              <span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-personal", lang=lang | default(value='sk')) }}</span>
            </label>
            <label class="flex cursor-pointer items-center gap-2 rounded-radius border border-outline px-3 py-2 text-sm transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
              {{ ui::radio(name="account_type", value="company") }}
              <span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company", lang=lang | default(value='sk')) }}</span>
            </label>
          </div>
          <span class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-type-locked", lang=lang | default(value='sk')) }}</span>
        </div>
        <div class="flex flex-col gap-1">
          <label for="name"
            class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
--- a/assets/views/auth/set_password.html
+++ b/assets/views/auth/set_password.html
@@ -0,0 +1,47 @@
 {% extends "base.html" %}
 {% import "macros/ui.html" as ui %}
 {% block title %}{{ t(key="set-password-title", lang=lang | default(value='sk')) }}{% endblock title %}
 {% block content %}
 <div class="mx-auto mt-8 max-w-sm">
  <div class="rounded-radius border border-outline bg-surface-alt shadow-sm dark:border-outline-dark dark:bg-surface-dark-alt">
    <div class="flex items-center justify-between border-b border-outline px-5 py-3 dark:border-outline-dark">
      <span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="brand", lang=lang | default(value='sk')) }}</span>
      {{ ui::badge(label=t(key="auth", lang=lang | default(value='sk')), variant="primary") }}
    </div>
    <div class="p-5">
      <h1 class="text-xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-title", lang=lang | default(value='sk')) }}</h1>
      {% if not valid %}
      {{ ui::alert_danger(message=t(key="set-password-invalid", lang=lang | default(value='sk')), extra="mt-3") }}
      <p class="mt-4 text-sm text-on-surface dark:text-on-surface-dark">
        <a href="/login" class="font-medium text-primary underline-offset-2 hover:underline dark:text-primary-dark">{{ t(key="nav-login", lang=lang | default(value='sk')) }}</a>
      </p>
      {% else %}
      <p class="mt-1 text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="set-password-intro", lang=lang | default(value='sk')) }}</p>
      {% if error == "mismatch" %}
      {{ ui::alert_danger(message=t(key="set-password-mismatch", lang=lang | default(value='sk')), extra="mt-3") }}
      {% elif error == "weak" %}
      {{ ui::alert_danger(message=t(key="set-password-weak", lang=lang | default(value='sk')), extra="mt-3") }}
      {% endif %}
      <form method="post" action="/set-password" hx-boost="false" class="mt-4 flex flex-col gap-4">
        <input type="hidden" name="token" value="{{ token }}">
        <div class="flex flex-col gap-1">
          <label for="password" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-new", lang=lang | default(value='sk')) }}</label>
          {{ ui::input(name="password", id="password", type="password", required=true, autocomplete="new-password", attrs="autofocus") }}
        </div>
        <div class="flex flex-col gap-1">
          <label for="password_confirm" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-confirm", lang=lang | default(value='sk')) }}</label>
          {{ ui::input(name="password_confirm", id="password_confirm", type="password", required=true, autocomplete="new-password") }}
        </div>
        {{ ui::button(label=t(key="set-password-submit", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full") }}
      </form>
      {% endif %}
    </div>
  </div>
 </div>
 {% endblock content %}
--- a/assets/views/shop/checkout.html
+++ b/assets/views/shop/checkout.html
@@ -32,9 +32,20 @@
  class="mt-6 grid gap-8 lg:grid-cols-3">
  <div class="space-y-6 lg:col-span-2">
-    <!-- personal vs company -->
+    <!-- personal vs company. Fixed (read-only) for a logged-in account; a guest
         picks it and the choice will type any account they create. -->
    <fieldset class="space-y-3 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
      <legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</legend>
      {% if account_fixed %}
      <div class="flex items-center gap-2">
        {% if prefill_account_type == "company" %}
        {{ ui::badge(label=t(key="account-company", lang=lang | default(value='sk')), variant="primary") }}
        {% else %}
        {{ ui::badge(label=t(key="account-personal", lang=lang | default(value='sk')), variant="neutral") }}
        {% endif %}
        <span class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-type-locked", lang=lang | default(value='sk')) }}</span>
      </div>
      {% else %}
      <div class="grid gap-3 sm:grid-cols-2">
        <label class="flex cursor-pointer items-center gap-3 rounded-radius border border-outline px-4 py-3 transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
          {{ ui::radio(name="account_type", value="personal", attrs='x-model="accountType"') }}
@@ -45,6 +56,7 @@
          <span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company", lang=lang | default(value='sk')) }}</span>
        </label>
      </div>
      {% endif %}
    </fieldset>
    <!-- company billing details (company accounts only) -->
@@ -221,6 +233,14 @@
    <!-- logged-in customers can persist this address to their profile for next time -->
    {{ ui::checkbox(name="save_profile", id="save_profile", label=t(key="checkout-save-profile", lang=lang | default(value='sk')), checked=true) }}
    {% endif %}
    {% if can_create_account %}
    <!-- guests may turn this order into an account (typed by their choice above) -->
    <div class="space-y-1.5 rounded-radius border border-outline bg-surface p-4 dark:border-outline-dark dark:bg-surface-dark-alt">
      {{ ui::checkbox(name="create_account", id="create_account", label=t(key="checkout-create-account", lang=lang | default(value='sk'))) }}
      <p class="pl-6 text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="checkout-create-account-hint", lang=lang | default(value='sk')) }}</p>
    </div>
    {% endif %}
  </div>
  <!-- summary -->
--- a/assets/views/shop/order_confirmed.html
+++ b/assets/views/shop/order_confirmed.html
@@ -15,6 +15,12 @@
    <p class="mt-1 text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="order-confirmed-sub", lang=lang | default(value='sk')) }}</p>
  </div>
  {% if account_created %}
  <div class="rounded-radius border border-primary/40 bg-primary/5 p-4 text-sm text-on-surface dark:border-primary-dark/40 dark:text-on-surface-dark" role="status">
    {{ t(key="order-account-created", lang=lang | default(value='sk')) }}
  </div>
  {% endif %}
  <div class="rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
    <div class="flex flex-wrap justify-between gap-2 border-b border-outline pb-3 dark:border-outline-dark">
      <span class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="order-number", lang=lang | default(value='sk')) }}</span>
--- a/migration/src/lib.rs
+++ b/migration/src/lib.rs
@@ -33,6 +33,7 @@ mod m20260617_000003_add_phone_to_orders;
 mod m20260618_000001_o_auth2_sessions;
 mod m20260618_000002_customer_profiles;
 mod m20260618_000003_account_type;
 mod m20260618_000004_account_ownership;
 pub struct Migrator;
 #[async_trait::async_trait]
@@ -70,6 +71,7 @@ impl MigratorTrait for Migrator {
            Box::new(m20260618_000001_o_auth2_sessions::Migration),
            Box::new(m20260618_000002_customer_profiles::Migration),
            Box::new(m20260618_000003_account_type::Migration),
            Box::new(m20260618_000004_account_ownership::Migration),
            // inject-above (do not remove this comment)
        ]
    }
--- a/migration/src/m20260618_000004_account_ownership.rs
+++ b/migration/src/m20260618_000004_account_ownership.rs
@@ -0,0 +1,38 @@
 use loco_rs::schema::*;
 use sea_orm_migration::prelude::*;
 #[derive(DeriveMigrationName)]
 pub struct Migration;
 // Account type becomes a permanent property of the *user* (chosen at
 // registration, never switchable), so it moves off `customer_profiles`. Orders
 // gain a nullable `user_id` linking them to the account that placed them
 // (null for guest orders that didn't create an account).
 #[async_trait::async_trait]
 impl MigrationTrait for Migration {
    async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
        add_column(
            m,
            "users",
            "account_type",
            ColType::StringWithDefault("personal".to_string()),
        )
        .await?;
        add_column(m, "orders", "user_id", ColType::IntegerNull).await?;
        remove_column(m, "customer_profiles", "account_type").await?;
        Ok(())
    }
    async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
        add_column(
            m,
            "customer_profiles",
            "account_type",
            ColType::StringWithDefault("personal".to_string()),
        )
        .await?;
        remove_column(m, "orders", "user_id").await?;
        remove_column(m, "users", "account_type").await?;
        Ok(())
    }
 }
--- a/src/controllers/account.rs
+++ b/src/controllers/account.rs
@@ -2,6 +2,10 @@
 //! fields prefill the checkout form. Gated to authenticated non-admin users:
 //! anonymous visitors are bounced to `/login`. Admins have their own area and
 //! are sent to the dashboard.
 //!
 //! The account *type* (personal vs company) is fixed at registration and lives
 //! on the user — it is shown here read-only and can never be changed. The
 //! profile only edits the type-specific details (company identity + address).
 use axum_extra::extract::cookie::CookieJar;
 use loco_rs::prelude::*;
@@ -10,13 +14,15 @@ use serde_json::json;
 use crate::{
    controllers::i18n::current_lang,
-    models::customer_profiles::{self, ProfileFields},
+    models::{
        customer_profiles::{self, ProfileFields},
        users,
    },
    shared::guard,
 };
 #[derive(Debug, Deserialize)]
 struct ProfileForm {
    account_type: Option<String>,
    company_name: Option<String>,
    company_id: Option<String>,
    tax_id: Option<String>,
@@ -33,23 +39,11 @@ fn trimmed(value: Option<&str>) -> Option<String> {
    value.map(str::trim).filter(|v| !v.is_empty()).map(String::from)
 }
-/// Normalize an account type to one of the two known values, defaulting to
+/// Build the persisted fields from the submitted form. Company identifiers are
-/// "personal" for anything unexpected.
+/// only kept for company accounts (a personal account can never carry them).
-pub fn normalize_account_type(value: Option<&str>) -> String {
+fn fields_from_form(form: &ProfileForm, is_company: bool) -> ProfileFields {
    match value.map(str::trim) {
        Some("company") => "company".to_string(),
        _ => "personal".to_string(),
    }
 }
 impl From<ProfileForm> for ProfileFields {
    fn from(form: ProfileForm) -> Self {
        let is_company = normalize_account_type(form.account_type.as_deref()) == "company";
        // Company identifiers are only stored for company accounts, so switching
        // back to personal clears stale data.
    let company = |v: Option<&str>| if is_company { trimmed(v) } else { None };
-        Self {
+    ProfileFields {
            account_type: normalize_account_type(form.account_type.as_deref()),
        company_name: company(form.company_name.as_deref()),
        company_id: company(form.company_id.as_deref()),
        tax_id: company(form.tax_id.as_deref()),
@@ -62,13 +56,11 @@ impl From<ProfileForm> for ProfileFields {
        country: trimmed(form.country.as_deref()),
    }
 }
 }
 /// The profile fields held by a saved profile, for re-prefilling the form.
 fn fields_of(profile: Option<&customer_profiles::Model>) -> ProfileFields {
    match profile {
        Some(p) => ProfileFields {
            account_type: p.account_type.clone(),
            company_name: p.company_name.clone(),
            company_id: p.company_id.clone(),
            tax_id: p.tax_id.clone(),
@@ -80,30 +72,22 @@ fn fields_of(profile: Option<&customer_profiles::Model>) -> ProfileFields {
            zip: p.zip.clone(),
            country: p.country.clone(),
        },
-        None => ProfileFields {
+        None => ProfileFields::default(),
            account_type: "personal".to_string(),
            ..Default::default()
        },
    }
 }
-/// A company profile must carry its invoicing identity (company name + IČO +
+/// A company account must carry its invoicing identity (company name + IČO +
-/// DIČ; IČ DPH stays optional). Personal profiles have no such requirement.
+/// DIČ; IČ DPH stays optional). Personal accounts have no such requirement.
 fn company_fields_missing(fields: &ProfileFields) -> bool {
-    fields.account_type == "company"
+    fields.company_name.is_none() || fields.company_id.is_none() || fields.tax_id.is_none()
        && (fields.company_name.is_none()
            || fields.company_id.is_none()
            || fields.tax_id.is_none())
 }
-/// Render the profile form prefilled from `fields`. `saved` shows the success
+/// Render the profile form for `user`, prefilled from `fields`. `saved` shows
-/// banner; `error` shows a validation message and is set when a company profile
+/// the success banner; `error` shows the company-required validation message.
 /// is missing required identifiers.
 fn profile_view(
    v: &TeraView,
    jar: &CookieJar,
-    name: &str,
+    user: &users::Model,
    email: &str,
    fields: &ProfileFields,
    saved: bool,
    error: bool,
@@ -116,9 +100,9 @@ fn profile_view(
            "logged_in_customer": true,
            "saved": saved,
            "error": error,
-            "name": name,
+            "name": user.name,
-            "email": email,
+            "email": user.email,
-            "account_type": fields.account_type,
+            "account_type": user.account_type,
            "company_name": fields.company_name,
            "company_id": fields.company_id,
            "tax_id": fields.tax_id,
@@ -147,7 +131,7 @@ async fn profile_page(
        return format::redirect("/admin/dashboard");
    }
    let profile = customer_profiles::Model::find_for_user(&ctx.db, user.id).await?;
-    profile_view(&v, &jar, &user.name, &user.email, &fields_of(profile.as_ref()), false, false)
+    profile_view(&v, &jar, &user, &fields_of(profile.as_ref()), false, false)
 }
 #[debug_handler]
@@ -163,14 +147,14 @@ async fn save_profile(
    if guard::is_admin(&ctx, &user) {
        return format::redirect("/admin/dashboard");
    }
-    let fields: ProfileFields = form.into();
+    let fields = fields_from_form(&form, user.is_company());
-    // A company profile is rejected (and the form re-shown with the entered
+    // A company account's profile is rejected (and re-shown with the entered
    // values) until it carries its required identifiers.
-    if company_fields_missing(&fields) {
+    if user.is_company() && company_fields_missing(&fields) {
-        return profile_view(&v, &jar, &user.name, &user.email, &fields, false, true);
+        return profile_view(&v, &jar, &user, &fields, false, true);
    }
    customer_profiles::Model::upsert(&ctx.db, user.id, fields.clone()).await?;
-    profile_view(&v, &jar, &user.name, &user.email, &fields, true, false)
+    profile_view(&v, &jar, &user, &fields, true, false)
 }
 pub fn routes() -> Routes {
--- a/src/controllers/auth_pages.rs
+++ b/src/controllers/auth_pages.rs
@@ -185,6 +185,71 @@ fn verified_view(v: &TeraView, jar: &CookieJar, ok: bool) -> Result<Response> {
    )
 }
 /// Set-password form for accounts created during checkout (and any account that
 /// has a valid reset token). Reuses the password-reset token machinery.
 #[derive(Debug, serde::Deserialize)]
 struct SetPasswordForm {
    token: String,
    password: String,
    password_confirm: String,
 }
 fn set_password_view(
    v: &TeraView,
    jar: &CookieJar,
    token: &str,
    valid: bool,
    error: Option<&str>,
 ) -> Result<Response> {
    format::view(
        v,
        "auth/set_password.html",
        json!({
            "token": token,
            "valid": valid,
            "error": error,
            "logged_in_admin": false,
            "lang": current_lang(jar),
        }),
    )
 }
 #[debug_handler]
 async fn set_password_page(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
    Path(token): Path<String>,
 ) -> Result<Response> {
    let valid = users::Model::find_by_reset_token(&ctx.db, &token).await.is_ok();
    set_password_view(&v, &jar, &token, valid, None)
 }
 #[debug_handler]
 async fn set_password(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
    Form(form): Form<SetPasswordForm>,
 ) -> Result<Response> {
    let Ok(user) = users::Model::find_by_reset_token(&ctx.db, &form.token).await else {
        return set_password_view(&v, &jar, &form.token, false, None);
    };
    if form.password != form.password_confirm {
        return set_password_view(&v, &jar, &form.token, true, Some("mismatch"));
    }
    if form.password.len() < 8 {
        return set_password_view(&v, &jar, &form.token, true, Some("weak"));
    }
    // Setting the password through an emailed link also proves email ownership,
    // so the account is marked verified here.
    let user = user.into_active_model().reset_password(&ctx.db, &form.password).await?;
    if user.email_verified_at.is_none() {
        user.into_active_model().verified(&ctx.db).await?;
    }
    format::redirect("/login")
 }
 #[debug_handler]
 async fn logout() -> Result<Response> {
    format::render()
@@ -211,6 +276,8 @@ pub fn routes() -> Routes {
        .add("/register", get(register_page))
        .add("/register", post(register))
        .add("/verify/{token}", get(verify))
        .add("/set-password/{token}", get(set_password_page))
        .add("/set-password", post(set_password))
        .add("/logout", post(logout))
        .add("/admin", get(admin_entry))
 }
--- a/src/controllers/checkout.rs
+++ b/src/controllers/checkout.rs
@@ -1,6 +1,7 @@
 //! Public checkout flow: the checkout form, placing an order, and the order
 //! confirmation page.
 use axum::extract::Query;
 use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite};
 use loco_rs::prelude::*;
 use sea_orm::{ColumnTrait, EntityTrait, QueryFilter, QueryOrder};
@@ -9,9 +10,13 @@ use serde_json::json;
 use time::Duration as TimeDuration;
 use crate::{
    controllers::account::normalize_account_type,
    controllers::cart::{resolve_cart, CART_COOKIE},
-    models::{customer_profiles::{self, ProfileFields}, order_items, orders, shipping_methods},
+    mailers::auth::AuthMailer,
    models::{
        customer_profiles::{self, ProfileFields},
        order_items, orders, shipping_methods,
        users::{self, normalize_account_type},
    },
    controllers::i18n::current_lang,
    shared::{guard, money::format_price, settings},
    views::checkout as view,
@@ -41,6 +46,8 @@ struct CheckoutForm {
    pickup_point_name: Option<String>,
    // Present (as "on") only when a logged-in customer ticks "save my address".
    save_profile: Option<String>,
    // Present only when a guest ticks "create an account from this order".
    create_account: Option<String>,
 }
 fn trimmed(value: &str) -> Option<String> {
@@ -119,9 +126,13 @@ async fn checkout_page(
            "packeta_api_key": settings::get(&ctx, "packeta_api_key").unwrap_or(""),
            "logged_in_admin": is_admin,
            "logged_in_customer": is_customer,
            // A logged-in customer's account type is fixed; only guests pick it
            // and may opt to create an account from the order.
            "account_fixed": is_customer,
            "can_create_account": user.is_none(),
            "prefill_email": user.as_ref().filter(|_| is_customer).map(|u| u.email.clone()),
            "prefill_name": user.as_ref().filter(|_| is_customer).map(|u| u.name.clone()),
-            "prefill_account_type": profile.as_ref().map_or("personal", |x| x.account_type.as_str()),
+            "prefill_account_type": user.as_ref().filter(|_| is_customer).map_or("personal", |u| u.account_type.as_str()),
            "prefill_company_name": p(|x| x.company_name.clone()),
            "prefill_company_id": p(|x| x.company_id.clone()),
            "prefill_tax_id": p(|x| x.tax_id.clone()),
@@ -169,9 +180,20 @@ async fn place_order(
    let zip = require(&form.zip, "zip")?;
    let country = require(&form.country, "country")?;
    // The account type is fixed for a logged-in customer (taken from their
    // account, never the form); a guest picks it on the form. Admins are treated
    // as guests here.
    let current_user = guard::current_user(&ctx, &jar).await;
    let logged_in_customer = current_user
        .as_ref()
        .filter(|u| !guard::is_admin(&ctx, u));
    let account_type = match logged_in_customer {
        Some(u) => u.account_type.clone(),
        None => normalize_account_type(form.account_type.as_deref()),
    };
    // Company purchases must carry the invoicing identifiers (IČO + DIČ
    // required, IČ DPH optional). Personal orders carry none.
    let account_type = normalize_account_type(form.account_type.as_deref());
    let (company_name, company_id, tax_id, vat_id) = if account_type == "company" {
        (
            Some(require(form.company_name.as_deref().unwrap_or(""), "company name")?),
@@ -207,15 +229,9 @@ async fn place_order(
        (None, None)
    };
-    // If a logged-in customer opted in, persist this address to their profile
+    // The address/contact captured here, ready to seed a profile (for the
-    // so the next checkout is prefilled. Phone is stored split (prefix + number)
+    // logged-in "save my address" opt-in or a freshly created guest account).
-    // to match the profile/checkout fields. Best-effort: a failure here is logged
+    let entered_profile = || ProfileFields {
    // but must not block the order.
    if form.save_profile.is_some() {
        if let Some(user) = guard::current_user(&ctx, &jar).await {
            if !guard::is_admin(&ctx, &user) {
                let fields = ProfileFields {
                    account_type: account_type.clone(),
        company_name: company_name.clone(),
        company_id: company_id.clone(),
        tax_id: tax_id.clone(),
@@ -227,9 +243,56 @@ async fn place_order(
        zip: Some(zip.clone()),
        country: Some(country.clone()),
    };
-                if let Err(err) = customer_profiles::Model::upsert(&ctx.db, user.id, fields).await {
+
-                    tracing::error!(error = %err, user_id = user.id, "failed to save checkout profile");
+    // Resolve the account that will own this order. A logged-in customer always
    // owns their orders. A guest may opt to create an account from the order;
    // the new account's type matches what they bought as, its profile is seeded
    // from the entered details, and a "set your password" link is emailed. If
    // the email already belongs to an account we silently fall back to a guest
    // order (no hijacking an existing account).
    let mut order_user_id = logged_in_customer.map(|u| u.id);
    let mut account_created = false;
    if order_user_id.is_none() && form.create_account.is_some() {
        match users::Model::create_guest_account(&ctx.db, &email, &customer_name, &account_type)
            .await
        {
            Ok(new_user) => {
                if let Err(err) =
                    customer_profiles::Model::upsert(&ctx.db, new_user.id, entered_profile()).await
                {
                    tracing::error!(error = %err, user_id = new_user.id, "failed to seed guest profile");
                }
                let user_id = new_user.id;
                match new_user.into_active_model().set_forgot_password_sent(&ctx.db).await {
                    Ok(user) => {
                        if let Err(err) = AuthMailer::send_set_password(&ctx, &user).await {
                            tracing::error!(error = %err, "failed to send set-password email");
                        }
                        order_user_id = Some(user_id);
                        account_created = true;
                    }
                    Err(err) => {
                        tracing::error!(error = %err, "failed to issue set-password token");
                        order_user_id = Some(user_id);
                    }
                }
            }
            Err(ModelError::EntityAlreadyExists {}) => {
                tracing::info!(email = %email, "checkout account-create skipped: email already registered");
            }
            Err(err) => tracing::error!(error = %err, "failed to create checkout account"),
        }
    }
    // If a logged-in customer opted in, persist this address to their profile so
    // the next checkout is prefilled. Best-effort: a failure here is logged but
    // must not block the order.
    if form.save_profile.is_some() {
        if let Some(user) = logged_in_customer {
            if let Err(err) =
                customer_profiles::Model::upsert(&ctx.db, user.id, entered_profile()).await
            {
                tracing::error!(error = %err, user_id = user.id, "failed to save checkout profile");
            }
        }
    }
@@ -241,6 +304,7 @@ async fn place_order(
            email,
            phone,
            customer_name: Some(customer_name),
            user_id: order_user_id,
            account_type,
            company_name,
            company_id,
@@ -259,9 +323,14 @@ async fn place_order(
    )
    .await?;
    let target = if account_created {
        format!("/orders/{}?account_created=1", order.order_number)
    } else {
        format!("/orders/{}", order.order_number)
    };
    format::render()
        .cookies(&[cleared_cart_cookie()])?
-        .redirect(&format!("/orders/{}", order.order_number))
+        .redirect(&target)
 }
 #[debug_handler]
@@ -269,6 +338,7 @@ async fn order_confirmation(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    Path(order_number): Path<String>,
    Query(params): Query<std::collections::HashMap<String, String>>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    let order = orders::Entity::find()
@@ -281,6 +351,7 @@ async fn order_confirmation(
        .all(&ctx.db)
        .await?;
    let (logged_in_admin, logged_in_customer) = guard::chrome(&ctx, &jar).await;
    let account_created = params.contains_key("account_created");
    format::view(
        &v,
@@ -294,6 +365,7 @@ async fn order_confirmation(
            "items": view::items(&items),
            "logged_in_admin": logged_in_admin,
            "logged_in_customer": logged_in_customer,
            "account_created": account_created,
            "lang": current_lang(&jar),
        }),
    )
--- a/src/initializers/admin_seeder.rs
+++ b/src/initializers/admin_seeder.rs
@@ -43,6 +43,7 @@ impl Initializer for AdminSeeder {
                    email: email.clone(),
                    password,
                    name,
                    account_type: None,
                },
            )
            .await?;
--- a/src/mailers/auth.rs
+++ b/src/mailers/auth.rs
@@ -9,6 +9,7 @@ use crate::models::users;
 static welcome: Dir<'_> = include_dir!("src/mailers/auth/welcome");
 static forgot: Dir<'_> = include_dir!("src/mailers/auth/forgot");
 static magic_link: Dir<'_> = include_dir!("src/mailers/auth/magic_link");
 static set_password: Dir<'_> = include_dir!("src/mailers/auth/set_password");
 #[allow(clippy::module_name_repetitions)]
 pub struct AuthMailer {}
@@ -62,6 +63,31 @@ impl AuthMailer {
        Ok(())
    }
    /// Sends a "set your password" email to a checkout-created account. Reuses
    /// the reset token; the link lands on the HTML `/set-password/{token}` page.
    ///
    /// # Errors
    ///
    /// When email sending is failed
    pub async fn send_set_password(ctx: &AppContext, user: &users::Model) -> Result<()> {
        Self::mail_template(
            ctx,
            &set_password,
            mailer::Args {
                to: user.email.to_string(),
                locals: json!({
                  "name": user.name,
                  "resetToken": user.reset_token,
                  "domain": ctx.config.server.full_url()
                }),
                ..Default::default()
            },
        )
        .await?;
        Ok(())
    }
    /// Sends a magic link authentication email to the user.
    ///
    /// # Errors
--- a/src/mailers/auth/set_password/html.t
+++ b/src/mailers/auth/set_password/html.t
@@ -0,0 +1,10 @@
 <html>
 <body>
  Hey {{name}},
  Thanks for your order! We created an account for you. Set your password to finish, then you can track your orders:
  <a href="{{domain}}/set-password/{{resetToken}}">Set your password</a>
  If you didn't place this order, you can ignore this email.
 </body>
 </html>
--- a/src/mailers/auth/set_password/subject.t
+++ b/src/mailers/auth/set_password/subject.t
@@ -0,0 +1 @@
 Set your password
--- a/src/mailers/auth/set_password/text.t
+++ b/src/mailers/auth/set_password/text.t
@@ -0,0 +1,7 @@
 Hey {{name}},
 Thanks for your order! We created an account for you. Set your password to finish, then you can track your orders:
 {{domain}}/set-password/{{resetToken}}
 If you didn't place this order, you can ignore this email.
--- a/src/models/_entities/customer_profiles.rs
+++ b/src/models/_entities/customer_profiles.rs
@@ -13,7 +13,6 @@ pub struct Model {
    pub id: i32,
    #[sea_orm(unique)]
    pub user_id: i32,
    pub account_type: String,
    pub company_name: Option<String>,
    pub company_id: Option<String>,
    pub tax_id: Option<String>,
--- a/src/models/_entities/orders.rs
+++ b/src/models/_entities/orders.rs
@@ -18,6 +18,7 @@ pub struct Model {
    pub status: String,
    pub total_cents: i64,
    pub currency: String,
    pub user_id: Option<i32>,
    pub account_type: String,
    pub company_name: Option<String>,
    pub company_id: Option<String>,
--- a/src/models/_entities/users.rs
+++ b/src/models/_entities/users.rs
@@ -25,6 +25,7 @@ pub struct Model {
    pub magic_link_token: Option<String>,
    pub magic_link_expiration: Option<DateTimeWithTimeZone>,
    pub theme: String,
    pub account_type: String,
 }
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
--- a/src/models/customer_profiles.rs
+++ b/src/models/customer_profiles.rs
@@ -9,11 +9,10 @@ use sea_orm::{ActiveValue, IntoActiveModel, QueryFilter, TryIntoModel};
 pub type CustomerProfiles = Entity;
 /// The editable profile fields, shared by the profile page and the checkout
-/// "save my address" path. `account_type` is "personal" or "company"; the
+/// "save my address" path. The `company_*` fields are only meaningful for
-/// `company_*` fields are only meaningful for company accounts.
+/// company accounts (account type now lives on `users`, fixed at registration).
 #[derive(Debug, Default, Clone)]
 pub struct ProfileFields {
    pub account_type: String,
    pub company_name: Option<String>,
    pub company_id: Option<String>,
    pub tax_id: Option<String>,
@@ -59,7 +58,6 @@ impl Model {
                ..Default::default()
            },
        };
        active.account_type = ActiveValue::set(fields.account_type);
        active.company_name = ActiveValue::set(fields.company_name);
        active.company_id = ActiveValue::set(fields.company_id);
        active.tax_id = ActiveValue::set(fields.tax_id);
--- a/src/models/orders.rs
+++ b/src/models/orders.rs
@@ -14,6 +14,9 @@ pub struct Checkout {
    pub email: String,
    pub phone: String,
    pub customer_name: Option<String>,
    /// The account that owns this order, if any (a logged-in buyer or a guest
    /// who created an account during checkout). `None` for pure guest orders.
    pub user_id: Option<i32>,
    pub account_type: String,
    pub company_name: Option<String>,
    pub company_id: Option<String>,
@@ -75,6 +78,7 @@ pub async fn place(ctx: &AppContext, items: &[(i32, i32)], details: Checkout) ->
        status: Set("pending".to_string()),
        total_cents: Set(subtotal + details.method.price_cents),
        currency: Set(currency),
        user_id: Set(details.user_id),
        account_type: Set(details.account_type),
        company_name: Set(details.company_name),
        company_id: Set(details.company_id),
--- a/src/models/users.rs
+++ b/src/models/users.rs
@@ -24,6 +24,21 @@ pub struct RegisterParams {
    pub email: String,
    pub password: String,
    pub name: String,
    /// "personal" or "company"; permanent for the account. Optional on the wire
    /// (older/JSON callers omit it) and normalized via [`normalize_account_type`].
    #[serde(default)]
    pub account_type: Option<String>,
 }
 /// Normalize an account type to one of the two permanent values, defaulting to
 /// "personal" for anything missing or unexpected. An account's type is chosen
 /// once at registration and never changes.
 #[must_use]
 pub fn normalize_account_type(value: Option<&str>) -> String {
    match value.map(str::trim) {
        Some("company") => "company".to_string(),
        _ => "personal".to_string(),
    }
 }
 #[derive(Debug, Validate, Deserialize)]
@@ -216,6 +231,13 @@ impl Model {
        hash::verify_password(password, &self.password)
    }
    /// Whether this is a company account (vs a personal one). Fixed at
    /// registration.
    #[must_use]
    pub fn is_company(&self) -> bool {
        self.account_type == "company"
    }
    /// Asynchronously creates a user with a password and saves it to the
    /// database.
    ///
@@ -247,6 +269,7 @@ impl Model {
            email: ActiveValue::set(params.email.to_string()),
            password: ActiveValue::set(password_hash),
            name: ActiveValue::set(params.name.to_string()),
            account_type: ActiveValue::set(normalize_account_type(params.account_type.as_deref())),
            ..Default::default()
        }
        .insert(&txn)
@@ -257,6 +280,41 @@ impl Model {
        Ok(user)
    }
    /// Creates an account on behalf of a checkout guest. The user never picks a
    /// password here (a strong random one satisfies the NOT NULL column, as in
    /// the OAuth path); they receive a "set your password" link by email. Errors
    /// with [`ModelError::EntityAlreadyExists`] if the email is already taken.
    ///
    /// # Errors
    ///
    /// When the email already exists or the insert fails.
    pub async fn create_guest_account(
        db: &DatabaseConnection,
        email: &str,
        name: &str,
        account_type: &str,
    ) -> ModelResult<Self> {
        let password = PasswordGenerator::new()
            .length(16)
            .numbers(true)
            .lowercase_letters(true)
            .uppercase_letters(true)
            .symbols(true)
            .strict(true)
            .generate_one()
            .map_err(|e| ModelError::Any(e.into()))?;
        Self::create_with_password(
            db,
            &RegisterParams {
                email: email.to_string(),
                password,
                name: name.to_string(),
                account_type: Some(account_type.to_string()),
            },
        )
        .await
    }
    /// Creates a JWT
    ///
    /// # Errors