account type is permanent and password registration is now working at checkout

assets/i18n/en/main.ftl

@@ -274,6 +274,18 @@ profile-intro = We'll use these details to prefill checkout.
 profile-saved = Profile saved.
 profile-save = Save profile
 profile-company-required = For a company account, please fill in company name, IČO and DIČ.
+account-type-locked = Account type can't be changed after registration.
+checkout-create-account = Create an account from this order
+checkout-create-account-hint = We'll email you a link to set your password. This order will be linked to your account.
+order-account-created = We created an account for you. Check your email to set your password.
+set-password-title = Set your password
+set-password-intro = Choose a password to finish setting up your account.
+set-password-new = New password
+set-password-confirm = Confirm password
+set-password-submit = Set password
+set-password-invalid = This link is invalid or has expired.
+set-password-weak = Password must be at least 8 characters.
+set-password-mismatch = Passwords don't match.
 order-confirmed-title = Thank you for your order!
 order-confirmed-sub = We have received your order.
 order-number = Order number

assets/i18n/sk/main.ftl

@@ -274,6 +274,18 @@ profile-intro = Tieto údaje použijeme na predvyplnenie pokladne.
 profile-saved = Profil bol uložený.
 profile-save = Uložiť profil
 profile-company-required = Pri firemnom účte vyplňte názov firmy, IČO a DIČ.
+account-type-locked = Typ účtu sa po registrácii nedá zmeniť.
+checkout-create-account = Vytvoriť účet z tejto objednávky
+checkout-create-account-hint = Pošleme vám e-mail na nastavenie hesla. Objednávka sa priradí k vášmu účtu.
+order-account-created = Vytvorili sme vám účet. Skontrolujte si e-mail a nastavte si heslo.
+set-password-title = Nastavte si heslo
+set-password-intro = Zvoľte si heslo a dokončite vytvorenie účtu.
+set-password-new = Nové heslo
+set-password-confirm = Potvrďte heslo
+set-password-submit = Nastaviť heslo
+set-password-invalid = Odkaz je neplatný alebo vypršal.
+set-password-weak = Heslo musí mať aspoň 8 znakov.
+set-password-mismatch = Heslá sa nezhodujú.
 order-confirmed-title = Ďakujeme za objednávku!
 order-confirmed-sub = Vašu objednávku sme prijali.
 order-number = Číslo objednávky

assets/views/account/profile.html

@@ -17,25 +17,23 @@
   {{ ui::alert_danger(message=t(key="profile-company-required", lang=lang | default(value='sk')), extra="mt-4") }}
   {% endif %}
 
-  <form method="post" action="/account/profile" hx-boost="false" class="mt-6 space-y-6"
+  <form method="post" action="/account/profile" hx-boost="false" class="mt-6 space-y-6">
-    x-data="{ accountType: '{{ account_type | default(value='personal') }}' }">
+    <!-- account type is fixed at registration and shown read-only -->
-    <!-- personal vs company: an account is exactly one of the two -->
+    <fieldset class="space-y-2 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
-    <fieldset class="space-y-3 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
       <legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</legend>
-      <div class="grid gap-3 sm:grid-cols-2">
+      <div class="flex items-center gap-2">
-        <label class="flex cursor-pointer items-center gap-3 rounded-radius border border-outline px-4 py-3 transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
+        {% if account_type == "company" %}
-          {{ ui::radio(name="account_type", value="personal", attrs='x-model="accountType"') }}
+        {{ ui::badge(label=t(key="account-company", lang=lang | default(value='sk')), variant="primary") }}
-          <span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-personal", lang=lang | default(value='sk')) }}</span>
+        {% else %}
-        </label>
+        {{ ui::badge(label=t(key="account-personal", lang=lang | default(value='sk')), variant="neutral") }}
-        <label class="flex cursor-pointer items-center gap-3 rounded-radius border border-outline px-4 py-3 transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
+        {% endif %}
-          {{ ui::radio(name="account_type", value="company", attrs='x-model="accountType"') }}
+        <span class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-type-locked", lang=lang | default(value='sk')) }}</span>
-          <span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company", lang=lang | default(value='sk')) }}</span>
-        </label>
       </div>
     </fieldset>
 
+    {% if account_type == "company" %}
     <!-- company billing details (company accounts only) -->
-    <fieldset x-show="accountType === 'company'" x-cloak class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
+    <fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
       <legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company-details", lang=lang | default(value='sk')) }}</legend>
       <div class="space-y-1.5">
         <label for="company_name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="company-name", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
@@ -56,6 +54,7 @@
         </div>
       </div>
     </fieldset>
+    {% endif %}
 
     <!-- contact (name/email are managed by the login) -->
     <fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">

assets/views/auth/register.html

@@ -27,6 +27,21 @@
       {% endif %}
 
       <form method="post" action="/register" hx-boost="false" class="mt-4 flex flex-col gap-4">
+        <div class="flex flex-col gap-1.5">
+          <span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</span>
+          <div class="grid grid-cols-2 gap-2">
+            <label class="flex cursor-pointer items-center gap-2 rounded-radius border border-outline px-3 py-2 text-sm transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
+              {{ ui::radio(name="account_type", value="personal", checked=true) }}
+              <span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-personal", lang=lang | default(value='sk')) }}</span>
+            </label>
+            <label class="flex cursor-pointer items-center gap-2 rounded-radius border border-outline px-3 py-2 text-sm transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
+              {{ ui::radio(name="account_type", value="company") }}
+              <span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company", lang=lang | default(value='sk')) }}</span>
+            </label>
+          </div>
+          <span class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-type-locked", lang=lang | default(value='sk')) }}</span>
+        </div>
+
         <div class="flex flex-col gap-1">
           <label for="name"
             class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">

assets/views/auth/set_password.html

@@ -0,0 +1,47 @@
+{% extends "base.html" %}
+{% import "macros/ui.html" as ui %}
+
+{% block title %}{{ t(key="set-password-title", lang=lang | default(value='sk')) }}{% endblock title %}
+
+{% block content %}
+<div class="mx-auto mt-8 max-w-sm">
+  <div class="rounded-radius border border-outline bg-surface-alt shadow-sm dark:border-outline-dark dark:bg-surface-dark-alt">
+    <div class="flex items-center justify-between border-b border-outline px-5 py-3 dark:border-outline-dark">
+      <span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="brand", lang=lang | default(value='sk')) }}</span>
+      {{ ui::badge(label=t(key="auth", lang=lang | default(value='sk')), variant="primary") }}
+    </div>
+
+    <div class="p-5">
+      <h1 class="text-xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-title", lang=lang | default(value='sk')) }}</h1>
+
+      {% if not valid %}
+      {{ ui::alert_danger(message=t(key="set-password-invalid", lang=lang | default(value='sk')), extra="mt-3") }}
+      <p class="mt-4 text-sm text-on-surface dark:text-on-surface-dark">
+        <a href="/login" class="font-medium text-primary underline-offset-2 hover:underline dark:text-primary-dark">{{ t(key="nav-login", lang=lang | default(value='sk')) }}</a>
+      </p>
+      {% else %}
+      <p class="mt-1 text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="set-password-intro", lang=lang | default(value='sk')) }}</p>
+
+      {% if error == "mismatch" %}
+      {{ ui::alert_danger(message=t(key="set-password-mismatch", lang=lang | default(value='sk')), extra="mt-3") }}
+      {% elif error == "weak" %}
+      {{ ui::alert_danger(message=t(key="set-password-weak", lang=lang | default(value='sk')), extra="mt-3") }}
+      {% endif %}
+
+      <form method="post" action="/set-password" hx-boost="false" class="mt-4 flex flex-col gap-4">
+        <input type="hidden" name="token" value="{{ token }}">
+        <div class="flex flex-col gap-1">
+          <label for="password" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-new", lang=lang | default(value='sk')) }}</label>
+          {{ ui::input(name="password", id="password", type="password", required=true, autocomplete="new-password", attrs="autofocus") }}
+        </div>
+        <div class="flex flex-col gap-1">
+          <label for="password_confirm" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-confirm", lang=lang | default(value='sk')) }}</label>
+          {{ ui::input(name="password_confirm", id="password_confirm", type="password", required=true, autocomplete="new-password") }}
+        </div>
+        {{ ui::button(label=t(key="set-password-submit", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full") }}
+      </form>
+      {% endif %}
+    </div>
+  </div>
+</div>
+{% endblock content %}

assets/views/shop/checkout.html

@@ -32,9 +32,20 @@
   class="mt-6 grid gap-8 lg:grid-cols-3">
 
   <div class="space-y-6 lg:col-span-2">
-    <!-- personal vs company -->
+    <!-- personal vs company. Fixed (read-only) for a logged-in account; a guest
+         picks it and the choice will type any account they create. -->
     <fieldset class="space-y-3 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
       <legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</legend>
+      {% if account_fixed %}
+      <div class="flex items-center gap-2">
+        {% if prefill_account_type == "company" %}
+        {{ ui::badge(label=t(key="account-company", lang=lang | default(value='sk')), variant="primary") }}
+        {% else %}
+        {{ ui::badge(label=t(key="account-personal", lang=lang | default(value='sk')), variant="neutral") }}
+        {% endif %}
+        <span class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-type-locked", lang=lang | default(value='sk')) }}</span>
+      </div>
+      {% else %}
       <div class="grid gap-3 sm:grid-cols-2">
         <label class="flex cursor-pointer items-center gap-3 rounded-radius border border-outline px-4 py-3 transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
           {{ ui::radio(name="account_type", value="personal", attrs='x-model="accountType"') }}
@@ -45,6 +56,7 @@
           <span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company", lang=lang | default(value='sk')) }}</span>
         </label>
       </div>
+      {% endif %}
     </fieldset>
 
     <!-- company billing details (company accounts only) -->
@@ -221,6 +233,14 @@
     <!-- logged-in customers can persist this address to their profile for next time -->
     {{ ui::checkbox(name="save_profile", id="save_profile", label=t(key="checkout-save-profile", lang=lang | default(value='sk')), checked=true) }}
     {% endif %}
+
+    {% if can_create_account %}
+    <!-- guests may turn this order into an account (typed by their choice above) -->
+    <div class="space-y-1.5 rounded-radius border border-outline bg-surface p-4 dark:border-outline-dark dark:bg-surface-dark-alt">
+      {{ ui::checkbox(name="create_account", id="create_account", label=t(key="checkout-create-account", lang=lang | default(value='sk'))) }}
+      <p class="pl-6 text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="checkout-create-account-hint", lang=lang | default(value='sk')) }}</p>
+    </div>
+    {% endif %}
   </div>
 
   <!-- summary -->

assets/views/shop/order_confirmed.html

@@ -15,6 +15,12 @@
     <p class="mt-1 text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="order-confirmed-sub", lang=lang | default(value='sk')) }}</p>
   </div>
 
+  {% if account_created %}
+  <div class="rounded-radius border border-primary/40 bg-primary/5 p-4 text-sm text-on-surface dark:border-primary-dark/40 dark:text-on-surface-dark" role="status">
+    {{ t(key="order-account-created", lang=lang | default(value='sk')) }}
+  </div>
+  {% endif %}
+
   <div class="rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
     <div class="flex flex-wrap justify-between gap-2 border-b border-outline pb-3 dark:border-outline-dark">
       <span class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="order-number", lang=lang | default(value='sk')) }}</span>

migration/src/lib.rs

@@ -33,6 +33,7 @@ mod m20260617_000003_add_phone_to_orders;
 mod m20260618_000001_o_auth2_sessions;
 mod m20260618_000002_customer_profiles;
 mod m20260618_000003_account_type;
+mod m20260618_000004_account_ownership;
 pub struct Migrator;
 
 #[async_trait::async_trait]
@@ -70,6 +71,7 @@ impl MigratorTrait for Migrator {
             Box::new(m20260618_000001_o_auth2_sessions::Migration),
             Box::new(m20260618_000002_customer_profiles::Migration),
             Box::new(m20260618_000003_account_type::Migration),
+            Box::new(m20260618_000004_account_ownership::Migration),
             // inject-above (do not remove this comment)
         ]
     }

migration/src/m20260618_000004_account_ownership.rs

@@ -0,0 +1,38 @@
+use loco_rs::schema::*;
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+// Account type becomes a permanent property of the *user* (chosen at
+// registration, never switchable), so it moves off `customer_profiles`. Orders
+// gain a nullable `user_id` linking them to the account that placed them
+// (null for guest orders that didn't create an account).
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
+        add_column(
+            m,
+            "users",
+            "account_type",
+            ColType::StringWithDefault("personal".to_string()),
+        )
+        .await?;
+        add_column(m, "orders", "user_id", ColType::IntegerNull).await?;
+        remove_column(m, "customer_profiles", "account_type").await?;
+        Ok(())
+    }
+
+    async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
+        add_column(
+            m,
+            "customer_profiles",
+            "account_type",
+            ColType::StringWithDefault("personal".to_string()),
+        )
+        .await?;
+        remove_column(m, "orders", "user_id").await?;
+        remove_column(m, "users", "account_type").await?;
+        Ok(())
+    }
+}

src/controllers/account.rs

@@ -2,6 +2,10 @@
 //! fields prefill the checkout form. Gated to authenticated non-admin users:
 //! anonymous visitors are bounced to `/login`. Admins have their own area and
 //! are sent to the dashboard.
+//!
+//! The account *type* (personal vs company) is fixed at registration and lives
+//! on the user — it is shown here read-only and can never be changed. The
+//! profile only edits the type-specific details (company identity + address).
 
 use axum_extra::extract::cookie::CookieJar;
 use loco_rs::prelude::*;
@@ -10,13 +14,15 @@ use serde_json::json;
 
 use crate::{
     controllers::i18n::current_lang,
-    models::customer_profiles::{self, ProfileFields},
+    models::{
+        customer_profiles::{self, ProfileFields},
+        users,
+    },
     shared::guard,
 };
 
 #[derive(Debug, Deserialize)]
 struct ProfileForm {
-    account_type: Option<String>,
     company_name: Option<String>,
     company_id: Option<String>,
     tax_id: Option<String>,
@@ -33,34 +39,21 @@ fn trimmed(value: Option<&str>) -> Option<String> {
     value.map(str::trim).filter(|v| !v.is_empty()).map(String::from)
 }
 
-/// Normalize an account type to one of the two known values, defaulting to
+/// Build the persisted fields from the submitted form. Company identifiers are
-/// "personal" for anything unexpected.
+/// only kept for company accounts (a personal account can never carry them).
-pub fn normalize_account_type(value: Option<&str>) -> String {
+fn fields_from_form(form: &ProfileForm, is_company: bool) -> ProfileFields {
-    match value.map(str::trim) {
+    let company = |v: Option<&str>| if is_company { trimmed(v) } else { None };
-        Some("company") => "company".to_string(),
+    ProfileFields {
-        _ => "personal".to_string(),
+        company_name: company(form.company_name.as_deref()),
-    }
+        company_id: company(form.company_id.as_deref()),
-}
+        tax_id: company(form.tax_id.as_deref()),
-
+        vat_id: company(form.vat_id.as_deref()),
-impl From<ProfileForm> for ProfileFields {
+        phone_prefix: trimmed(form.phone_prefix.as_deref()),
-    fn from(form: ProfileForm) -> Self {
+        phone: trimmed(form.phone.as_deref()),
-        let is_company = normalize_account_type(form.account_type.as_deref()) == "company";
+        address: trimmed(form.address.as_deref()),
-        // Company identifiers are only stored for company accounts, so switching
+        city: trimmed(form.city.as_deref()),
-        // back to personal clears stale data.
+        zip: trimmed(form.zip.as_deref()),
-        let company = |v: Option<&str>| if is_company { trimmed(v) } else { None };
+        country: trimmed(form.country.as_deref()),
-        Self {
-            account_type: normalize_account_type(form.account_type.as_deref()),
-            company_name: company(form.company_name.as_deref()),
-            company_id: company(form.company_id.as_deref()),
-            tax_id: company(form.tax_id.as_deref()),
-            vat_id: company(form.vat_id.as_deref()),
-            phone_prefix: trimmed(form.phone_prefix.as_deref()),
-            phone: trimmed(form.phone.as_deref()),
-            address: trimmed(form.address.as_deref()),
-            city: trimmed(form.city.as_deref()),
-            zip: trimmed(form.zip.as_deref()),
-            country: trimmed(form.country.as_deref()),
-        }
     }
 }
 
@@ -68,7 +61,6 @@ impl From<ProfileForm> for ProfileFields {
 fn fields_of(profile: Option<&customer_profiles::Model>) -> ProfileFields {
     match profile {
         Some(p) => ProfileFields {
-            account_type: p.account_type.clone(),
             company_name: p.company_name.clone(),
             company_id: p.company_id.clone(),
             tax_id: p.tax_id.clone(),
@@ -80,30 +72,22 @@ fn fields_of(profile: Option<&customer_profiles::Model>) -> ProfileFields {
             zip: p.zip.clone(),
             country: p.country.clone(),
         },
-        None => ProfileFields {
+        None => ProfileFields::default(),
-            account_type: "personal".to_string(),
-            ..Default::default()
-        },
     }
 }
 
-/// A company profile must carry its invoicing identity (company name + IČO +
+/// A company account must carry its invoicing identity (company name + IČO +
-/// DIČ; IČ DPH stays optional). Personal profiles have no such requirement.
+/// DIČ; IČ DPH stays optional). Personal accounts have no such requirement.
 fn company_fields_missing(fields: &ProfileFields) -> bool {
-    fields.account_type == "company"
+    fields.company_name.is_none() || fields.company_id.is_none() || fields.tax_id.is_none()
-        && (fields.company_name.is_none()
-            || fields.company_id.is_none()
-            || fields.tax_id.is_none())
 }
 
-/// Render the profile form prefilled from `fields`. `saved` shows the success
+/// Render the profile form for `user`, prefilled from `fields`. `saved` shows
-/// banner; `error` shows a validation message and is set when a company profile
+/// the success banner; `error` shows the company-required validation message.
-/// is missing required identifiers.
 fn profile_view(
     v: &TeraView,
     jar: &CookieJar,
-    name: &str,
+    user: &users::Model,
-    email: &str,
     fields: &ProfileFields,
     saved: bool,
     error: bool,
@@ -116,9 +100,9 @@ fn profile_view(
             "logged_in_customer": true,
             "saved": saved,
             "error": error,
-            "name": name,
+            "name": user.name,
-            "email": email,
+            "email": user.email,
-            "account_type": fields.account_type,
+            "account_type": user.account_type,
             "company_name": fields.company_name,
             "company_id": fields.company_id,
             "tax_id": fields.tax_id,
@@ -147,7 +131,7 @@ async fn profile_page(
         return format::redirect("/admin/dashboard");
     }
     let profile = customer_profiles::Model::find_for_user(&ctx.db, user.id).await?;
-    profile_view(&v, &jar, &user.name, &user.email, &fields_of(profile.as_ref()), false, false)
+    profile_view(&v, &jar, &user, &fields_of(profile.as_ref()), false, false)
 }
 
 #[debug_handler]
@@ -163,14 +147,14 @@ async fn save_profile(
     if guard::is_admin(&ctx, &user) {
         return format::redirect("/admin/dashboard");
     }
-    let fields: ProfileFields = form.into();
+    let fields = fields_from_form(&form, user.is_company());
-    // A company profile is rejected (and the form re-shown with the entered
+    // A company account's profile is rejected (and re-shown with the entered
     // values) until it carries its required identifiers.
-    if company_fields_missing(&fields) {
+    if user.is_company() && company_fields_missing(&fields) {
-        return profile_view(&v, &jar, &user.name, &user.email, &fields, false, true);
+        return profile_view(&v, &jar, &user, &fields, false, true);
     }
     customer_profiles::Model::upsert(&ctx.db, user.id, fields.clone()).await?;
-    profile_view(&v, &jar, &user.name, &user.email, &fields, true, false)
+    profile_view(&v, &jar, &user, &fields, true, false)
 }
 
 pub fn routes() -> Routes {

src/controllers/auth_pages.rs

@@ -185,6 +185,71 @@ fn verified_view(v: &TeraView, jar: &CookieJar, ok: bool) -> Result<Response> {
     )
 }
 
+/// Set-password form for accounts created during checkout (and any account that
+/// has a valid reset token). Reuses the password-reset token machinery.
+#[derive(Debug, serde::Deserialize)]
+struct SetPasswordForm {
+    token: String,
+    password: String,
+    password_confirm: String,
+}
+
+fn set_password_view(
+    v: &TeraView,
+    jar: &CookieJar,
+    token: &str,
+    valid: bool,
+    error: Option<&str>,
+) -> Result<Response> {
+    format::view(
+        v,
+        "auth/set_password.html",
+        json!({
+            "token": token,
+            "valid": valid,
+            "error": error,
+            "logged_in_admin": false,
+            "lang": current_lang(jar),
+        }),
+    )
+}
+
+#[debug_handler]
+async fn set_password_page(
+    jar: CookieJar,
+    ViewEngine(v): ViewEngine<TeraView>,
+    State(ctx): State<AppContext>,
+    Path(token): Path<String>,
+) -> Result<Response> {
+    let valid = users::Model::find_by_reset_token(&ctx.db, &token).await.is_ok();
+    set_password_view(&v, &jar, &token, valid, None)
+}
+
+#[debug_handler]
+async fn set_password(
+    jar: CookieJar,
+    ViewEngine(v): ViewEngine<TeraView>,
+    State(ctx): State<AppContext>,
+    Form(form): Form<SetPasswordForm>,
+) -> Result<Response> {
+    let Ok(user) = users::Model::find_by_reset_token(&ctx.db, &form.token).await else {
+        return set_password_view(&v, &jar, &form.token, false, None);
+    };
+    if form.password != form.password_confirm {
+        return set_password_view(&v, &jar, &form.token, true, Some("mismatch"));
+    }
+    if form.password.len() < 8 {
+        return set_password_view(&v, &jar, &form.token, true, Some("weak"));
+    }
+    // Setting the password through an emailed link also proves email ownership,
+    // so the account is marked verified here.
+    let user = user.into_active_model().reset_password(&ctx.db, &form.password).await?;
+    if user.email_verified_at.is_none() {
+        user.into_active_model().verified(&ctx.db).await?;
+    }
+    format::redirect("/login")
+}
+
 #[debug_handler]
 async fn logout() -> Result<Response> {
     format::render()
@@ -211,6 +276,8 @@ pub fn routes() -> Routes {
         .add("/register", get(register_page))
         .add("/register", post(register))
         .add("/verify/{token}", get(verify))
+        .add("/set-password/{token}", get(set_password_page))
+        .add("/set-password", post(set_password))
         .add("/logout", post(logout))
         .add("/admin", get(admin_entry))
 }

src/controllers/checkout.rs

@@ -1,6 +1,7 @@
 //! Public checkout flow: the checkout form, placing an order, and the order
 //! confirmation page.
 
+use axum::extract::Query;
 use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite};
 use loco_rs::prelude::*;
 use sea_orm::{ColumnTrait, EntityTrait, QueryFilter, QueryOrder};
@@ -9,9 +10,13 @@ use serde_json::json;
 use time::Duration as TimeDuration;
 
 use crate::{
-    controllers::account::normalize_account_type,
     controllers::cart::{resolve_cart, CART_COOKIE},
-    models::{customer_profiles::{self, ProfileFields}, order_items, orders, shipping_methods},
+    mailers::auth::AuthMailer,
+    models::{
+        customer_profiles::{self, ProfileFields},
+        order_items, orders, shipping_methods,
+        users::{self, normalize_account_type},
+    },
     controllers::i18n::current_lang,
     shared::{guard, money::format_price, settings},
     views::checkout as view,
@@ -41,6 +46,8 @@ struct CheckoutForm {
     pickup_point_name: Option<String>,
     // Present (as "on") only when a logged-in customer ticks "save my address".
     save_profile: Option<String>,
+    // Present only when a guest ticks "create an account from this order".
+    create_account: Option<String>,
 }
 
 fn trimmed(value: &str) -> Option<String> {
@@ -119,9 +126,13 @@ async fn checkout_page(
             "packeta_api_key": settings::get(&ctx, "packeta_api_key").unwrap_or(""),
             "logged_in_admin": is_admin,
             "logged_in_customer": is_customer,
+            // A logged-in customer's account type is fixed; only guests pick it
+            // and may opt to create an account from the order.
+            "account_fixed": is_customer,
+            "can_create_account": user.is_none(),
             "prefill_email": user.as_ref().filter(|_| is_customer).map(|u| u.email.clone()),
             "prefill_name": user.as_ref().filter(|_| is_customer).map(|u| u.name.clone()),
-            "prefill_account_type": profile.as_ref().map_or("personal", |x| x.account_type.as_str()),
+            "prefill_account_type": user.as_ref().filter(|_| is_customer).map_or("personal", |u| u.account_type.as_str()),
             "prefill_company_name": p(|x| x.company_name.clone()),
             "prefill_company_id": p(|x| x.company_id.clone()),
             "prefill_tax_id": p(|x| x.tax_id.clone()),
@@ -169,9 +180,20 @@ async fn place_order(
     let zip = require(&form.zip, "zip")?;
     let country = require(&form.country, "country")?;
 
+    // The account type is fixed for a logged-in customer (taken from their
+    // account, never the form); a guest picks it on the form. Admins are treated
+    // as guests here.
+    let current_user = guard::current_user(&ctx, &jar).await;
+    let logged_in_customer = current_user
+        .as_ref()
+        .filter(|u| !guard::is_admin(&ctx, u));
+    let account_type = match logged_in_customer {
+        Some(u) => u.account_type.clone(),
+        None => normalize_account_type(form.account_type.as_deref()),
+    };
+
     // Company purchases must carry the invoicing identifiers (IČO + DIČ
     // required, IČ DPH optional). Personal orders carry none.
-    let account_type = normalize_account_type(form.account_type.as_deref());
     let (company_name, company_id, tax_id, vat_id) = if account_type == "company" {
         (
             Some(require(form.company_name.as_deref().unwrap_or(""), "company name")?),
@@ -207,29 +229,70 @@ async fn place_order(
         (None, None)
     };
 
-    // If a logged-in customer opted in, persist this address to their profile
+    // The address/contact captured here, ready to seed a profile (for the
-    // so the next checkout is prefilled. Phone is stored split (prefix + number)
+    // logged-in "save my address" opt-in or a freshly created guest account).
-    // to match the profile/checkout fields. Best-effort: a failure here is logged
+    let entered_profile = || ProfileFields {
-    // but must not block the order.
+        company_name: company_name.clone(),
-    if form.save_profile.is_some() {
+        company_id: company_id.clone(),
-        if let Some(user) = guard::current_user(&ctx, &jar).await {
+        tax_id: tax_id.clone(),
-            if !guard::is_admin(&ctx, &user) {
+        vat_id: vat_id.clone(),
-                let fields = ProfileFields {
+        phone_prefix: trimmed(&form.phone_prefix),
-                    account_type: account_type.clone(),
+        phone: Some(number.clone()),
-                    company_name: company_name.clone(),
+        address: Some(address.clone()),
-                    company_id: company_id.clone(),
+        city: Some(city.clone()),
-                    tax_id: tax_id.clone(),
+        zip: Some(zip.clone()),
-                    vat_id: vat_id.clone(),
+        country: Some(country.clone()),
-                    phone_prefix: trimmed(&form.phone_prefix),
+    };
-                    phone: Some(number.clone()),
+
-                    address: Some(address.clone()),
+    // Resolve the account that will own this order. A logged-in customer always
-                    city: Some(city.clone()),
+    // owns their orders. A guest may opt to create an account from the order;
-                    zip: Some(zip.clone()),
+    // the new account's type matches what they bought as, its profile is seeded
-                    country: Some(country.clone()),
+    // from the entered details, and a "set your password" link is emailed. If
-                };
+    // the email already belongs to an account we silently fall back to a guest
-                if let Err(err) = customer_profiles::Model::upsert(&ctx.db, user.id, fields).await {
+    // order (no hijacking an existing account).
-                    tracing::error!(error = %err, user_id = user.id, "failed to save checkout profile");
+    let mut order_user_id = logged_in_customer.map(|u| u.id);
+    let mut account_created = false;
+    if order_user_id.is_none() && form.create_account.is_some() {
+        match users::Model::create_guest_account(&ctx.db, &email, &customer_name, &account_type)
+            .await
+        {
+            Ok(new_user) => {
+                if let Err(err) =
+                    customer_profiles::Model::upsert(&ctx.db, new_user.id, entered_profile()).await
+                {
+                    tracing::error!(error = %err, user_id = new_user.id, "failed to seed guest profile");
                 }
+                let user_id = new_user.id;
+                match new_user.into_active_model().set_forgot_password_sent(&ctx.db).await {
+                    Ok(user) => {
+                        if let Err(err) = AuthMailer::send_set_password(&ctx, &user).await {
+                            tracing::error!(error = %err, "failed to send set-password email");
+                        }
+                        order_user_id = Some(user_id);
+                        account_created = true;
+                    }
+                    Err(err) => {
+                        tracing::error!(error = %err, "failed to issue set-password token");
+                        order_user_id = Some(user_id);
+                    }
+                }
+            }
+            Err(ModelError::EntityAlreadyExists {}) => {
+                tracing::info!(email = %email, "checkout account-create skipped: email already registered");
+            }
+            Err(err) => tracing::error!(error = %err, "failed to create checkout account"),
+        }
+    }
+
+    // If a logged-in customer opted in, persist this address to their profile so
+    // the next checkout is prefilled. Best-effort: a failure here is logged but
+    // must not block the order.
+    if form.save_profile.is_some() {
+        if let Some(user) = logged_in_customer {
+            if let Err(err) =
+                customer_profiles::Model::upsert(&ctx.db, user.id, entered_profile()).await
+            {
+                tracing::error!(error = %err, user_id = user.id, "failed to save checkout profile");
             }
         }
     }
@@ -241,6 +304,7 @@ async fn place_order(
             email,
             phone,
             customer_name: Some(customer_name),
+            user_id: order_user_id,
             account_type,
             company_name,
             company_id,
@@ -259,9 +323,14 @@ async fn place_order(
     )
     .await?;
 
+    let target = if account_created {
+        format!("/orders/{}?account_created=1", order.order_number)
+    } else {
+        format!("/orders/{}", order.order_number)
+    };
     format::render()
         .cookies(&[cleared_cart_cookie()])?
-        .redirect(&format!("/orders/{}", order.order_number))
+        .redirect(&target)
 }
 
 #[debug_handler]
@@ -269,6 +338,7 @@ async fn order_confirmation(
     jar: CookieJar,
     ViewEngine(v): ViewEngine<TeraView>,
     Path(order_number): Path<String>,
+    Query(params): Query<std::collections::HashMap<String, String>>,
     State(ctx): State<AppContext>,
 ) -> Result<Response> {
     let order = orders::Entity::find()
@@ -281,6 +351,7 @@ async fn order_confirmation(
         .all(&ctx.db)
         .await?;
     let (logged_in_admin, logged_in_customer) = guard::chrome(&ctx, &jar).await;
+    let account_created = params.contains_key("account_created");
 
     format::view(
         &v,
@@ -294,6 +365,7 @@ async fn order_confirmation(
             "items": view::items(&items),
             "logged_in_admin": logged_in_admin,
             "logged_in_customer": logged_in_customer,
+            "account_created": account_created,
             "lang": current_lang(&jar),
         }),
     )

src/initializers/admin_seeder.rs

@@ -43,6 +43,7 @@ impl Initializer for AdminSeeder {
                     email: email.clone(),
                     password,
                     name,
+                    account_type: None,
                 },
             )
             .await?;

src/mailers/auth.rs

@@ -9,6 +9,7 @@ use crate::models::users;
 static welcome: Dir<'_> = include_dir!("src/mailers/auth/welcome");
 static forgot: Dir<'_> = include_dir!("src/mailers/auth/forgot");
 static magic_link: Dir<'_> = include_dir!("src/mailers/auth/magic_link");
+static set_password: Dir<'_> = include_dir!("src/mailers/auth/set_password");
 
 #[allow(clippy::module_name_repetitions)]
 pub struct AuthMailer {}
@@ -62,6 +63,31 @@ impl AuthMailer {
         Ok(())
     }
 
+    /// Sends a "set your password" email to a checkout-created account. Reuses
+    /// the reset token; the link lands on the HTML `/set-password/{token}` page.
+    ///
+    /// # Errors
+    ///
+    /// When email sending is failed
+    pub async fn send_set_password(ctx: &AppContext, user: &users::Model) -> Result<()> {
+        Self::mail_template(
+            ctx,
+            &set_password,
+            mailer::Args {
+                to: user.email.to_string(),
+                locals: json!({
+                  "name": user.name,
+                  "resetToken": user.reset_token,
+                  "domain": ctx.config.server.full_url()
+                }),
+                ..Default::default()
+            },
+        )
+        .await?;
+
+        Ok(())
+    }
+
     /// Sends a magic link authentication email to the user.
     ///
     /// # Errors

src/mailers/auth/set_password/html.t

@@ -0,0 +1,10 @@
+<html>
+
+<body>
+  Hey {{name}},
+  Thanks for your order! We created an account for you. Set your password to finish, then you can track your orders:
+  <a href="{{domain}}/set-password/{{resetToken}}">Set your password</a>
+  If you didn't place this order, you can ignore this email.
+</body>
+
+</html>

src/mailers/auth/set_password/subject.t

@@ -0,0 +1 @@
+Set your password

src/mailers/auth/set_password/text.t

@@ -0,0 +1,7 @@
+Hey {{name}},
+
+Thanks for your order! We created an account for you. Set your password to finish, then you can track your orders:
+
+{{domain}}/set-password/{{resetToken}}
+
+If you didn't place this order, you can ignore this email.

src/models/_entities/customer_profiles.rs

@@ -13,7 +13,6 @@ pub struct Model {
     pub id: i32,
     #[sea_orm(unique)]
     pub user_id: i32,
-    pub account_type: String,
     pub company_name: Option<String>,
     pub company_id: Option<String>,
     pub tax_id: Option<String>,

src/models/_entities/orders.rs

@@ -18,6 +18,7 @@ pub struct Model {
     pub status: String,
     pub total_cents: i64,
     pub currency: String,
+    pub user_id: Option<i32>,
     pub account_type: String,
     pub company_name: Option<String>,
     pub company_id: Option<String>,

src/models/_entities/users.rs

@@ -25,6 +25,7 @@ pub struct Model {
     pub magic_link_token: Option<String>,
     pub magic_link_expiration: Option<DateTimeWithTimeZone>,
     pub theme: String,
+    pub account_type: String,
 }
 
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]

src/models/customer_profiles.rs

@@ -9,11 +9,10 @@ use sea_orm::{ActiveValue, IntoActiveModel, QueryFilter, TryIntoModel};
 pub type CustomerProfiles = Entity;
 
 /// The editable profile fields, shared by the profile page and the checkout
-/// "save my address" path. `account_type` is "personal" or "company"; the
+/// "save my address" path. The `company_*` fields are only meaningful for
-/// `company_*` fields are only meaningful for company accounts.
+/// company accounts (account type now lives on `users`, fixed at registration).
 #[derive(Debug, Default, Clone)]
 pub struct ProfileFields {
-    pub account_type: String,
     pub company_name: Option<String>,
     pub company_id: Option<String>,
     pub tax_id: Option<String>,
@@ -59,7 +58,6 @@ impl Model {
                 ..Default::default()
             },
         };
-        active.account_type = ActiveValue::set(fields.account_type);
         active.company_name = ActiveValue::set(fields.company_name);
         active.company_id = ActiveValue::set(fields.company_id);
         active.tax_id = ActiveValue::set(fields.tax_id);

src/models/orders.rs

@@ -14,6 +14,9 @@ pub struct Checkout {
     pub email: String,
     pub phone: String,
     pub customer_name: Option<String>,
+    /// The account that owns this order, if any (a logged-in buyer or a guest
+    /// who created an account during checkout). `None` for pure guest orders.
+    pub user_id: Option<i32>,
     pub account_type: String,
     pub company_name: Option<String>,
     pub company_id: Option<String>,
@@ -75,6 +78,7 @@ pub async fn place(ctx: &AppContext, items: &[(i32, i32)], details: Checkout) ->
         status: Set("pending".to_string()),
         total_cents: Set(subtotal + details.method.price_cents),
         currency: Set(currency),
+        user_id: Set(details.user_id),
         account_type: Set(details.account_type),
         company_name: Set(details.company_name),
         company_id: Set(details.company_id),

src/models/users.rs

@@ -24,6 +24,21 @@ pub struct RegisterParams {
     pub email: String,
     pub password: String,
     pub name: String,
+    /// "personal" or "company"; permanent for the account. Optional on the wire
+    /// (older/JSON callers omit it) and normalized via [`normalize_account_type`].
+    #[serde(default)]
+    pub account_type: Option<String>,
+}
+
+/// Normalize an account type to one of the two permanent values, defaulting to
+/// "personal" for anything missing or unexpected. An account's type is chosen
+/// once at registration and never changes.
+#[must_use]
+pub fn normalize_account_type(value: Option<&str>) -> String {
+    match value.map(str::trim) {
+        Some("company") => "company".to_string(),
+        _ => "personal".to_string(),
+    }
 }
 
 #[derive(Debug, Validate, Deserialize)]
@@ -216,6 +231,13 @@ impl Model {
         hash::verify_password(password, &self.password)
     }
 
+    /// Whether this is a company account (vs a personal one). Fixed at
+    /// registration.
+    #[must_use]
+    pub fn is_company(&self) -> bool {
+        self.account_type == "company"
+    }
+
     /// Asynchronously creates a user with a password and saves it to the
     /// database.
     ///
@@ -247,6 +269,7 @@ impl Model {
             email: ActiveValue::set(params.email.to_string()),
             password: ActiveValue::set(password_hash),
             name: ActiveValue::set(params.name.to_string()),
+            account_type: ActiveValue::set(normalize_account_type(params.account_type.as_deref())),
             ..Default::default()
         }
         .insert(&txn)
@@ -257,6 +280,41 @@ impl Model {
         Ok(user)
     }
 
+    /// Creates an account on behalf of a checkout guest. The user never picks a
+    /// password here (a strong random one satisfies the NOT NULL column, as in
+    /// the OAuth path); they receive a "set your password" link by email. Errors
+    /// with [`ModelError::EntityAlreadyExists`] if the email is already taken.
+    ///
+    /// # Errors
+    ///
+    /// When the email already exists or the insert fails.
+    pub async fn create_guest_account(
+        db: &DatabaseConnection,
+        email: &str,
+        name: &str,
+        account_type: &str,
+    ) -> ModelResult<Self> {
+        let password = PasswordGenerator::new()
+            .length(16)
+            .numbers(true)
+            .lowercase_letters(true)
+            .uppercase_letters(true)
+            .symbols(true)
+            .strict(true)
+            .generate_one()
+            .map_err(|e| ModelError::Any(e.into()))?;
+        Self::create_with_password(
+            db,
+            &RegisterParams {
+                email: email.to_string(),
+                password,
+                name: name.to_string(),
+                account_type: Some(account_type.to_string()),
+            },
+        )
+        .await
+    }
+
     /// Creates a JWT
     ///
     /// # Errors