@stamhoofd/backend 2.23.0 → 2.25.0

package/.env.template.json

@@ -12,6 +12,11 @@
             "BE": "www.be.stamhoofd",
             "NL": "www.nl.stamhoofd"
         },
+        "documentation": {
+            "": "www.be.stamhoofd/docs",
+            "BE": "www.be.stamhoofd/docs",
+            "NL": "www.nl.stamhoofd/docs"
+        },
         "webshop": {
             "": "shop.be.stamhoofd",
             "BE": "shop.be.stamhoofd",

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@stamhoofd/backend",
-    "version": "2.23.0",
+    "version": "2.25.0",
     "main": "./dist/index.js",
     "exports": {
         ".": {
@@ -36,14 +36,14 @@
         "@simonbackx/simple-encoding": "2.15.0",
         "@simonbackx/simple-endpoints": "1.14.0",
         "@simonbackx/simple-logging": "^1.0.1",
-        "@stamhoofd/backend-i18n": "2.23.0",
-        "@stamhoofd/backend-middleware": "2.23.0",
-        "@stamhoofd/email": "2.23.0",
-        "@stamhoofd/models": "2.23.0",
-        "@stamhoofd/queues": "2.23.0",
-        "@stamhoofd/sql": "2.23.0",
-        "@stamhoofd/structures": "2.23.0",
-        "@stamhoofd/utility": "2.23.0",
+        "@stamhoofd/backend-i18n": "2.25.0",
+        "@stamhoofd/backend-middleware": "2.25.0",
+        "@stamhoofd/email": "2.25.0",
+        "@stamhoofd/models": "2.25.0",
+        "@stamhoofd/queues": "2.25.0",
+        "@stamhoofd/sql": "2.25.0",
+        "@stamhoofd/structures": "2.25.0",
+        "@stamhoofd/utility": "2.25.0",
         "archiver": "^7.0.1",
         "aws-sdk": "^2.885.0",
         "axios": "1.6.8",
@@ -60,5 +60,5 @@
         "postmark": "4.0.2",
         "stripe": "^16.6.0"
     },
-    "gitHead": "efcdf16aa2160bcb1fd295d0e5c72751caa3356b"
+    "gitHead": "48963030dd9e90bef4ea1c96db2cf6ddb6e1908a"
 }

package/src/crons.ts

@@ -1,9 +1,7 @@
 import { Database } from '@simonbackx/simple-database';
 import { logger, StyledText } from "@simonbackx/simple-logging";
-import { I18n } from '@stamhoofd/backend-i18n';
 import { Email, EmailAddress } from '@stamhoofd/email';
-import { Group, Organization, Payment, Registration, STPackage, STPendingInvoice, Webshop } from '@stamhoofd/models';
-import { QueueHandler } from '@stamhoofd/queues';
+import { Group, Organization, Payment, Registration, STPackage, Webshop } from '@stamhoofd/models';
 import { PaymentMethod, PaymentProvider, PaymentStatus } from '@stamhoofd/structures';
 import { Formatter, sleep } from '@stamhoofd/utility';
 import AWS from 'aws-sdk';
@@ -123,9 +121,7 @@ async function checkWebshopDNS() {
     console.log("[DNS] Checking webshop DNS...")
 
     for (const webshop of webshops) {
-        if (STAMHOOFD.environment === "production" || true) {
-            console.log("[DNS] Webshop "+webshop.meta.name+" ("+webshop.id+")"+" ("+webshop.domain+")")
-        }
+        console.log("[DNS] Webshop "+webshop.meta.name+" ("+webshop.id+")"+" ("+webshop.domain+")")
         await webshop.updateDNSRecords()
     }
 
@@ -133,10 +129,10 @@ async function checkWebshopDNS() {
 }
 
 async function checkReplies() {
-    if (STAMHOOFD.environment !== "production") {
-        return;
+    if (STAMHOOFD.environment !== "production" || !STAMHOOFD.AWS_ACCESS_KEY_ID) {
+        return
     }
-
+    
     console.log("Checking replies from AWS SQS")
     const sqs = new AWS.SQS();
     const messages = await sqs.receiveMessage({ QueueUrl: "https://sqs.eu-west-1.amazonaws.com/118244293157/stamhoofd-email-forwarding", MaxNumberOfMessages: 10 }).promise()
@@ -261,7 +257,7 @@ async function checkPostmarkBounces() {
 }
 
 async function checkBounces() {
-    if (STAMHOOFD.environment !== "production") {
+    if (STAMHOOFD.environment !== "production" || !STAMHOOFD.AWS_ACCESS_KEY_ID) {
         return
     }
     
@@ -343,7 +339,7 @@ async function checkBounces() {
 }
 
 async function checkComplaints() {
-    if (STAMHOOFD.environment !== "production") {
+    if (STAMHOOFD.environment !== "production" || !STAMHOOFD.AWS_ACCESS_KEY_ID) {
         return
     }
 
@@ -396,11 +392,10 @@ async function checkComplaints() {
                                 console.error("[AWS COMPLAINTS] Received virus / fraud complaint!")
                                 console.error("[AWS COMPLAINTS]", complaint)
                                 if (STAMHOOFD.environment === "production") {
-                                    Email.sendInternal({
-                                        to: "simon@stamhoofd.be",
+                                    Email.sendWebmaster({
                                         subject: "Received a "+type+" email notification",
                                         text: "We received a "+type+" notification for an e-mail from the organization: "+organization?.name+". Please check and adjust if needed.\n"
-                                    }, new I18n("nl", "BE"))
+                                    })
                                 }
                             }
                         } else {

package/src/endpoints/auth/CreateAdminEndpoint.ts

@@ -1,13 +1,12 @@
 import { Decoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
 import { SimpleError } from "@simonbackx/simple-errors";
-import { Email } from '@stamhoofd/email';
-import { PasswordToken, User } from '@stamhoofd/models';
-import { User as UserStruct,UserPermissions, UserWithMembers } from "@stamhoofd/structures";
+import { PasswordToken, sendEmailTemplate, User } from '@stamhoofd/models';
+import { EmailTemplateType, Recipient, Replacement, UserPermissions, User as UserStruct, UserWithMembers } from "@stamhoofd/structures";
 import { Formatter } from '@stamhoofd/utility';
 
-import { Context } from '../../helpers/Context';
 import { AuthenticatedStructures } from '../../helpers/AuthenticatedStructures';
+import { Context } from '../../helpers/Context';
 type Params = Record<string, never>;
 type Query = undefined;
 type Body = UserStruct
@@ -95,11 +94,6 @@ export class CreateAdminEndpoint extends Endpoint<Params, Query, Body, ResponseB
 
         await admin.save();
 
-        const { from, replyTo } = {
-            from: organization ? organization.getStrongEmail(request.i18n) : Email.getInternalEmailFor(request.i18n),
-            replyTo: undefined
-        }
-
         // Create a password token that is valid for 7 days
         const validUntil = new Date();
         validUntil.setTime(validUntil.getTime() + 7 * 24 * 3600 * 1000);
@@ -110,28 +104,46 @@ export class CreateAdminEndpoint extends Endpoint<Params, Query, Body, ResponseB
         const name = organization?.name ?? request.i18n.t("shared.platformName")
         const what = organization ? `de vereniging ${name} op ${request.i18n.t("shared.platformName")}` : `${request.i18n.t("shared.platformName")}`
 
-        if (admin.hasAccount()) {
-            const url = "https://"+(STAMHOOFD.domains.dashboard ?? "stamhoofd.app")+"/"+request.i18n.locale;
-
-            Email.send({
-                from,
-                replyTo,
-                to: admin.getEmailTo(),
-                subject: "✉️ Beheerder van "+name,
-                type: "transactional",
-                text: (admin.firstName ? "Dag "+admin.firstName : "Hallo") + `, \n\n${user.firstName ?? 'Iemand'} heeft je toegevoegd als beheerder van ${what}. Je kan inloggen met je bestaande account (${admin.email}) door te surfen naar:\n${url}\n\nDaar kan je jouw vereniging zoeken en aanklikken.\n\n----\n\nWeet je jouw wachtwoord niet meer? Dan kan je een nieuw wachtwoord instellen via de onderstaande link:\n`+recoveryUrl+"\n\nDeze link is geldig tot "+dateTime+".\n\nKen je deze vereniging niet? Dan kan je deze e-mail veilig negeren.\n\nMet vriendelijke groeten,\n"+request.i18n.t("shared.platformName")+"\n"
-            });
-        } else {
-            // Send email
-            Email.send({
-                from,
-                replyTo,
-                to: admin.getEmailTo(),
-                subject: "✉️ Uitnodiging beheerder van "+name,
-                type: "transactional",
-                text: (admin.firstName ? "Dag "+admin.firstName : "Hallo") + `, \n\n${user.firstName ?? 'Iemand'} heeft je uitgenodigd om beheerder te worden van ${what}. Je kan een account aanmaken door op de volgende link te klikken of door deze te kopiëren in de URL-balk van je browser:\n`+recoveryUrl+"\n\nDeze link is geldig tot "+dateTime+".\n\nKen je deze vereniging niet? Dan kan je deze e-mail veilig negeren.\n\nMet vriendelijke groeten,\n"+request.i18n.t("shared.platformName")+"\n"
-            });
-        }
+        const emailTo = admin.getEmailTo();
+        const email: string = typeof emailTo === 'string' ? emailTo : emailTo[0]?.email;
+
+        await sendEmailTemplate(organization, {
+            recipients: [
+                Recipient.create({
+                    email,
+                    replacements: [
+                        Replacement.create({
+                            token: 'greeting',
+                            value: admin.firstName ? `Dag ${admin.firstName},` : 'Hallo!'
+                        }),
+                        Replacement.create({
+                            token: 'resetUrl',
+                            value: recoveryUrl
+                        }),
+                        Replacement.create({
+                            token: 'platformOrOrganizationName',
+                            value: what
+                        }),
+                        Replacement.create({
+                            token: 'inviterName',
+                            value: user.firstName ?? 'Iemand'
+                        }),
+                        Replacement.create({
+                            token: 'validUntil',
+                            value: dateTime
+                        }),
+                        Replacement.create({
+                            token: 'email',
+                            value: admin.email
+                        })
+                    ]
+                })
+            ],
+            template: {
+                type: admin.hasAccount() ? EmailTemplateType.AdminInvitation : EmailTemplateType.AdminInvitationNewUser
+            },
+            type: 'transactional'
+        });
 
         return new Response(
             await AuthenticatedStructures.userWithMembers(admin)

package/src/endpoints/auth/SignupEndpoint.ts

@@ -60,11 +60,11 @@ export class SignupEndpoint extends Endpoint<Params, Query, Body, ResponseBody>
                 // Send an e-mail to say you already have an account + follow password forgot flow
                 const recoveryUrl = await PasswordToken.getPasswordRecoveryUrl(user, organization, request.i18n)
                 const { from, replyTo } = {
-                    from: (user.permissions || !organization ? Email.getInternalEmailFor(request.i18n) : organization.getStrongEmail(request.i18n)),
+                    from: (user.permissions || !organization ? Email.getInternalEmailFor(request.i18n) : organization.getDefaultFrom(request.i18n)),
                     replyTo: undefined
                 }
                 
-                const footer = (!user.permissions && organization ? "\n\n—\n\nOnze ledenadministratie werkt via het Stamhoofd platform, op maat van verenigingen. Probeer het ook via https://"+request.i18n.$t("shared.domains.marketing")+"/ledenadministratie\n\n" : '')
+                const footer = (!user.permissions && organization ? "\n\n—\n\nOnze ledenadministratie werkt via het Stamhoofd platform, op maat van verenigingen. Probeer het ook via https://"+request.i18n.localizedDomains.marketing()+"/ledenadministratie\n\n" : '')
 
                 const name = organization ? organization.name : 'Stamhoofd'
                 // Send email

package/src/endpoints/global/files/ExportToExcelEndpoint.ts

@@ -107,19 +107,14 @@ export class ExportToExcelEndpoint extends Endpoint<Params, Query, Body, Respons
                 return url;
             }).catch(async (error) => {
                 if (sendEmail) {
-                    const builder = await getEmailBuilderForTemplate(organization, {
+                    await sendEmailTemplate(null, {
                         template: {
                             type: EmailTemplateType.ExcelExportFailed
                         },
                         recipients: [
                             user.createRecipient()
-                        ],
-                        from: Email.getInternalEmailFor(Context.i18n)
+                        ]
                     })
-            
-                    if (builder) {
-                        Email.schedule(builder)
-                    }
                 }
                 throw error
             }),

package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.ts

@@ -3,7 +3,7 @@ import { ConvertArrayToPatchableArray, Decoder, PatchableArrayAutoEncoder, Patch
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
 import { SimpleError } from "@simonbackx/simple-errors";
 import { BalanceItem, Document, Group, Member, MemberFactory, MemberPlatformMembership, MemberResponsibilityRecord, MemberWithRegistrations, Organization, Platform, Registration, User } from '@stamhoofd/models';
-import { MemberWithRegistrationsBlob, MembersBlob, PermissionLevel } from "@stamhoofd/structures";
+import { GroupType, MemberWithRegistrationsBlob, MembersBlob, PermissionLevel } from "@stamhoofd/structures";
 import { Formatter } from '@stamhoofd/utility';
 
 import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
@@ -267,6 +267,33 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                     })
                 }
 
+                const hasRegistration = member.registrations.some(registration => {
+                    if (platformResponsibility) {
+                        if (registration.group.defaultAgeGroupId === null) {
+                            return false;
+                        }
+                    }
+
+                    if (org) {
+                        if (registration.periodId !== org.periodId) {
+                            return false;
+                        }
+                    } else {
+                        if (registration.periodId !== platform.periodId) {
+                            return false;
+                        }
+                    }
+                    return registration.deactivatedAt === null && registration.registeredAt !== null && registration.group.type === GroupType.Membership
+                })
+
+                if (!hasRegistration) {
+                    throw new SimpleError({
+                        code: "invalid_field",
+                        message: "Invalid organization",
+                        human: "Je kan een functie enkel toekennen aan leden die zijn ingeschreven in het huidige werkjaar",
+                    })
+                }
+
                 const model = new MemberResponsibilityRecord()
                 model.memberId = member.id
                 model.responsibilityId = responsibility.id

package/src/endpoints/global/platform/PatchPlatformEnpoint.ts

@@ -6,6 +6,7 @@ import { MemberResponsibility, PlatformConfig, PlatformPremiseType, Platform as
 import { SimpleError } from "@simonbackx/simple-errors";
 import { Context } from "../../../helpers/Context";
 import { SetupStepUpdater } from "../../../helpers/SetupStepsUpdater";
+import { PeriodHelper } from "../../../helpers/PeriodHelper";
 
 type Params = Record<string, never>;
 type Query = undefined;
@@ -73,6 +74,7 @@ export class PatchPlatformEndpoint extends Endpoint<
         }
 
         let shouldUpdateSetupSteps = false;
+        let shouldMoveToPeriod: RegistrationPeriod | null = null;
 
         if (request.body.config) {
             if (!Context.auth.hasPlatformFullAccess()) {
@@ -113,6 +115,8 @@ export class PatchPlatformEndpoint extends Endpoint<
                 });
             }
             platform.periodId = period.id;
+            shouldUpdateSetupSteps = true;
+            shouldMoveToPeriod = period;
         }
 
         if (request.body.membershipOrganizationId !== undefined) {
@@ -155,7 +159,10 @@ export class PatchPlatformEndpoint extends Endpoint<
 
         await platform.save();
 
-        if(shouldUpdateSetupSteps) {
+        if (shouldMoveToPeriod) {
+            PeriodHelper.moveAllOrganizationsToPeriod(shouldMoveToPeriod).catch(console.error)
+        } else if(shouldUpdateSetupSteps) {
+            // Do not call this right away when moving to a period, because this needs to happen AFTER moving to the period
             SetupStepUpdater.updateSetupStepsForAllOrganizationsInCurrentPeriod().catch(console.error);
         }
 

package/src/endpoints/global/registration/RegisterMembersEndpoint.ts

@@ -83,11 +83,10 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
             try {
                 limiter.track(organization.id, 1);
             } catch (e) {
-                Email.sendInternal({
-                    to: "hallo@stamhoofd.be",
+                Email.sendWebmaster({
                     subject: "[Limiet] Limiet bereikt voor aantal inschrijvingen",
                     text: "Beste, \nDe limiet werd bereikt voor het aantal inschrijvingen per dag. \nVereniging: "+organization.id+" ("+organization.name+")" + "\n\n" + e.message + "\n\nStamhoofd"
-                }, new I18n("nl", "BE"))
+                })
 
                 throw new SimpleError({
                     code: "too_many_emails_period",

package/src/endpoints/organization/dashboard/email/EmailEndpoint.ts

@@ -95,11 +95,10 @@ export class EmailEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
         try {
             limiter.track(organization.id, request.body.recipients.length);
         } catch (e) {
-            Email.sendInternal({
-                to: "hallo@stamhoofd.be",
+            Email.sendWebmaster({
                 subject: "[Limiet] Limiet bereikt voor aantal e-mails",
                 text: "Beste, \nDe limiet werd bereikt voor het aantal e-mails per dag. \nVereniging: "+organization.id+" ("+organization.name+")" + "\n\n" + e.message + "\n\nStamhoofd"
-            }, new I18n("nl", "BE"))
+            })
 
             throw new SimpleError({
                 code: "too_many_emails_period",
@@ -178,7 +177,7 @@ export class EmailEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
             }
         })
 
-        let from = organization.uri+"@stamhoofd.email";
+        let from = organization.getDefaultFrom(request.i18n, false, 'broadcast');
         let replyTo: string | undefined = sender.email;
 
         // Can we send from this e-mail or reply-to?

package/src/endpoints/organization/dashboard/registration-periods/PatchOrganizationRegistrationPeriodsEndpoint.ts

@@ -1,11 +1,11 @@
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
-import { Group as GroupStruct, GroupPrivateSettings, OrganizationRegistrationPeriod as OrganizationRegistrationPeriodStruct, PermissionLevel, PermissionsResourceType, ResourcePermissions, Version, GroupType } from "@stamhoofd/structures";
+import { GroupPrivateSettings, Group as GroupStruct, GroupType, OrganizationRegistrationPeriod as OrganizationRegistrationPeriodStruct, PermissionLevel, PermissionsResourceType, ResourcePermissions, Version } from "@stamhoofd/structures";
 
 import { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from "@simonbackx/simple-encoding";
-import { Context } from "../../../../helpers/Context";
-import { Group, Member, OrganizationRegistrationPeriod, Platform, RegistrationPeriod } from "@stamhoofd/models";
 import { SimpleError } from "@simonbackx/simple-errors";
+import { Group, Member, Organization, OrganizationRegistrationPeriod, Platform, RegistrationPeriod } from "@stamhoofd/models";
 import { AuthenticatedStructures } from "../../../../helpers/AuthenticatedStructures";
+import { Context } from "../../../../helpers/Context";
 
 type Params = Record<string, never>;
 type Query = undefined;
@@ -46,9 +46,12 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
             if (!await Context.auth.hasFullAccess(organization.id)) {
                 throw Context.auth.error()
             }
-            const period = await RegistrationPeriod.getByID(put.period.id);
+            periods.push(await PatchOrganizationRegistrationPeriodsEndpoint.createOrganizationPeriod(organization, put));
+        }
 
-            if (!period) {
+        for (const patch of request.body.getPatches()) {
+            const organizationPeriod = await OrganizationRegistrationPeriod.getByID(patch.id);
+            if (!organizationPeriod || organizationPeriod.organizationId !== organization.id) {
                 throw new SimpleError({
                     code: "not_found",
                     message: "Period not found",
@@ -56,38 +59,33 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
                 })
             }
 
-            const organizationPeriod = new OrganizationRegistrationPeriod();
-            organizationPeriod.id = put.id;
-            organizationPeriod.organizationId = organization.id;
-            organizationPeriod.periodId = put.period.id;
-            organizationPeriod.settings = put.settings;
-            await organizationPeriod.save();
+            const period = await RegistrationPeriod.getByID(organizationPeriod.periodId);
 
-            for (const struct of put.groups) {
-                await PatchOrganizationRegistrationPeriodsEndpoint.createGroup(struct, organization.id, organizationPeriod.periodId)
+            if (!period) {
+                throw new SimpleError({
+                    code: "not_found",
+                    message: "Period not found",
+                    statusCode: 404
+                })
             }
-            const groups = await Group.getAll(organization.id, organizationPeriod.periodId)
-
-            // Delete unreachable categories first
-            await organizationPeriod.cleanCategories(groups);
-            await Group.deleteUnreachable(organization.id, organizationPeriod, groups)
-            periods.push(organizationPeriod);
-        }
 
-        for (const patch of request.body.getPatches()) {
-            const organizationPeriod = await OrganizationRegistrationPeriod.getByID(patch.id);
-            if (!organizationPeriod || organizationPeriod.organizationId !== organization.id) {
+            if (period.locked) {
                 throw new SimpleError({
                     code: "not_found",
                     message: "Period not found",
+                    human: 'Je kan geen wijzigingen meer aanbrengen in ' + period.getStructure().name + ' omdat deze is afgesloten',
                     statusCode: 404
                 })
             }
+
             let deleteUnreachable = false
             const allowedIds: string[] = []
 
             if (await Context.auth.hasFullAccess(organization.id)) {
                 if (patch.settings) {
+                    if(patch.settings.categories) {
+                        deleteUnreachable = true;
+                    }
                     organizationPeriod.settings.patchOrPut(patch.settings);
                 }
             } else {
@@ -174,6 +172,36 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
         })
     }
 
+    static async createOrganizationPeriod(organization: Organization, struct: OrganizationRegistrationPeriodStruct) {
+        const period = await RegistrationPeriod.getByID(struct.period.id);
+
+        if (!period || period.locked) {
+            throw new SimpleError({
+                code: "not_found",
+                message: "Period not found",
+                statusCode: 404
+            })
+        }
+
+        const organizationPeriod = new OrganizationRegistrationPeriod();
+        organizationPeriod.id = struct.id;
+        organizationPeriod.organizationId = organization.id;
+        organizationPeriod.periodId = struct.period.id;
+        organizationPeriod.settings = struct.settings;
+        await organizationPeriod.save();
+
+        for (const s of struct.groups) {
+            await PatchOrganizationRegistrationPeriodsEndpoint.createGroup(s, organization.id, organizationPeriod.periodId)
+        }
+        const groups = await Group.getAll(organization.id, organizationPeriod.periodId)
+
+        // Delete unreachable categories first
+        await organizationPeriod.cleanCategories(groups);
+        await Group.deleteUnreachable(organization.id, organizationPeriod, groups)
+
+        return organizationPeriod
+    }
+
     static async deleteGroup(id: string) {
         const model = await Group.getByID(id)
         if (!model || !await Context.auth.canAccessGroup(model, PermissionLevel.Full)) {
@@ -263,6 +291,15 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
                         })
                     }
 
+                    if (existing.periodId !== model.periodId) {
+                        throw new SimpleError({
+                            code: 'invalid_field',
+                            field: 'waitingList',
+                            message: 'Waiting list group is already used in another period',
+                            human: 'Een wachtlijst kan momenteel niet gedeeld worden tussen verschillende werkjaren'
+                        })
+                    }
+
                     model.waitingListId = existing.id
                 } else {
                     const group = await PatchOrganizationRegistrationPeriodsEndpoint.createGroup(

package/src/endpoints/organization/webshops/PlaceOrderEndpoint.ts

@@ -86,11 +86,10 @@ export class PlaceOrderEndpoint extends Endpoint<Params, Query, Body, ResponseBo
                 try {
                     limiter.track(organization.id, 1);
                 } catch (e) {
-                    Email.sendInternal({
-                        to: "hallo@stamhoofd.be",
+                    Email.sendWebmaster({
                         subject: "[Limiet] Limiet bereikt voor aantal bestellingen",
                         text: "Beste, \nDe limiet werd bereikt voor het aantal bestellingen per dag. \nVereniging: "+organization.id+" ("+organization.name+")" + "\n\n" + e.message + "\n\nStamhoofd"
-                    }, new I18n("nl", "BE"))
+                    })
                     
                     throw new SimpleError({
                         code: "too_many_emails_period",

package/src/helpers/AuthenticatedStructures.ts

@@ -262,14 +262,43 @@ export class AuthenticatedStructures {
             }
         }
 
+        const organizationStructs = await Promise.all([...organizations.values()].filter(o => o.active).map(o => this.organization(o)))
+
+        // Load missing groups
+        const allGroups = new Map<string, GroupStruct>()
+        for (const organization of organizationStructs) {
+            for (const group of organization.period.groups) {
+                allGroups.set(group.id, group)
+            }
+        }
+
         for (const blob of memberBlobs) {
-            blob.responsibilities = responsibilities.filter(r => r.memberId == blob.id).map(r => r.getStructure())
+            for (const registration of blob.registrations) {
+                if (registration.group) {
+                    allGroups.set(registration.group.id, registration.group)
+                }
+            }
+        }
+
+        const groupIds = Formatter.uniqueArray(responsibilities.map(r => r.groupId).filter(id => id !== null)).filter(id => !allGroups.has(id))
+        const groups = groupIds.length > 0 ? await Group.getByIDs(...groupIds) : []
+        const groupStructs = await this.groups(groups)
+        
+        for (const group of groupStructs) {
+            allGroups.set(group.id, group)
+        }
+
+        for (const blob of memberBlobs) {
+            blob.responsibilities = responsibilities.filter(r => r.memberId == blob.id).map(r => {
+                const group = allGroups.get(r.groupId ?? '') ?? null
+                return r.getStructure(group)
+            })
             blob.platformMemberships = platformMemberships.filter(r => r.memberId == blob.id).map(r => MemberPlatformMembershipStruct.create(r))
         }
 
         return MembersBlob.create({
             members: memberBlobs,
-            organizations: await Promise.all([...organizations.values()].filter(o => o.active).map(o => this.organization(o)))
+            organizations: organizationStructs
         })
     }
 

package/src/helpers/ForwardHandler.ts

@@ -1,4 +1,4 @@
-import { EmailAddress, EmailInterfaceRecipient } from "@stamhoofd/email";
+import { Email, EmailAddress, EmailInterfaceRecipient } from "@stamhoofd/email";
 import { Organization } from "@stamhoofd/models";
 import { Formatter } from "@stamhoofd/utility";
 import { simpleParser } from "mailparser";
@@ -26,32 +26,34 @@ export class ForwardHandler {
         }
 
         // Unsubscribe email?
-        if (email && email?.startsWith("unsubscribe+") && email.endsWith('@stamhoofd.email')) {
-            // Get id
-            const id = email.substring("unsubscribe+".length, email.indexOf('@stamhoofd.email'))
-            const model = await EmailAddress.getByID(id)
-            
-            if (model) {
-                console.log('[Unsubscribe] Received an unsubscribe request for ' + model.email + ' from ' + from)
-                if (model.unsubscribedAll) {
-                    // Ignore
-                    return;
-                }
-                model.unsubscribedAll = true
-                await model.save()
-            } else {
-                console.error('[Unsubscribe] Received an unsubscribe request for unknown ID ' + id + ' from ' + from)
+        for (const domain of Object.values(STAMHOOFD.domains.defaultBroadcastEmail ?? {})) {
+            if (email && email?.startsWith("unsubscribe+") && email.endsWith('@' + domain)) {
+                // Get id
+                const id = email.substring("unsubscribe+".length, email.indexOf('@' + domain))
+                const model = await EmailAddress.getByID(id)
+                
+                if (model) {
+                    console.log('[Unsubscribe] Received an unsubscribe request for ' + model.email + ' from ' + from)
+                    if (model.unsubscribedAll) {
+                        // Ignore
+                        return;
+                    }
+                    model.unsubscribedAll = true
+                    await model.save()
+                } else {
+                    console.error('[Unsubscribe] Received an unsubscribe request for unknown ID ' + id + ' from ' + from)
 
-                // Forward
-                return {
-                    from: "unsubscribe@stamhoofd.be",
-                    to: "hallo@stamhoofd.be",
-                    subject: "E-mail unsubscribe mislukt",
-                    text: "Beste,\n\nEr werd een unsubscribe gemeld op "+email+" die niet kon worden verwerkt. Gelieve dit na te kijken.\n\nStamhoofd"
-                }
+                    // Forward
+                    return {
+                        from: Email.getWebmasterFromEmail(),
+                        to: Email.getWebmasterToEmail(),
+                        subject: "E-mail unsubscribe mislukt",
+                        text: "Beste,\n\nEr werd een unsubscribe gemeld op "+email+" die niet kon worden verwerkt. Gelieve dit na te kijken.\n\nStamhoofd"
+                    }
 
+                }
+                return;
             }
-            return;
         }
 
         if (receipt.spamVerdict.status != "PASS" || receipt.virusVerdict.status != "PASS" || !(receipt.spfVerdict.status == "PASS" || receipt.dkimVerdict.status == "PASS")) {
@@ -60,7 +62,7 @@ export class ForwardHandler {
         }
 
         // Send a new e-mail
-        let defaultEmail: EmailInterfaceRecipient[]|string = "hallo@stamhoofd.be"
+        let defaultEmail: EmailInterfaceRecipient[]|string = Email.getWebmasterToEmail()
         let organizationEmails: EmailInterfaceRecipient[] = []
         const extraDescription = "Dit bericht werd verstuurd naar "+email+", en werd automatisch doorgestuurd naar alle beheerders. Stel in Stamhoofd de e-mailadressen in om ervoor te zorgen dat antwoorden naar een specifiek e-mailadres worden verstuurd."
         
@@ -76,7 +78,7 @@ export class ForwardHandler {
 
             // Send back to receiver without including the original message to avoid spam
             return {
-                from: email ?? "unknown@stamhoofd.be",
+                from: email ?? Email.getWebmasterToEmail(),
                 to: from,
                 subject: "Ongeldig e-mailadres",
                 text: "Beste,\n\nDe vereniging die je probeert te bereiken via "+email+" is helaas niet bereikbaar via dit e-mailadres. Dit e-mailadres wordt enkel gebruikt voor het versturen van automatische e-mails in naam van een vereniging. Probeer de vereniging te contacteren via een ander e-mailadres.\n\nBedankt."
@@ -116,7 +118,7 @@ export class ForwardHandler {
         }
 
         const options = {
-            from: email ?? "unknown@stamhoofd.be",
+            from: email ?? Email.getWebmasterToEmail(),
             to: defaultEmail,
             replyTo: parsed.from?.text,
             subject: parsed.subject ?? "Doorgestuurd bericht",
@@ -137,4 +139,4 @@ export class ForwardHandler {
 
         return options
     }
-}
+}

package/src/helpers/MemberUserSyncer.ts

@@ -116,14 +116,14 @@ export class MemberUserSyncerStatic {
             if (organizationId === null) {
                 const patch = user.permissions.convertPlatformPatch(
                     Permissions.patch({
-                        responsibilities: (responsibilitiesByOrganization.get(organizationId) ?? []).map(r => r.getStructure()) as any
+                        responsibilities: (responsibilitiesByOrganization.get(organizationId) ?? []).map(r => r.getBaseStructure()) as any
                     })
                 )
                 user.permissions = user.permissions.patch(patch)
             } else {
                 const patch = user.permissions.convertPatch(
                     Permissions.patch({
-                        responsibilities: (responsibilitiesByOrganization.get(organizationId) ?? []).map(r => r.getStructure()) as any
+                        responsibilities: (responsibilitiesByOrganization.get(organizationId) ?? []).map(r => r.getBaseStructure()) as any
                     }),
                     organizationId
                 )
@@ -164,7 +164,7 @@ export class MemberUserSyncerStatic {
         let user = member.users.find(u => u.email.toLocaleLowerCase() === email.toLocaleLowerCase()) ?? await User.getForAuthentication(member.organizationId, email, {allowWithoutAccount: true})
 
         if (user) {
-            console.log("Giving an existing user access to a member: " + user.id + ' - ' + member.id)
+            //console.log("Giving an existing user access to a member: " + user.id + ' - ' + member.id)
             if (!asParent) {
                 if (user.memberId && user.memberId !== member.id) {
                     console.error('Found conflicting user with multiple members', user.id, 'members', user.memberId, 'to', member.id)

package/src/helpers/PeriodHelper.ts

@@ -0,0 +1,166 @@
+
+import { Member, MemberResponsibilityRecord, Organization, OrganizationRegistrationPeriod, Platform, RegistrationPeriod } from "@stamhoofd/models";
+import { AuthenticatedStructures } from "./AuthenticatedStructures";
+import { PatchOrganizationRegistrationPeriodsEndpoint } from "../endpoints/organization/dashboard/registration-periods/PatchOrganizationRegistrationPeriodsEndpoint";
+import { QueueHandler } from "@stamhoofd/queues";
+import { SetupStepUpdater } from "./SetupStepsUpdater";
+import { PermissionLevel } from "@stamhoofd/structures";
+import { MemberUserSyncer } from "./MemberUserSyncer";
+import { SimpleError } from "@simonbackx/simple-errors";
+
+export class PeriodHelper {
+    static async moveOrganizationToPeriod(organization: Organization, period: RegistrationPeriod) {
+        console.log('moveOrganizationToPeriod', organization.id, period.id)
+        
+        await this.createOrganizationPeriodForPeriod(organization, period)
+        organization.periodId = period.id
+        await organization.save()
+    }
+
+    static async stopAllResponsibilities() {
+        console.log('Stopping all responsibilities')
+        const platform = await Platform.getSharedPrivateStruct()
+        const keepPlatformResponsibilityIds = platform.config.responsibilities.filter(r => !r.organizationBased).map(r => r.id)
+        const keepResponsibilityIds = platform.config.responsibilities.filter(r => !r.organizationBased || r.permissions?.level === PermissionLevel.Full).map(r => r.id)
+        const batchSize = 100;
+
+        let lastId = "";
+        let c = 0;
+
+        while (true) {
+            const records = await MemberResponsibilityRecord.where(
+                {
+                    id: { sign: ">", value: lastId },
+                    endDate: null
+                },
+                { 
+                    limit: batchSize, 
+                    sort: ["id"] 
+                }
+            );
+
+            for (const record of records) {
+                lastId = record.id;
+
+                const invalid = keepPlatformResponsibilityIds.includes(record.responsibilityId) && record.organizationId
+
+                if (!keepResponsibilityIds.includes(record.responsibilityId) || invalid) {
+                    record.endDate = new Date()
+                    await record.save()
+                    c++;
+                }
+            }
+
+            if (records.length < batchSize) {
+                break;
+            }
+
+        }
+
+        console.log('Done: stopped all responsibilities: ' + c)
+    }
+
+    static async syncAllMemberUsers() {
+        console.log('Syncing all members')
+
+        let c = 0;
+        let lastId: string = '';
+
+        while(true) {
+            const rawMembers = await Member.where({
+                id: {
+                    value: lastId,
+                    sign: '>'
+                }
+            }, {limit: 500, sort: ['id']});
+
+            if (rawMembers.length === 0) {
+                break;
+            }
+
+            const membersWithRegistrations = await Member.getBlobByIds(...rawMembers.map(m => m.id));
+
+            const promises: Promise<any>[] = [];
+
+            for (const memberWithRegistrations of membersWithRegistrations) {
+                promises.push((async () => {
+                    await MemberUserSyncer.onChangeMember(memberWithRegistrations);
+                    c++;
+
+                    if (c%10000 === 0) {
+                        console.log('Synced ' + c + ' members');
+                    }
+                })());
+            }
+
+            await Promise.all(promises);
+            lastId = rawMembers[rawMembers.length - 1].id;
+        }
+
+        console.log('Done: synced all members: ' + c)
+   }
+
+    static async createOrganizationPeriodForPeriod(organization: Organization, period: RegistrationPeriod) {
+        const oPeriods = await OrganizationRegistrationPeriod.where({ periodId: period.id, organizationId: organization.id }, {limit: 1})
+        
+        if (oPeriods.length) {
+            // Already created
+            return oPeriods[0]
+        }
+
+        const currentPeriod = await organization.getPeriod()
+        if (currentPeriod.periodId === period.id) {
+            return currentPeriod
+        }
+
+        const struct = await AuthenticatedStructures.organizationRegistrationPeriod(currentPeriod)
+
+        const duplicate = struct.duplicate(period.getStructure())
+        return await PatchOrganizationRegistrationPeriodsEndpoint.createOrganizationPeriod(organization, duplicate)
+    }
+
+    static async moveAllOrganizationsToPeriod(period: RegistrationPeriod) {
+        const tag = "moveAllOrganizationsToPeriod";
+        if (QueueHandler.isRunning(tag)) {
+            throw new SimpleError({
+                code: 'move_period_pending',
+                message: 'Er is al een jaarovergang bezig. Wacht tot deze klaar is.'
+            })
+        }
+
+        const batchSize = 10;
+        await QueueHandler.schedule(tag, async () => {
+            let lastId = "";
+
+            while (true) {
+                const organizations = await Organization.where(
+                    {
+                        id: { sign: ">", value: lastId },
+                    },
+                    { 
+                        limit: batchSize, 
+                        sort: ["id"] 
+                    }
+                );
+
+                for (const organization of organizations) {
+                    await this.moveOrganizationToPeriod(organization, period);
+                    lastId = organization.id;
+                }
+
+                if (organizations.length < batchSize) {
+                    break;
+                }
+
+            }
+
+            await this.stopAllResponsibilities()
+            await this.syncAllMemberUsers()
+        });
+
+        // When done: update setup steps
+        await SetupStepUpdater.updateSetupStepsForAllOrganizationsInCurrentPeriod()
+    }
+
+    
+}

package/src/helpers/SetupStepsUpdater.ts

@@ -1,5 +1,6 @@
 import {
     Group,
+    Member,
     MemberResponsibilityRecord,
     Organization,
     OrganizationRegistrationPeriod,
@@ -8,11 +9,13 @@ import {
 import { QueueHandler } from "@stamhoofd/queues";
 import { SQL, SQLWhereSign } from "@stamhoofd/sql";
 import {
+    GroupType,
     MemberResponsibility,
     Platform as PlatformStruct,
     SetupStepType,
     SetupSteps
 } from "@stamhoofd/structures";
+import { Formatter } from "@stamhoofd/utility";
 
 type SetupStepOperation = (setupSteps: SetupSteps, organization: Organization, platform: PlatformStruct) => void | Promise<void>;
 
@@ -148,9 +151,7 @@ export class SetupStepUpdater {
     ) {
         const setupSteps = organizationRegistrationPeriod.setupSteps;
 
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
         for (const stepType of Object.values(SetupStepType)) {
-            console.log(`[STEP TYPE] ${stepType}`);
             const operation = this.STEP_TYPE_OPERATIONS[stepType];
             await operation(setupSteps, organization, platform);
         }
@@ -244,12 +245,21 @@ export class SetupStepUpdater {
 
         const responsibilityIds = organizationBasedResponsibilitiesWithRestriction.map(r => r.id);
 
-        const records = await MemberResponsibilityRecord.select()
+        const allRecords = await MemberResponsibilityRecord.select()
             .where('responsibilityId', responsibilityIds)
             .where('organizationId', organization.id)
             .where(SQL.where('endDate', SQLWhereSign.Greater, now).or('endDate', null))
             .fetch();
 
+        // Remove invalid responsibilities: members that are not registered in the current period
+        const memberIds = Formatter.uniqueArray(allRecords.map(r => r.memberId));
+        const members = await Member.getBlobByIds(...memberIds);
+        const validMembers = members.filter(m => m.registrations.some(r => r.organizationId === organization.id && r.periodId === organization.periodId && r.group.type === GroupType.Membership && r.deactivatedAt === null && r.registeredAt !== null));
+
+        const validMembersIds = validMembers.map(m => m.id);
+
+        const records = allRecords.filter(r => validMembersIds.includes(r.memberId));
+
         let totalSteps = 0;
         let finishedSteps = 0;
 
@@ -279,11 +289,11 @@ export class SetupStepUpdater {
         for(const {responsibility, group} of flatResponsibilities) {
             const { minimumMembers: min, maximumMembers: max } = responsibility;
 
-            if (min === null && max === null) {
+            if (min === null) {
                 continue;
             }
 
-            totalSteps++;
+            totalSteps += min;
 
             const responsibilityId = responsibility.id;
             let totalRecordsWithThisResponsibility = 0;
@@ -303,14 +313,11 @@ export class SetupStepUpdater {
             }
 
             if (max !== null && totalRecordsWithThisResponsibility > max) {
+                // Not added
                 continue;
             }
 
-            if (min !== null && totalRecordsWithThisResponsibility < min) {
-                continue;
-            }
-
-            finishedSteps++;
+            finishedSteps += Math.min(min, totalRecordsWithThisResponsibility);
         }
 
         setupSteps.update(SetupStepType.Responsibilities, {