Auth: convert auth views and verification email to Nova layout

tests/Feature/Auth/RegistrationTokenVerificationTest.php

@@ -0,0 +1,74 @@
+<?php
+
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\DB;
+
+uses(RefreshDatabase::class);
+
+it('verifies token and redirects to password setup', function () {
+    $user = User::factory()->create([
+        'email_verified_at' => null,
+        'onboarding_step' => 'email',
+        'is_active' => false,
+    ]);
+
+    DB::table('user_verification_tokens')->insert([
+        'user_id' => $user->id,
+        'token' => 'verify-token-1',
+        'expires_at' => now()->addHour(),
+        'created_at' => now(),
+        'updated_at' => now(),
+    ]);
+
+    $response = $this->get('/verify/verify-token-1');
+
+    $response->assertRedirect('/setup/password');
+    $this->assertAuthenticatedAs($user->fresh());
+
+    $this->assertDatabaseHas('users', [
+        'id' => $user->id,
+        'onboarding_step' => 'verified',
+        'is_active' => 1,
+    ]);
+
+    expect($user->fresh()->email_verified_at)->not->toBeNull();
+    $this->assertDatabaseMissing('user_verification_tokens', ['token' => 'verify-token-1']);
+});
+
+it('rejects expired token', function () {
+    $user = User::factory()->create([
+        'email_verified_at' => null,
+        'onboarding_step' => 'email',
+        'is_active' => false,
+    ]);
+
+    DB::table('user_verification_tokens')->insert([
+        'user_id' => $user->id,
+        'token' => 'expired-token-1',
+        'expires_at' => now()->subMinute(),
+        'created_at' => now(),
+        'updated_at' => now(),
+    ]);
+
+    $response = $this->from('/login')->get('/verify/expired-token-1');
+
+    $response->assertRedirect('/login');
+    $response->assertSessionHasErrors('email');
+    $this->assertGuest();
+
+    $this->assertDatabaseHas('users', [
+        'id' => $user->id,
+        'onboarding_step' => 'email',
+        'is_active' => 0,
+    ]);
+    expect($user->fresh()->email_verified_at)->toBeNull();
+});
+
+it('rejects unknown token', function () {
+    $response = $this->from('/login')->get('/verify/not-real-token');
+
+    $response->assertRedirect('/login');
+    $response->assertSessionHasErrors('email');
+    $this->assertGuest();
+});