app/Http/Responses/LoginResponse.php

<?php

namespace App\Http\Responses;

use App\Models\TeamInvitation;
use App\Models\WorkspaceUser;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\DB;
use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;

class LoginResponse implements LoginResponseContract
{
    /**
     * Create an HTTP response that represents the object.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Symfony\Component\HttpFoundation\Response
     */
    public function toResponse($request)
    {
        $token = $request->input('invitation')
            ?? $request->session()->pull('pending_invitation_token');

        if ($token) {
            $invitation = TeamInvitation::where('token', $token)->first();
            $user = $request->user();

            if ($invitation && $invitation->isValid() && strtolower($invitation->email) === strtolower($user->email)) {
                $alreadyMember = WorkspaceUser::where('workspace_id', $invitation->workspace_id)
                    ->where('user_id', $user->id)
                    ->exists();

                if (! $alreadyMember) {
                    DB::transaction(function () use ($user, $invitation) {
                        $user->workspaces()->attach($invitation->workspace_id, [
                            'role' => $invitation->role,
                            'permissions' => json_encode(config("permissions.defaults.{$invitation->role}", [])),
                        ]);

                        $invitation->update(['accepted_at' => now()]);
                    });
                } else {
                    session(['current_workspace_id' => $invitation->workspace_id]);

                    return redirect()->intended('/dashboard');
                }

                session(['current_workspace_id' => $invitation->workspace_id]);

                return redirect()->intended('/dashboard');
            }
        }

        // Clean up session token if present but not used
        $request->session()->forget('pending_invitation_token');

        return $request->wantsJson()
            ? new JsonResponse('', 204)
            : redirect()->intended(config('fortify.home'));
    }
}
feat: add team invitation acceptance flow with email link routing Implement end-to-end invitation acceptance: neutral entry route validates token and routes to register (new users), login (existing users), or auto-accepts (authenticated users). Handles 2FA token survival via session, email case-insensitive matching, and dedicated error pages. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-27 15:16:45 +01:00			`<?php`

			`namespace App\Http\Responses;`

			`use App\Models\TeamInvitation;`
			`use App\Models\WorkspaceUser;`
			`use Illuminate\Http\JsonResponse;`
			`use Illuminate\Support\Facades\DB;`
			`use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;`

			`class LoginResponse implements LoginResponseContract`
			`{`
			`/**`
			`* Create an HTTP response that represents the object.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @return \Symfony\Component\HttpFoundation\Response`
			`*/`
			`public function toResponse($request)`
			`{`
			`$token = $request->input('invitation')`
			`?? $request->session()->pull('pending_invitation_token');`

			`if ($token) {`
			`$invitation = TeamInvitation::where('token', $token)->first();`
			`$user = $request->user();`

			`if ($invitation && $invitation->isValid() && strtolower($invitation->email) === strtolower($user->email)) {`
			`$alreadyMember = WorkspaceUser::where('workspace_id', $invitation->workspace_id)`
			`->where('user_id', $user->id)`
			`->exists();`

			`if (! $alreadyMember) {`
			`DB::transaction(function () use ($user, $invitation) {`
			`$user->workspaces()->attach($invitation->workspace_id, [`
			`'role' => $invitation->role,`
			`'permissions' => json_encode(config("permissions.defaults.{$invitation->role}", [])),`
			`]);`

			`$invitation->update(['accepted_at' => now()]);`
			`});`
			`} else {`
			`session(['current_workspace_id' => $invitation->workspace_id]);`

			`return redirect()->intended('/dashboard');`
			`}`

			`session(['current_workspace_id' => $invitation->workspace_id]);`

			`return redirect()->intended('/dashboard');`
			`}`
			`}`

			`// Clean up session token if present but not used`
			`$request->session()->forget('pending_invitation_token');`

			`return $request->wantsJson()`
			`? new JsonResponse('', 204)`
			`: redirect()->intended(config('fortify.home'));`
			`}`
			`}`