feat: add team invitation acceptance flow with email link routing
Implement end-to-end invitation acceptance: neutral entry route validates token and routes to register (new users), login (existing users), or auto-accepts (authenticated users). Handles 2FA token survival via session, email case-insensitive matching, and dedicated error pages. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -4,7 +4,9 @@ namespace App\Actions\Fortify;
|
||||
|
||||
use App\Concerns\PasswordValidationRules;
|
||||
use App\Concerns\ProfileValidationRules;
|
||||
use App\Models\TeamInvitation;
|
||||
use App\Models\User;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
use Laravel\Fortify\Contracts\CreatesNewUsers;
|
||||
|
||||
@@ -24,10 +26,30 @@ class CreateNewUser implements CreatesNewUsers
|
||||
'password' => $this->passwordRules(),
|
||||
])->validate();
|
||||
|
||||
return User::create([
|
||||
$user = User::create([
|
||||
'name' => $input['name'],
|
||||
'email' => $input['email'],
|
||||
'password' => $input['password'],
|
||||
]);
|
||||
|
||||
if (! empty($input['invitation'])) {
|
||||
$invitation = TeamInvitation::where('token', $input['invitation'])->first();
|
||||
|
||||
if ($invitation && $invitation->isValid() && strtolower($user->email) === strtolower($invitation->email)) {
|
||||
DB::transaction(function () use ($user, $invitation) {
|
||||
$user->workspaces()->attach($invitation->workspace_id, [
|
||||
'role' => $invitation->role,
|
||||
'permissions' => json_encode(config("permissions.defaults.{$invitation->role}", [])),
|
||||
]);
|
||||
|
||||
$invitation->update(['accepted_at' => now()]);
|
||||
});
|
||||
|
||||
session(['current_workspace_id' => $invitation->workspace_id]);
|
||||
session(['invitation_accepted' => true]);
|
||||
}
|
||||
}
|
||||
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user