QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-15 09:14:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support invitations for unregistered users

Browse Source 
When inviting an email without an InvoiceShelf account, the email now
links to a registration page (/register?invitation={token}) instead of
login. After registering, the invitation is auto-accepted.

Backend:
- InvitationRegistrationController: public details() and register()
  endpoints. Registration validates token + email match, creates account,
  auto-accepts invitation, returns Sanctum token.
- AuthController: login now accepts optional invitation_token param to
  auto-accept invitation for existing users clicking the email link.
- CompanyInvitationMail: conditional URL based on user existence.
- Web route for /invitations/{token}/decline (email decline link).

Frontend:
- RegisterWithInvitation.vue: fetches invitation details, shows company
  name + role, registration form with pre-filled email.
- Router: /register route added.

Tests: 3 new tests (invitation details, register + accept, email mismatch).
This commit is contained in:
Darko Gjorgjijoski
2026-04-03 23:26:58 +02:00
parent 6343b4a17f
commit c1994887ef
9 changed files with 425 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/Http/Controllers/Company/Auth/AuthController.php
View File

@@ -4,7 +4,9 @@ namespace App\Http\Controllers\Company\Auth;
use App\Http\Controllers\Controller;
use App\Http\Requests\LoginRequest;
use App\Models\CompanyInvitation;
use App\Models\User;
use App\Services\InvitationService;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
@@ -22,6 +24,17 @@ class AuthController extends Controller
]);
}
// Auto-accept invitation if token is provided
if ($request->has('invitation_token') && $request->invitation_token) {
$invitation = CompanyInvitation::where('token', $request->invitation_token)
->pending()
->first();
if ($invitation) {
app(InvitationService::class)->accept($invitation, $user);
}
}
return response()->json([
'type' => 'Bearer',
'token' => $user->createToken($request->device_name)->plainTextToken,

83
app/Http/Controllers/Company/Auth/InvitationRegistrationController.php Normal file
View File

@@ -0,0 +1,83 @@
<?php
namespace App\Http\Controllers\Company\Auth;
use App\Http\Controllers\Controller;
use App\Models\CompanyInvitation;
use App\Models\User;
use App\Services\InvitationService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
class InvitationRegistrationController extends Controller
{
public function __construct(
private readonly InvitationService $invitationService,
) {}
/**
* Get invitation details by token (public endpoint for registration page).
*/
public function details(string $token): JsonResponse
{
$invitation = CompanyInvitation::where('token', $token)
->pending()
->with(['company', 'role'])
->first();
if (! $invitation) {
return response()->json([
'error' => 'Invitation not found or expired.',
], 404);
}
return response()->json([
'email' => $invitation->email,
'company_name' => $invitation->company->name,
'role_name' => $invitation->role->title,
]);
}
/**
* Register a new user and auto-accept the invitation.
*/
public function register(Request $request): JsonResponse
{
$request->validate([
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|min:8|confirmed',
'invitation_token' => 'required|string',
]);
$invitation = CompanyInvitation::where('token', $request->invitation_token)
->pending()
->first();
if (! $invitation) {
throw ValidationException::withMessages([
'invitation_token' => ['Invitation not found or expired.'],
]);
}
if ($invitation->email !== $request->email) {
throw ValidationException::withMessages([
'email' => ['Email does not match the invitation.'],
]);
}
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => $request->password,
]);
$this->invitationService->accept($invitation, $user);
return response()->json([
'type' => 'Bearer',
'token' => $user->createToken('web')->plainTextToken,
]);
}
}