QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-15 17:24:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e64529468cf7180f1ec847a876e4ec3f070d5750
InvoiceShelf/app/Http/Controllers/Company/Auth/InvitationRegistrationController.php
Darko Gjorgjijoski c1994887ef Support invitations for unregistered users 
When inviting an email without an InvoiceShelf account, the email now
links to a registration page (/register?invitation={token}) instead of
login. After registering, the invitation is auto-accepted.

Backend:
- InvitationRegistrationController: public details() and register()
  endpoints. Registration validates token + email match, creates account,
  auto-accepts invitation, returns Sanctum token.
- AuthController: login now accepts optional invitation_token param to
  auto-accept invitation for existing users clicking the email link.
- CompanyInvitationMail: conditional URL based on user existence.
- Web route for /invitations/{token}/decline (email decline link).

Frontend:
- RegisterWithInvitation.vue: fetches invitation details, shows company
  name + role, registration form with pre-filled email.
- Router: /register route added.

Tests: 3 new tests (invitation details, register + accept, email mismatch).
2026-04-03 23:26:58 +02:00

84 lines
2.4 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Controllers\Company\Auth;
use App\Http\Controllers\Controller;
use App\Models\CompanyInvitation;
use App\Models\User;
use App\Services\InvitationService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
class InvitationRegistrationController extends Controller
{
public function __construct(
private readonly InvitationService $invitationService,
) {}
/**
* Get invitation details by token (public endpoint for registration page).
*/
public function details(string $token): JsonResponse
{
$invitation = CompanyInvitation::where('token', $token)
->pending()
->with(['company', 'role'])
->first();
if (! $invitation) {
return response()->json([
'error' => 'Invitation not found or expired.',
], 404);
}
return response()->json([
'email' => $invitation->email,
'company_name' => $invitation->company->name,
'role_name' => $invitation->role->title,
]);
}
/**
* Register a new user and auto-accept the invitation.
*/
public function register(Request $request): JsonResponse
{
$request->validate([
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|min:8|confirmed',
'invitation_token' => 'required|string',
]);
$invitation = CompanyInvitation::where('token', $request->invitation_token)
->pending()
->first();
if (! $invitation) {
throw ValidationException::withMessages([
'invitation_token' => ['Invitation not found or expired.'],
]);
}
if ($invitation->email !== $request->email) {
throw ValidationException::withMessages([
'email' => ['Email does not match the invitation.'],
]);
}
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => $request->password,
]);
$this->invitationService->accept($invitation, $user);
return response()->json([
'type' => 'Bearer',
'token' => $user->createToken('web')->plainTextToken,
]);
}
}
Reference in New Issue View Git Blame Copy Permalink