Skip to main content

Accept Invitation: Existing User or Register New User

Premium
4:55

Let's finish the invitation system by accepting the invitation.

If I'm logged in to another tenant at the moment, I need to:

  1. Accept the invitation.
  2. Attach me to the tenant.
  3. Set the current tenant from the invitation.
  4. Redirect to the invited tenants' dashboard.

app/Http/Controllers/UserController.php:

class UserController extends Controller
{
    // ...
 
    public function acceptInvitation(string $token)
    {
        $invitation = Invitation::where('token', $token)
            ->whereNull('accepted_at')
            ->firstOrFail();
 
        if (auth()->check()) {
            $invitation->update(['accepted_at' => now()]); 
 
            auth()->user()->tenants()->attach($invitation->tenant_id);
 
            auth()->user()->update(['current_tenant_id' => $invitation->tenant_id]);
 
            $tenantDomain = str_replace('://', '://' . $invitation->tenant->subdomain . '.', config('app.url'));
            return redirect($tenantDomain . route('dashboard', absolute: false)); 
        } else {
            // redirect to register
        }
    }
}

Now, if I register with a new user, this user has only its own tenant.

From another user, I send email invitations to the newly registered user.

As you can see, when the invitation is accepted, the user should be redirected to the bbb subdomain tenant and should have two tenants.

We can see that after accepting the invitation, the user is redirected to...

The Full Lesson is Only for Premium Members

Want to access all of our courses? (30 h 50 min)

You also get:

55 courses
Premium tutorials
Access to repositories
Private Discord
Get Premium for $129/year or $29/month

Already a member? Login here

Comments & Discussion

VJ
Vasile Jianu ✓ Link copied!

hi would you be able to do a video on how to handle the invitation system for using archtechx tenancy package with multiple dbs for tenants while this works fine for single db for multiple dbs i think the invitations and users should be stored in tenants db , and have a separate login via tenant.domain.com/login thanks

PK
Povilas Korop ✓ Link copied!

Hi Vasile, To be honest, I haven't tried it. Currently I don't have time available to explore this topic, but I will add it to my (already huge) topic list, and maybe in the future I will get to it.

HN
Huy Nguyen ✓ Link copied!

Great video, As I remember, Laravel has "Signed URLs" feature, which helps to prevent from changing the URL,would it be better if we apply this feature to accept URL in the email?

In addition to "Signed URLs" feature, I think we can also generate a token by using Str::uuid() to make sure it is unique for each invitation email because Str::random() sometimes can generate a duplicate string for two invited different users and thus can cause the potential bug. What do you think?

PK
Povilas Korop ✓ Link copied!

Signed URLs are advised to use only for non-crucial features, like unsubscribe from email list. They are not considered secure enough, so I wouldn't probably use it for this use-case.

M
muuucho ✓ Link copied!

Newbie here, I have cloned the repo of this chapter and I try to register a new user. When I post the Register form, I get a 419 indicating csrf is missing. But in resources/views/auth/register.blade.php the @csrf is there.

Additional info: After cloning the repo, I ran

composer install
php artisan key:generate
php artisan migrate
php artisan serve
PK
Povilas Korop ✓ Link copied!

419 doesn't necessarily mean that CSRF is missing. Have you provided the correct URL in .env APP_URL? Have you made your storage folders writable for the session store?

M
muuucho ✓ Link copied!

Thanks, now I ran

  • npm install
  • npm run dev
  • chmod 755 -R nameofmyproject/ (being run from one level above the project)
  • chmod -R o+w nameofmyproject/storage (being run from one level above the project)
  • php artisan cache:clear
  • php artisan view:clear
  • php artisn config:clear
  • composer dump-autoload

I am on a Windows 10 machine APP_URL=localhost (also tried APP_URL=localhost:8000)

Still I get 419

M
muuucho ✓ Link copied!

If I try another repo, like LaravelDaily/Laravel-9-Beginners-Admin it works. I just do:

git clone LaravelDaily/Laravel-9-Beginners-Admin myproject
cd myproject
composer install
npm install
npm run dev
create .env
php artisan key:generate
set a name to the database in .env and create it in PHPMyAdmin
php artisan migrate
php artisan serve

And then I set is_admin to 1 in users table. After that I can run both cruds. No 419.

We'd Love Your Feedback

Tell us what you like or what we can improve

Feel free to share anything you like or dislike about this page or the platform in general.