Let's finish the invitation system by accepting the invitation.
If I'm logged in to another tenant at the moment, I need to:
- Accept the invitation.
- Attach me to the tenant.
- Set the current tenant from the invitation.
- Redirect to the invited tenants' dashboard.
app/Http/Controllers/UserController.php:
class UserController extends Controller{ // ... public function acceptInvitation(string $token) { $invitation = Invitation::where('token', $token) ->whereNull('accepted_at') ->firstOrFail(); if (auth()->check()) { $invitation->update(['accepted_at' => now()]); auth()->user()->tenants()->attach($invitation->tenant_id); auth()->user()->update(['current_tenant_id' => $invitation->tenant_id]); $tenantDomain = str_replace('://', '://' . $invitation->tenant->subdomain . '.', config('app.url')); return redirect($tenantDomain . route('dashboard', absolute: false)); } else { // redirect to register } }}Now, if I register with a new user, this user has only its own tenant.
From another user, I send email invitations to the newly registered user.
As you can see, when the invitation is accepted, the user should be redirected to the bbb subdomain tenant and should have two tenants.
We can see that after accepting the invitation, the user is redirected to...
hi would you be able to do a video on how to handle the invitation system for using archtechx tenancy package with multiple dbs for tenants while this works fine for single db for multiple dbs i think the invitations and users should be stored in tenants db , and have a separate login via tenant.domain.com/login thanks
Hi Vasile, To be honest, I haven't tried it. Currently I don't have time available to explore this topic, but I will add it to my (already huge) topic list, and maybe in the future I will get to it.
Great video, As I remember, Laravel has "Signed URLs" feature, which helps to prevent from changing the URL,would it be better if we apply this feature to accept URL in the email?
In addition to "Signed URLs" feature, I think we can also generate a token by using Str::uuid() to make sure it is unique for each invitation email because Str::random() sometimes can generate a duplicate string for two invited different users and thus can cause the potential bug. What do you think?
Signed URLs are advised to use only for non-crucial features, like unsubscribe from email list. They are not considered secure enough, so I wouldn't probably use it for this use-case.
Newbie here, I have cloned the repo of this chapter and I try to register a new user. When I post the Register form, I get a 419 indicating csrf is missing. But in resources/views/auth/register.blade.php the @csrf is there.
Additional info: After cloning the repo, I ran
419 doesn't necessarily mean that CSRF is missing. Have you provided the correct URL in .env APP_URL? Have you made your storage folders writable for the session store?
Thanks, now I ran
I am on a Windows 10 machine APP_URL=localhost (also tried APP_URL=localhost:8000)
Still I get 419
If I try another repo, like LaravelDaily/Laravel-9-Beginners-Admin it works. I just do:
And then I set is_admin to 1 in users table. After that I can run both cruds. No 419.