fix: better invitation errors

app/Http/Controllers/Controller.php

@@ -110,13 +110,19 @@ class Controller extends BaseController
         return redirect()->route('login')->with('error', 'Invalid credentials.');
     }
 
-    public function accept_invitation()
+    public function acceptInvitation()
     {
         $resetPassword = request()->query('reset-password');
         $invitationUuid = request()->route('uuid');
+
         $invitation = TeamInvitation::whereUuid($invitationUuid)->firstOrFail();
         $user = User::whereEmail($invitation->email)->firstOrFail();
+
+        if (Auth::id() !== $user->id) {
+            abort(400, 'You are not allowed to accept this invitation.');
+        }
         $invitationValid = $invitation->isValid();
+
         if ($invitationValid) {
             if ($resetPassword) {
                 $user->update([
@@ -131,14 +137,12 @@ class Controller extends BaseController
             }
             $user->teams()->attach($invitation->team->id, ['role' => $invitation->role]);
             $invitation->delete();
-            if (Auth::id() !== $user->id) {
-                return redirect()->route('login');
-            }
+
             refreshSession($invitation->team);
 
             return redirect()->route('team.index');
         } else {
-            abort(401);
+            abort(400, 'Invitation expired.');
         }
     }
 

app/Models/TeamInvitation.php

@@ -28,8 +28,8 @@ class TeamInvitation extends Model
     public function isValid()
     {
         $createdAt = $this->created_at;
-        $diff = $createdAt->diffInMinutes(now());
-        if ($diff <= config('constants.invitation.link.expiration')) {
+        $diff = $createdAt->diffInDays(now());
+        if ($diff <= config('constants.invitation.link.expiration_days')) {
             return true;
         } else {
             $this->delete();

config/constants.php

@@ -19,7 +19,7 @@ return [
     'invitation' => [
         'link' => [
             'base_url' => '/invitations/',
-            'expiration' => 10,
+            'expiration_days' => 0,
         ],
     ],
     'services' => [

resources/views/errors/400.blade.php

@@ -0,0 +1,23 @@
+@extends('layouts.base')
+<div class="flex flex-col items-center justify-center h-full">
+    <div>
+        <p class="font-mono font-semibold text-7xl dark:text-warning">400</p>
+        <h1 class="mt-4 font-bold tracking-tight dark:text-white">Bad Request</h1>
+        @if ($exception->getMessage())
+            <p class="text-base leading-7 text-red-500">{{ $exception->getMessage() }}</p>
+        @else
+            <p class="text-base leading-7 text-neutral-300">The request could not be understood by the server due to
+                malformed syntax.
+            </p>
+        @endif
+        <div class="flex items-center mt-10 gap-x-6">
+            <a href="/">
+                <x-forms.button>Go back home</x-forms.button>
+            </a>
+            <a target="_blank" class="text-xs" href="{{ config('coolify.contact') }}">Contact
+                support
+                <x-external-link />
+            </a>
+        </div>
+    </div>
+</div>

routes/web.php

@@ -164,7 +164,7 @@ Route::middleware(['auth', 'verified'])->group(function () {
     })->name('terminal.auth');
 
     Route::prefix('invitations')->group(function () {
-        Route::get('/{uuid}', [Controller::class, 'accept_invitation'])->name('team.invitation.accept');
+        Route::get('/{uuid}', [Controller::class, 'acceptInvitation'])->name('team.invitation.accept');
         Route::get('/{uuid}/revoke', [Controller::class, 'revoke_invitation'])->name('team.invitation.revoke');
     });