rephrase logged out user invite accept message to clarify that the

invite was accepted

app/Http/Controllers/Web/OrganizationInvitationController.php

@@ -9,6 +9,7 @@ use App\Models\OrganizationInvitation;
 use App\Models\User;
 use App\Service\MemberService;
 use Illuminate\Http\RedirectResponse;
+use Illuminate\Support\Facades\Auth;
 use RuntimeException;
 
 class OrganizationInvitationController extends Controller
@@ -21,44 +22,54 @@ class OrganizationInvitationController extends Controller
             throw new RuntimeException('Invalid role');
         }
 
-        $newOrganizationMember = User::query()
+        $organization = $invitation->organization;
+        $invitee = User::query()
             ->where('email', $email)
             ->where('is_placeholder', '=', false)
             ->first();
 
-        if ($newOrganizationMember === null) {
+        // No account yet — finish on registration.
+        if ($invitee === null) {
             if ($invitation->accepted_at === null) {
                 $invitation->accepted_at = now();
                 $invitation->save();
             }
 
-            return redirect(route('register', [
-                'bannerStyle' => 'info',
-                'bannerText' => __('Please create an account to finish joining the :organization organization.', [
-                    'organization' => $invitation->organization->name,
-                ]),
-            ]));
-        } else {
-            $organization = $invitation->organization;
-            if ($memberService->isEmailAlreadyMember($organization, $email)) {
-                return redirect(route('dashboard', [
-                    'bannerStyle' => 'danger',
-                    'bannerText' => __('You are already a member of the :organization organization.', [
-                        'organization' => $organization->name,
-                    ]),
-                ]));
-            }
-
-            $memberService->addMember($newOrganizationMember, $organization, $role);
-
-            $invitation->delete();
-
-            return redirect(route('dashboard', [
-                'bannerStyle' => 'success',
-                'bannerText' => __('Great! You have accepted the invitation to join the :organization organization.', [
-                    'organization' => $invitation->organization->name,
-                ]),
-            ]));
+            return redirect(route('register'))
+                ->with('bannerText', __('Please create an account to finish joining the :organization organization.', [
+                    'organization' => $organization->name,
+                ]))
+                ->with('bannerStyle', 'info');
         }
+
+        $alreadyMember = $memberService->isEmailAlreadyMember($organization, $email);
+        if (! $alreadyMember) {
+            $memberService->addMember($invitee, $organization, $role);
+            $invitation->delete();
+        }
+
+        // Logged out — banner on /login.
+        if (! Auth::check()) {
+            return redirect(route('login'))
+                ->with('bannerText', __('Great! You have accepted the invitation to join the :organization organization. Please log in to access it.', [
+                    'organization' => $organization->name,
+                ]))
+                ->with('bannerStyle', 'success');
+        }
+
+        // Logged in — banner on /dashboard.
+        if ($alreadyMember) {
+            return redirect(route('dashboard'))
+                ->with('bannerText', __('You are already a member of the :organization organization.', [
+                    'organization' => $organization->name,
+                ]))
+                ->with('bannerStyle', 'danger');
+        }
+
+        return redirect(route('dashboard'))
+            ->with('bannerText', __('Great! You have accepted the invitation to join the :organization organization.', [
+                'organization' => $organization->name,
+            ]))
+            ->with('bannerStyle', 'success');
     }
 }

app/Http/Middleware/HandleInertiaRequests.php

@@ -60,6 +60,8 @@ class HandleInertiaRequests extends Middleware
             ] : null,
             'flash' => [
                 'message' => fn () => $request->session()->get('message'),
+                'bannerText' => fn () => $request->session()->get('bannerText'),
+                'bannerStyle' => fn () => $request->session()->get('bannerStyle'),
             ],
         ]);
     }

app/Http/Middleware/ShareInertiaData.php

@@ -39,7 +39,6 @@ class ShareInertiaData
                     'canUpdatePassword' => Features::enabled(Features::updatePasswords()),
                     'canUpdateProfileInformation' => Features::canUpdateProfileInformation(),
                     'hasEmailVerification' => Features::enabled(Features::emailVerification()),
-                    'flash' => $request->session()->get('flash', []),
                     'hasAccountDeletionFeatures' => Jetstream::hasAccountDeletionFeatures(),
                     'hasApiFeatures' => Jetstream::hasApiFeatures(),
                     'hasTeamFeatures' => Jetstream::hasTeamFeatures(),

e2e/invitation-accept.spec.ts

@@ -0,0 +1,158 @@
+import { expect, test } from '../playwright/fixtures';
+import { PLAYWRIGHT_BASE_URL, TEST_USER_PASSWORD } from '../playwright/config';
+import { getInvitationAcceptUrl } from './utils/mailpit';
+import { registerUser } from './utils/members';
+
+// Invitation acceptance flows touch mail delivery + redirects.
+test.describe.configure({ timeout: 45000 });
+
+test.describe('invitation accept banners', () => {
+    test('shows success banner on dashboard when a logged-in registered user accepts an invitation', async ({
+        page,
+        browser,
+    }) => {
+        const memberId = Math.floor(Math.random() * 100000);
+        const memberEmail = `success+${memberId}@invite-banner.test`;
+
+        // Invitee already has an account and is logged in.
+        const invitee = await registerUser(browser, 'Banner Success', memberEmail);
+
+        // Owner sends the invitation.
+        await page.goto(PLAYWRIGHT_BASE_URL + '/members');
+        await page.getByRole('button', { name: 'Invite Member' }).click();
+        await expect(page.getByPlaceholder('Member Email')).toBeVisible();
+        await page.getByLabel('Email').fill(memberEmail);
+        await page.getByRole('button', { name: 'Employee' }).click();
+        await Promise.all([
+            page.waitForResponse(
+                (response) =>
+                    response.url().includes('/invitations') &&
+                    response.request().method() === 'POST' &&
+                    response.status() === 204
+            ),
+            page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
+        ]);
+
+        // Invitee clicks the email link.
+        const acceptUrl = await getInvitationAcceptUrl(invitee.page.request, memberEmail);
+        await invitee.page.goto(acceptUrl);
+        await invitee.page.waitForURL(/\/dashboard$/);
+
+        const banner = invitee.page.getByTestId('banner');
+        await expect(banner).toBeVisible();
+        await expect(banner).toContainText(
+            /Great! You have accepted the invitation to join the .* organization\./
+        );
+
+        await invitee.close();
+    });
+
+    test('shows info banner on login screen when a registered-but-logged-out invitee clicks the accept link', async ({
+        page,
+        browser,
+    }) => {
+        const memberId = Math.floor(Math.random() * 100000);
+        const memberEmail = `loggedout+${memberId}@invite-banner.test`;
+
+        // Invitee has an account, but the context that clicks the link has no session.
+        const invitee = await registerUser(browser, 'Banner Loggedout', memberEmail);
+        await invitee.close();
+
+        // Owner sends the invitation.
+        await page.goto(PLAYWRIGHT_BASE_URL + '/members');
+        await page.getByRole('button', { name: 'Invite Member' }).click();
+        await expect(page.getByPlaceholder('Member Email')).toBeVisible();
+        await page.getByLabel('Email').fill(memberEmail);
+        await page.getByRole('button', { name: 'Employee' }).click();
+        await Promise.all([
+            page.waitForResponse(
+                (response) =>
+                    response.url().includes('/invitations') &&
+                    response.request().method() === 'POST' &&
+                    response.status() === 204
+            ),
+            page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
+        ]);
+
+        // Open the accept link in a fresh browser context (no session).
+        const context = await browser.newContext();
+        const inviteePage = await context.newPage();
+        const acceptUrl = await getInvitationAcceptUrl(inviteePage.request, memberEmail);
+        await inviteePage.goto(acceptUrl);
+        await inviteePage.waitForURL(/\/login$/);
+
+        const banner = inviteePage.getByTestId('banner');
+        await expect(banner).toBeVisible();
+        await expect(banner).toContainText(
+            /Great! You have accepted the invitation to join the .* organization\. Please log in to access it\./
+        );
+
+        // Logging in lands the invitee on the dashboard — they were already added silently
+        // by the accept controller, so the inviter's members list shows them.
+        await inviteePage.getByLabel('Email').fill(memberEmail);
+        await inviteePage.getByLabel('Password', { exact: true }).fill(TEST_USER_PASSWORD);
+        await inviteePage.getByRole('button', { name: 'Log in' }).click();
+        await inviteePage.waitForURL(/\/dashboard/);
+
+        await page.goto(PLAYWRIGHT_BASE_URL + '/members');
+        const memberRow = page.getByRole('row').filter({ hasText: 'Banner Loggedout' });
+        await expect(memberRow).toBeVisible();
+        await expect(memberRow.getByText('Employee', { exact: true })).toBeVisible();
+
+        await context.close();
+    });
+
+    test('shows info banner on register screen when an unregistered email accepts an invitation, then auto-joins on registration', async ({
+        page,
+        browser,
+    }) => {
+        const memberId = Math.floor(Math.random() * 100000);
+        const memberEmail = `info+${memberId}@invite-banner.test`;
+
+        // Owner invites an email that has no account yet.
+        await page.goto(PLAYWRIGHT_BASE_URL + '/members');
+        await page.getByRole('button', { name: 'Invite Member' }).click();
+        await expect(page.getByPlaceholder('Member Email')).toBeVisible();
+        await page.getByLabel('Email').fill(memberEmail);
+        await page.getByRole('button', { name: 'Employee' }).click();
+        await Promise.all([
+            page.waitForResponse(
+                (response) =>
+                    response.url().includes('/invitations') &&
+                    response.request().method() === 'POST' &&
+                    response.status() === 204
+            ),
+            page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
+        ]);
+
+        // Open the accept link in a fresh browser context (no session).
+        const context = await browser.newContext();
+        const inviteePage = await context.newPage();
+        const acceptUrl = await getInvitationAcceptUrl(inviteePage.request, memberEmail);
+        await inviteePage.goto(acceptUrl);
+        await inviteePage.waitForURL(/\/register$/);
+
+        const banner = inviteePage.getByTestId('banner');
+        await expect(banner).toBeVisible();
+        await expect(banner).toContainText(
+            /Please create an account to finish joining the .* organization\./
+        );
+
+        // Complete registration — the invitee should auto-join the inviter's org
+        // (no fresh personal organization is created on top).
+        await inviteePage.getByLabel('Name').fill('Banner Info');
+        await inviteePage.getByLabel('Email').fill(memberEmail);
+        await inviteePage.getByLabel('Password', { exact: true }).fill(TEST_USER_PASSWORD);
+        await inviteePage.getByLabel('Confirm Password').fill(TEST_USER_PASSWORD);
+        await inviteePage.getByLabel('I agree to the Terms of').click();
+        await inviteePage.getByRole('button', { name: 'Register' }).click();
+        await inviteePage.waitForURL(/\/dashboard/);
+
+        await page.goto(PLAYWRIGHT_BASE_URL + '/members');
+        const memberRow = page.getByRole('row').filter({ hasText: 'Banner Info' });
+        await expect(memberRow).toBeVisible();
+        await expect(memberRow.getByText('Employee', { exact: true })).toBeVisible();
+
+        await context.close();
+    });
+});

e2e/utils/mailpit.ts

@@ -46,7 +46,9 @@ export async function getInvitationAcceptUrl(
     expect(searchResult.messages.length).toBeGreaterThan(0);
 
     const message = await getMessage(request, searchResult.messages[0].ID);
-    const acceptUrlMatch = message.HTML.match(/href="([^"]*team-invitations[^"]*)"/);
+    const acceptUrlMatch = message.HTML.match(
+        /href="([^"]*(?:organization-invitations|team-invitations)[^"]*)"/
+    );
     expect(acceptUrlMatch).toBeTruthy();
 
     return acceptUrlMatch![1].replace(/&/g, '&');

resources/js/Components/Banner.vue

@@ -1,36 +1,38 @@
 <script setup lang="ts">
-import { ref, watchEffect } from 'vue';
+import { ref } from 'vue';
 import { usePage } from '@inertiajs/vue3';
 
+const ALLOWED_STYLES = ['success', 'danger', 'info', 'warning'] as const;
+type BannerStyle = (typeof ALLOWED_STYLES)[number];
+
 const page = usePage<{
-    jetstream: {
-        flash: {
-            banner: string;
-            bannerStyle: string;
-        };
+    flash: {
+        bannerText?: string;
+        bannerStyle?: string;
     };
 }>();
 
-const show = ref(true);
-const style = ref('success');
-const message = ref('');
+const rawStyle = page.props.flash?.bannerStyle;
+const message = page.props.flash?.bannerText ?? '';
+const style: BannerStyle = (ALLOWED_STYLES as readonly string[]).includes(rawStyle ?? '')
+    ? (rawStyle as BannerStyle)
+    : 'success';
 
-watchEffect(async () => {
-    style.value = page.props.jetstream.flash?.bannerStyle || 'success';
-    message.value = page.props.jetstream.flash?.banner || '';
-    show.value = true;
-});
+const show = ref(true);
 </script>
 
 <template>
     <div>
-        <div v-if="show && message" class="bg-secondary border-b border-border-secondary">
+        <div
+            v-if="show && message"
+            data-testid="banner"
+            class="bg-secondary border-b border-border-secondary">
             <div class="mx-auto py-1 px-3 sm:px-6 lg:px-8">
                 <div class="flex items-center justify-between flex-wrap">
                     <div class="w-0 flex-1 flex items-center min-w-0">
                         <span class="flex">
                             <svg
-                                v-if="style == 'success'"
+                                v-if="style === 'success'"
                                 class="h-6 w-6 text-text-secondary"
                                 xmlns="http://www.w3.org/2000/svg"
                                 fill="none"
@@ -44,7 +46,7 @@ watchEffect(async () => {
                             </svg>
 
                             <svg
-                                v-if="style == 'danger'"
+                                v-if="style === 'danger'"
                                 class="h-5 w-5 text-text-primary"
                                 xmlns="http://www.w3.org/2000/svg"
                                 fill="none"
@@ -56,6 +58,20 @@ watchEffect(async () => {
                                     stroke-linejoin="round"
                                     d="M12 9v3.75m-9.303 3.376c-.866 1.5.217 3.374 1.948 3.374h14.71c1.73 0 2.813-1.874 1.948-3.374L13.949 3.378c-.866-1.5-3.032-1.5-3.898 0L2.697 16.126zM12 15.75h.007v.008H12v-.008z" />
                             </svg>
+
+                            <svg
+                                v-if="style === 'info'"
+                                class="h-6 w-6 text-text-secondary"
+                                xmlns="http://www.w3.org/2000/svg"
+                                fill="none"
+                                viewBox="0 0 24 24"
+                                stroke-width="1.5"
+                                stroke="currentColor">
+                                <path
+                                    stroke-linecap="round"
+                                    stroke-linejoin="round"
+                                    d="M11.25 11.25l.041-.02a.75.75 0 011.063.852l-.708 2.836a.75.75 0 001.063.853l.041-.021M21 12a9 9 0 11-18 0 9 9 0 0118 0zm-9-3.75h.008v.008H12V8.25z" />
+                            </svg>
                         </span>
 
                         <p class="ms-3 font-medium text-sm text-text-primary truncate">

resources/js/Pages/Auth/Login.vue

@@ -2,6 +2,7 @@
 import { Head, Link, useForm, usePage } from '@inertiajs/vue3';
 import AuthenticationCard from '@/Components/AuthenticationCard.vue';
 import AuthenticationCardLogo from '@/Components/AuthenticationCardLogo.vue';
+import Banner from '@/Components/Banner.vue';
 import { Field, FieldLabel, FieldError } from '@/packages/ui/src/field';
 import PrimaryButton from '@/packages/ui/src/Buttons/PrimaryButton.vue';
 import TextInput from '@/packages/ui/src/Input/TextInput.vue';
@@ -36,6 +37,8 @@ const page = usePage<{
 <template>
     <Head title="Log in" />
 
+    <Banner />
+
     <AuthenticationCard>
         <template #logo>
             <AuthenticationCardLogo />

resources/js/Pages/Auth/Register.vue

@@ -2,6 +2,7 @@
 import { Head, Link, useForm, usePage } from '@inertiajs/vue3';
 import AuthenticationCard from '@/Components/AuthenticationCard.vue';
 import AuthenticationCardLogo from '@/Components/AuthenticationCardLogo.vue';
+import Banner from '@/Components/Banner.vue';
 import Checkbox from '@/packages/ui/src/Input/Checkbox.vue';
 import { Field, FieldLabel, FieldError } from '@/packages/ui/src/field';
 import PrimaryButton from '@/packages/ui/src/Buttons/PrimaryButton.vue';
@@ -41,6 +42,8 @@ const page = usePage<{
 <template>
     <Head title="Register" />
 
+    <Banner />
+
     <AuthenticationCard>
         <template #logo>
             <AuthenticationCardLogo />

routes/api.php

@@ -61,7 +61,6 @@ Route::prefix('v1')->name('v1.')->group(static function (): void {
         // User routes
         Route::name('users.')->group(static function (): void {
             Route::get('/users/me', [UserController::class, 'me'])->name('me');
-            Route::put('/users/{user}', [UserController::class, 'update'])->name('update');
             Route::delete('/users/{user}', [UserController::class, 'destroy'])->name('destroy');
         });
 

tests/Unit/Endpoint/Web/OrganizationInvitationEndpointTest.php

@@ -35,10 +35,9 @@ class OrganizationInvitationEndpointTest extends EndpointTestAbstract
 
         // Assert
         $response->assertValid();
-        $response->assertRedirect(route('register', [
-            'bannerStyle' => 'info',
-            'bannerText' => 'Please create an account to finish joining the '.$user->organization->name.' organization.',
-        ]));
+        $response->assertRedirect(route('register'));
+        $response->assertSessionHas('bannerText', 'Please create an account to finish joining the '.$user->organization->name.' organization.');
+        $response->assertSessionHas('bannerStyle', 'info');
         $invitation->refresh();
         $this->assertNotNull($invitation->accepted_at);
     }
@@ -52,7 +51,7 @@ class OrganizationInvitationEndpointTest extends EndpointTestAbstract
             ->create();
 
         // Act
-        $acceptUrl = URl::to(URL::temporarySignedRoute(
+        $acceptUrl = URL::to(URL::temporarySignedRoute(
             'organization-invitations.accept',
             now()->addMinutes(60),
             [$invitation->getKey()],
@@ -62,10 +61,9 @@ class OrganizationInvitationEndpointTest extends EndpointTestAbstract
 
         // Assert
         $response->assertValid();
-        $response->assertRedirect(route('register', [
-            'bannerStyle' => 'info',
-            'bannerText' => 'Please create an account to finish joining the '.$user->organization->name.' organization.',
-        ]));
+        $response->assertRedirect(route('register'));
+        $response->assertSessionHas('bannerText', 'Please create an account to finish joining the '.$user->organization->name.' organization.');
+        $response->assertSessionHas('bannerStyle', 'info');
         $invitation->refresh();
         $this->assertNotNull($invitation->accepted_at);
     }
@@ -84,7 +82,7 @@ class OrganizationInvitationEndpointTest extends EndpointTestAbstract
         $this->actingAs($user2->user);
 
         // Act
-        $acceptUrl = URl::to(URL::temporarySignedRoute(
+        $acceptUrl = URL::to(URL::temporarySignedRoute(
             'organization-invitations.accept',
             now()->addMinutes(60),
             [$invitation->getKey()],
@@ -94,10 +92,9 @@ class OrganizationInvitationEndpointTest extends EndpointTestAbstract
 
         // Assert
         $response->assertValid();
-        $response->assertRedirect(route('dashboard', [
-            'bannerStyle' => 'success',
-            'bannerText' => 'Great! You have accepted the invitation to join the '.$user->organization->name.' organization.',
-        ]));
+        $response->assertRedirect(route('dashboard'));
+        $response->assertSessionHas('bannerText', 'Great! You have accepted the invitation to join the '.$user->organization->name.' organization.');
+        $response->assertSessionHas('bannerStyle', 'success');
         $this->assertDatabaseHas(Member::class, [
             'user_id' => $user2->user->getKey(),
             'organization_id' => $user->organization->getKey(),
@@ -108,6 +105,45 @@ class OrganizationInvitationEndpointTest extends EndpointTestAbstract
         ]);
     }
 
+    public function test_accepting_invitation_while_logged_out_redirects_to_login(): void
+    {
+        // Arrange
+        $user = $this->createUserWithPermission();
+        $invitee = User::factory()->create([
+            'email' => 'invitee@example.com',
+        ]);
+        $invitation = OrganizationInvitation::factory()
+            ->forOrganization($user->organization)
+            ->create([
+                'role' => Role::Employee->value,
+                'email' => $invitee->email,
+            ]);
+
+        // Act (no actingAs — request is unauthenticated)
+        $acceptUrl = URL::to(URL::temporarySignedRoute(
+            'organization-invitations.accept',
+            now()->addMinutes(60),
+            [$invitation->getKey()],
+            false
+        ));
+        $response = $this->get($acceptUrl);
+
+        // Assert
+        $response->assertValid();
+        $response->assertRedirect(route('login'));
+        $response->assertSessionHas('bannerText', 'Great! You have accepted the invitation to join the '.$user->organization->name.' organization. Please log in to access it.');
+        $response->assertSessionHas('bannerStyle', 'success');
+        // Member was added silently — invitation is consumed.
+        $this->assertDatabaseHas(Member::class, [
+            'user_id' => $invitee->getKey(),
+            'organization_id' => $user->organization->getKey(),
+            'role' => Role::Employee->value,
+        ]);
+        $this->assertDatabaseMissing(OrganizationInvitation::class, [
+            'id' => $invitation->getKey(),
+        ]);
+    }
+
     public function test_fails_if_user_is_already_member_of_the_organization(): void
     {
         // Arrange
@@ -123,7 +159,7 @@ class OrganizationInvitationEndpointTest extends EndpointTestAbstract
         $this->actingAs($user2->user);
 
         // Act
-        $acceptUrl = URl::to(URL::temporarySignedRoute(
+        $acceptUrl = URL::to(URL::temporarySignedRoute(
             'organization-invitations.accept',
             now()->addMinutes(60),
             [$invitation->getKey()],
@@ -133,10 +169,9 @@ class OrganizationInvitationEndpointTest extends EndpointTestAbstract
 
         // Assert
         $response->assertValid();
-        $response->assertRedirect(route('dashboard', [
-            'bannerStyle' => 'danger',
-            'bannerText' => 'You are already a member of the '.$user->organization->name.' organization.',
-        ]));
+        $response->assertRedirect(route('dashboard'));
+        $response->assertSessionHas('bannerText', 'You are already a member of the '.$user->organization->name.' organization.');
+        $response->assertSessionHas('bannerStyle', 'danger');
     }
 
     public function test_accepting_invitation_with_existing_account_migrates_data_of_placeholder_users_with_same_email_to_new_member(): void
@@ -162,7 +197,7 @@ class OrganizationInvitationEndpointTest extends EndpointTestAbstract
         $this->actingAs($user2->user);
 
         // Act
-        $acceptUrl = URl::to(URL::temporarySignedRoute(
+        $acceptUrl = URL::to(URL::temporarySignedRoute(
             'organization-invitations.accept',
             now()->addMinutes(60),
             [$invitation->getKey()],
@@ -172,10 +207,9 @@ class OrganizationInvitationEndpointTest extends EndpointTestAbstract
 
         // Assert
         $response->assertValid();
-        $response->assertRedirect(route('dashboard', [
-            'bannerStyle' => 'success',
-            'bannerText' => 'Great! You have accepted the invitation to join the '.$user->organization->name.' organization.',
-        ]));
+        $response->assertRedirect(route('dashboard'));
+        $response->assertSessionHas('bannerText', 'Great! You have accepted the invitation to join the '.$user->organization->name.' organization.');
+        $response->assertSessionHas('bannerStyle', 'success');
         $this->assertDatabaseHas(Member::class, [
             'user_id' => $user2->user->getKey(),
             'organization_id' => $user->organization->getKey(),