add comprehensive 2 factor authentication e2e tests

add back destroy other browser sessions endpoint (jetstream migration)
update e2e test setup to use user settings api endpoint
2026-06-15 05:22:44 +01:00 · 2026-06-10 14:13:21 +02:00 · 2026-06-10 13:28:35 +02:00 · 2026-06-09 16:24:52 +02:00 · 2026-06-09 13:08:22 +02:00 · 2026-06-09 12:37:20 +02:00
283 changed files with 16808 additions and 5353 deletions
--- a/.github/workflows/build-onpremise.yml
+++ b/.github/workflows/build-onpremise.yml
@@ -91,7 +91,7 @@ jobs:
        if: steps.cache-vendor.outputs.cache-hit != 'true' # Skip if cache hit

      - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
        with:
          node-version: '20.x'

@@ -177,7 +177,7 @@ jobs:
      - build
    steps:
      - name: "Download digests"
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
        with:
          path: ${{ runner.temp }}/digests
          pattern: digests-*
--- a/.github/workflows/build-private.yml
+++ b/.github/workflows/build-private.yml
@@ -22,7 +22,7 @@ jobs:

    steps:
      - name: "Check out code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag

@@ -68,12 +68,12 @@ jobs:
        run: cat .env

      - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
        with:
          node-version: '20.x'

      - name: "Checkout billing extension"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          repository: solidtime-io/extension-billing
          path: extensions/Billing
@@ -93,7 +93,7 @@ jobs:
        run: cd extensions/Billing && npm ci

      - name: "Checkout services extension"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          repository: solidtime-io/extension-services
          path: extensions/Services
@@ -111,7 +111,7 @@ jobs:
        run: cd extensions/Services && npm ci

      - name: "Checkout invoicing extension"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          repository: solidtime-io/extension-invoicing
          path: extensions/Invoicing
--- a/.github/workflows/build-public.yml
+++ b/.github/workflows/build-public.yml
@@ -36,7 +36,7 @@ jobs:

    steps:
      - name: "Check out code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag

@@ -92,7 +92,7 @@ jobs:
        if: steps.cache-vendor.outputs.cache-hit != 'true' # Skip if cache hit

      - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
        with:
          node-version: '20.x'

@@ -169,7 +169,7 @@ jobs:
      - build
    steps:
      - name: "Download digests"
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
        with:
          path: ${{ runner.temp }}/digests
          pattern: digests-*
--- a/.github/workflows/generate-api-docs.yml
+++ b/.github/workflows/generate-api-docs.yml
@@ -29,7 +29,7 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: "Setup PHP"
        uses: shivammathur/setup-php@v2
--- a/.github/workflows/npm-build.yml
+++ b/.github/workflows/npm-build.yml
@@ -11,7 +11,7 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: "Setup PHP (for Ziggy)"
        uses: shivammathur/setup-php@v2
@@ -24,7 +24,7 @@ jobs:
        run: composer install -n --prefer-dist

      - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
        with:
          node-version: '20.x'

--- a/.github/workflows/npm-format-check.yml
+++ b/.github/workflows/npm-format-check.yml
@@ -9,10 +9,10 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
        with:
          node-version: '20.x'

--- a/.github/workflows/npm-lint.yml
+++ b/.github/workflows/npm-lint.yml
@@ -11,10 +11,10 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
        with:
          node-version: '20.x'

--- a/.github/workflows/npm-publish-api.yml
+++ b/.github/workflows/npm-publish-api.yml
@@ -11,11 +11,11 @@ jobs:
      id-token: write
    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      # Setup .npmrc file to publish to npm
      - name: Install root project dependencies
        run: npm ci
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
        with:
          node-version: '20.x'
          registry-url: 'https://registry.npmjs.org'
--- a/.github/workflows/npm-publish-ui.yml
+++ b/.github/workflows/npm-publish-ui.yml
@@ -11,9 +11,9 @@ jobs:
      id-token: write
    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
        with:
          node-version: '20.x'
          registry-url: 'https://registry.npmjs.org'
--- a/.github/workflows/npm-test-unit.yml
+++ b/.github/workflows/npm-test-unit.yml
@@ -0,0 +1,27 @@
+name: NPM Test Unit
+
+on: [push]
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      TZ: UTC
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      - name: "Use Node.js"
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+
+      - name: "Install npm dependencies"
+        run: npm ci
+
+      - name: "Run vitest"
+        run: npm run test:unit
--- a/.github/workflows/npm-typecheck.yml
+++ b/.github/workflows/npm-typecheck.yml
@@ -10,7 +10,7 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: "Setup PHP (for Ziggy)"
        uses: shivammathur/setup-php@v2
@@ -23,7 +23,7 @@ jobs:
        run: composer install -n --prefer-dist

      - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
        with:
          node-version: '20.x'

--- a/.github/workflows/phpstan.yml
+++ b/.github/workflows/phpstan.yml
@@ -9,7 +9,7 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: "Setup PHP"
        uses: shivammathur/setup-php@v2
--- a/.github/workflows/phpunit.yml
+++ b/.github/workflows/phpunit.yml
@@ -36,7 +36,7 @@ jobs:
          --health-retries 5
    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: "Setup PHP"
        uses: shivammathur/setup-php@v2
@@ -48,7 +48,7 @@ jobs:
      - name: "Run composer install"
        run: composer install -n --prefer-dist

-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
        with:
          node-version: '20.x'

@@ -68,7 +68,7 @@ jobs:
        run: php artisan test --stop-on-failure --coverage-text --coverage-clover=coverage.xml

      - name: "Upload coverage reports to Codecov"
-        uses: codecov/codecov-action@v5.4.3
+        uses: codecov/codecov-action@v5.5.1
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          slug: solidtime-io/solidtime
--- a/.github/workflows/pint.yml
+++ b/.github/workflows/pint.yml
@@ -9,9 +9,9 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: "Check code style"
-        uses: aglipanci/laravel-pint-action@2.5
+        uses: aglipanci/laravel-pint-action@2.6
        with:
          configPath: "pint.json"
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -35,10 +35,10 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: "Setup node"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
        with:
          node-version: '20.x'

--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,4 @@ yarn-error.log
 /data
 /config/caddy
 /config/composer
+/AGENTS.md
--- a/.npmrc
+++ b/.npmrc
@@ -0,0 +1 @@
+min-release-age=7
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -3,3 +3,18 @@
 ## Reporting a Vulnerability

 If you discover a security vulnerability regarding this project, please e-mail me to [security@solidtime.io](mailto:security@solidtime.io)!
+
+## Out of scope
+
+
+Reports we typically won't issue an advisory for:
+
+* Theoretical findings without a working PoC
+* Raw scanner output without manual validation
+* Missing/weak security headers in isolation (CSP, X-Frame-Options, HSTS, etc.)
+* SPF/DKIM/DMARC on non-mail-sending domains; missing DNSSEC/CAA; TLS cipher preferences
+* Self-XSS; CSRF on non-state-changing endpoints (logout, theme)
+* CSV / spreadsheet formula injection in exports — treated as a spreadsheet-application issue
+* Org owners or admins acting destructively within their own organization
+* Anything requiring direct DB, shell, or filesystem access on a self-hosted instance
+* Missing OAuth Scope enforcement (this is not implemented yet, but AI scanners flag it which is why it is included in this list until we actually support it)
--- a/app/Actions/Fortify/CreateNewUser.php
+++ b/app/Actions/Fortify/CreateNewUser.php
@@ -16,7 +16,6 @@ use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\ValidationException;
 use Korridor\LaravelModelValidationRules\Rules\UniqueEloquent;
 use Laravel\Fortify\Contracts\CreatesNewUsers;
-use Laravel\Jetstream\Jetstream;
 use Log;

 class CreateNewUser implements CreatesNewUsers
@@ -55,7 +54,7 @@ class CreateNewUser implements CreatesNewUsers
                }),
            ],
            'password' => $this->passwordRules(),
-            'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature() ? ['accepted', 'required'] : '',
+            'terms' => ['accepted', 'required'],
            'newsletter_consent' => [
                'boolean',
            ],
--- a/app/Actions/Fortify/UpdateUserProfileInformation.php
+++ b/app/Actions/Fortify/UpdateUserProfileInformation.php
@@ -4,13 +4,9 @@ declare(strict_types=1);

 namespace App\Actions\Fortify;

-use App\Enums\Weekday;
+use App\Exceptions\MovedToApiException;
 use App\Models\User;
-use Illuminate\Database\Eloquent\Builder;
-use Illuminate\Support\Facades\Validator;
-use Illuminate\Validation\Rule;
 use Illuminate\Validation\ValidationException;
-use Korridor\LaravelModelValidationRules\Rules\UniqueEloquent;
 use Laravel\Fortify\Contracts\UpdatesUserProfileInformation;

 class UpdateUserProfileInformation implements UpdatesUserProfileInformation
@@ -24,56 +20,6 @@ class UpdateUserProfileInformation implements UpdatesUserProfileInformation
     */
    public function update(User $user, array $input): void
    {
-        Validator::make($input, [
-            'name' => [
-                'required',
-                'string',
-                'max:255',
-            ],
-            'email' => [
-                'required',
-                'email',
-                'max:255',
-                UniqueEloquent::make(User::class, 'email')->ignore($user->id)->query(function (Builder $query) {
-                    /** @var Builder<User> $query */
-                    return $query->where('is_placeholder', '=', false);
-                }),
-            ],
-            'photo' => [
-                'nullable',
-                'mimes:jpg,jpeg,png',
-                'max:1024',
-            ],
-            'timezone' => [
-                'required',
-                'timezone:all',
-            ],
-            'week_start' => [
-                'required',
-                Rule::enum(Weekday::class),
-            ],
-        ])->validateWithBag('updateProfileInformation');
-
-        if (isset($input['photo'])) {
-            $user->updateProfilePhoto($input['photo']);
-        }
-
-        if ($input['email'] !== $user->email) {
-            $user->forceFill([
-                'name' => $input['name'],
-                'email' => $input['email'],
-                'email_verified_at' => null,
-                'timezone' => $input['timezone'],
-                'week_start' => $input['week_start'],
-            ])->save();
-
-            $user->sendEmailVerificationNotification();
-        } else {
-            $user->forceFill([
-                'name' => $input['name'],
-                'timezone' => $input['timezone'],
-                'week_start' => $input['week_start'],
-            ])->save();
-        }
+        throw new MovedToApiException;
    }
 }
--- a/app/Actions/Jetstream/AddOrganizationMember.php
+++ b/app/Actions/Jetstream/AddOrganizationMember.php
@@ -1,94 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Actions\Jetstream;
-
-use App\Enums\Role;
-use App\Models\Organization;
-use App\Models\User;
-use App\Service\MemberService;
-use Closure;
-use Illuminate\Contracts\Validation\ValidationRule;
-use Illuminate\Database\Eloquent\Builder;
-use Illuminate\Support\Facades\Gate;
-use Illuminate\Support\Facades\Validator;
-use Illuminate\Validation\Rule;
-use Illuminate\Validation\Rules\In;
-use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
-use Laravel\Jetstream\Contracts\AddsTeamMembers;
-
-class AddOrganizationMember implements AddsTeamMembers
-{
-    /**
-     * Add a new team member to the given team.
-     */
-    public function add(User $owner, Organization $organization, string $email, ?string $role = null): void
-    {
-        Gate::forUser($owner)->authorize('addTeamMember', $organization); // TODO: refactor after owner refactoring
-
-        $this->validate($organization, $email, $role);
-
-        $newOrganizationMember = User::query()
-            ->where('email', $email)
-            ->where('is_placeholder', '=', false)
-            ->firstOrFail();
-
-        app(MemberService::class)->addMember($newOrganizationMember, $organization, Role::from($role));
-    }
-
-    /**
-     * Validate the add member operation.
-     */
-    protected function validate(Organization $organization, string $email, ?string $role): void
-    {
-        Validator::make([
-            'email' => $email,
-            'role' => $role,
-        ], $this->rules())->after(
-            $this->ensureUserIsNotAlreadyOnTeam($organization, $email)
-        )->validateWithBag('addTeamMember');
-    }
-
-    /**
-     * Get the validation rules for adding a team member.
-     *
-     * @return array<string, array<ValidationRule|Rule|string|In>>
-     */
-    protected function rules(): array
-    {
-        return [
-            'email' => [
-                'required',
-                'email',
-                ExistsEloquent::make(User::class, 'email', function (Builder $builder) {
-                    /** @var Builder<User> $builder */
-                    return $builder->where('is_placeholder', '=', false);
-                })->withMessage(__('We were unable to find a registered user with this email address.')),
-            ],
-            'role' => [
-                'required',
-                'string',
-                Rule::in([
-                    Role::Admin->value,
-                    Role::Manager->value,
-                    Role::Employee->value,
-                ]),
-            ],
-        ];
-    }
-
-    /**
-     * Ensure that the user is not already on the team.
-     */
-    protected function ensureUserIsNotAlreadyOnTeam(Organization $team, string $email): Closure
-    {
-        return function ($validator) use ($team, $email): void {
-            $validator->errors()->addIf(
-                $team->hasRealUserWithEmail($email),
-                'email',
-                __('This user already belongs to the team.')
-            );
-        };
-    }
-}
--- a/app/Actions/Jetstream/CreateOrganization.php
+++ b/app/Actions/Jetstream/CreateOrganization.php
@@ -1,59 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Actions\Jetstream;
-
-use App\Events\AfterCreateOrganization;
-use App\Models\Organization;
-use App\Models\User;
-use App\Service\IpLookup\IpLookupServiceContract;
-use App\Service\OrganizationService;
-use Illuminate\Auth\Access\AuthorizationException;
-use Illuminate\Support\Facades\Gate;
-use Illuminate\Support\Facades\Validator;
-use Illuminate\Validation\ValidationException;
-use Laravel\Jetstream\Contracts\CreatesTeams;
-use Laravel\Jetstream\Jetstream;
-
-class CreateOrganization implements CreatesTeams
-{
-    /**
-     * Validate and create a new team for the given user.
-     *
-     * @param  array<string, string>  $input
-     *
-     * @throws AuthorizationException
-     * @throws ValidationException
-     */
-    public function create(User $user, array $input): Organization
-    {
-        Gate::forUser($user)->authorize('create', Jetstream::newTeamModel());
-
-        Validator::make($input, [
-            'name' => ['required', 'string', 'max:255'],
-        ])->validateWithBag('createTeam');
-
-        $ipLookupResponse = app(IpLookupServiceContract::class)->lookup(request()->ip());
-
-        $currency = null;
-        if ($ipLookupResponse !== null) {
-            $currency = $ipLookupResponse->currency;
-        }
-
-        $organization = app(OrganizationService::class)->createOrganization(
-            $input['name'],
-            $user,
-            false,
-            $currency
-        );
-
-        $user->switchTeam($organization);
-
-        // Note: The refresh is necessary for currently unknown reasons. Do not remove it.
-        $organization = $organization->refresh();
-        AfterCreateOrganization::dispatch($organization);
-
-        return $organization;
-    }
-}
--- a/app/Actions/Jetstream/DeleteOrganization.php
+++ b/app/Actions/Jetstream/DeleteOrganization.php
@@ -1,21 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Actions\Jetstream;
-
-use App\Models\Organization;
-use App\Service\DeletionService;
-use Laravel\Jetstream\Contracts\DeletesTeams;
-
-class DeleteOrganization implements DeletesTeams
-{
-    /**
-     * Delete the given team.
-     */
-    public function delete(Organization $organization): void
-    {
-        /** @see ValidateOrganizationDeletion */
-        app(DeletionService::class)->deleteOrganization($organization);
-    }
-}
--- a/app/Actions/Jetstream/DeleteUser.php
+++ b/app/Actions/Jetstream/DeleteUser.php
@@ -1,30 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Actions\Jetstream;
-
-use App\Exceptions\Api\ApiException;
-use App\Models\User;
-use App\Service\DeletionService;
-use Illuminate\Validation\ValidationException;
-use Laravel\Jetstream\Contracts\DeletesUsers;
-
-class DeleteUser implements DeletesUsers
-{
-    /**
-     * Delete the given user.
-     *
-     * @throws ValidationException
-     */
-    public function delete(User $user): void
-    {
-        try {
-            app(DeletionService::class)->deleteUser($user);
-        } catch (ApiException $exception) {
-            throw ValidationException::withMessages([
-                'password' => $exception->getTranslatedMessage(),
-            ]);
-        }
-    }
-}
--- a/app/Actions/Jetstream/InviteOrganizationMember.php
+++ b/app/Actions/Jetstream/InviteOrganizationMember.php
@@ -1,24 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Actions\Jetstream;
-
-use App\Exceptions\MovedToApiException;
-use App\Models\Organization;
-use App\Models\User;
-use Exception;
-use Laravel\Jetstream\Contracts\InvitesTeamMembers;
-
-class InviteOrganizationMember implements InvitesTeamMembers
-{
-    /**
-     * Invite a new team member to the given team.
-     *
-     * @throws Exception
-     */
-    public function invite(User $user, Organization $organization, string $email, ?string $role = null): void
-    {
-        throw new MovedToApiException;
-    }
-}
--- a/app/Actions/Jetstream/RemoveOrganizationMember.php
+++ b/app/Actions/Jetstream/RemoveOrganizationMember.php
@@ -1,24 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Actions\Jetstream;
-
-use App\Exceptions\MovedToApiException;
-use App\Models\Organization;
-use App\Models\User;
-use Exception;
-use Laravel\Jetstream\Contracts\RemovesTeamMembers;
-
-class RemoveOrganizationMember implements RemovesTeamMembers
-{
-    /**
-     * Remove the team member from the given team.
-     *
-     * @throws Exception
-     */
-    public function remove(User $user, Organization $organization, User $teamMember): void
-    {
-        throw new MovedToApiException;
-    }
-}
--- a/app/Actions/Jetstream/UpdateMemberRole.php
+++ b/app/Actions/Jetstream/UpdateMemberRole.php
@@ -1,25 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Actions\Jetstream;
-
-use App\Enums\Role;
-use App\Exceptions\MovedToApiException;
-use App\Models\Member;
-use App\Models\Organization;
-use App\Models\User;
-use Exception;
-
-class UpdateMemberRole
-{
-    /**
-     * Update the role for the given team member.
-     *
-     * @throws Exception
-     */
-    public function update(User $actingUser, Organization $organization, string $userId, string $role): void
-    {
-        throw new MovedToApiException;
-    }
-}
--- a/app/Actions/Jetstream/UpdateOrganization.php
+++ b/app/Actions/Jetstream/UpdateOrganization.php
@@ -1,48 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Actions\Jetstream;
-
-use App\Models\Organization;
-use App\Models\User;
-use App\Rules\CurrencyRule;
-use Illuminate\Auth\Access\AuthorizationException;
-use Illuminate\Support\Facades\Gate;
-use Illuminate\Support\Facades\Validator;
-use Illuminate\Validation\ValidationException;
-use Laravel\Jetstream\Contracts\UpdatesTeamNames;
-
-class UpdateOrganization implements UpdatesTeamNames
-{
-    /**
-     * Validate and update the given team's name.
-     *
-     * @param  array<string, string>  $input
-     *
-     * @throws AuthorizationException
-     * @throws ValidationException
-     */
-    public function update(User $user, Organization $organization, array $input): void
-    {
-        Gate::forUser($user)->authorize('update', $organization);
-
-        Validator::make($input, [
-            'name' => [
-                'required',
-                'string',
-                'max:255',
-            ],
-            'currency' => [
-                'required',
-                'string',
-                new CurrencyRule,
-            ],
-        ])->validateWithBag('updateTeamName');
-
-        $organization->forceFill([
-            'name' => $input['name'],
-            'currency' => $input['currency'],
-        ])->save();
-    }
-}
--- a/app/Actions/Jetstream/ValidateOrganizationDeletion.php
+++ b/app/Actions/Jetstream/ValidateOrganizationDeletion.php
@@ -1,28 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Actions\Jetstream;
-
-use App\Models\Organization;
-use App\Models\User;
-use App\Service\PermissionStore;
-use Illuminate\Auth\Access\AuthorizationException;
-
-class ValidateOrganizationDeletion
-{
-    /**
-     * Validate that the team can be deleted by the given user.
-     *
-     * @param  User  $user  Authenticated user
-     * @param  Organization  $organization  Organization to be deleted
-     *
-     * @throws AuthorizationException
-     */
-    public function validate(User $user, Organization $organization): void
-    {
-        if (! app(PermissionStore::class)->userHas($organization, $user, 'organizations:delete')) {
-            throw new AuthorizationException;
-        }
-    }
-}
--- a/app/Console/Commands/Admin/UserCreateCommand.php
+++ b/app/Console/Commands/Admin/UserCreateCommand.php
@@ -69,7 +69,7 @@ class UserCreateCommand extends Command
            );
        });
        /** @var Organization|null $organization */
-        $organization = $user->ownedTeams->first();
+        $organization = $user->ownedOrganizations->first();
        if ($organization === null) {
            throw new LogicException('User does not have an organization');
        }
--- a/app/Enums/Role.php
+++ b/app/Enums/Role.php
@@ -4,8 +4,12 @@ declare(strict_types=1);

 namespace App\Enums;

+use Datomatic\LaravelEnumHelper\LaravelEnumHelper;
+
 enum Role: string
 {
+    use LaravelEnumHelper;
+
    case Owner = 'owner';
    case Admin = 'admin';
    case Manager = 'manager';
--- a/app/Events/MemberAdded.php
+++ b/app/Events/MemberAdded.php
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Events;
+
+use App\Models\Member;
+use App\Models\Organization;
+use App\Models\User;
+use Illuminate\Foundation\Events\Dispatchable;
+
+class MemberAdded
+{
+    use Dispatchable;
+
+    public Member $member;
+
+    public Organization $organization;
+
+    public User $user;
+
+    public function __construct(Member $member, Organization $organization, User $user)
+    {
+        $this->member = $member;
+        $this->organization = $organization;
+        $this->user = $user;
+    }
+}
--- a/app/Events/MemberAdding.php
+++ b/app/Events/MemberAdding.php
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Events;
+
+use App\Enums\Role;
+use App\Models\Organization;
+use App\Models\User;
+use Illuminate\Foundation\Events\Dispatchable;
+
+class MemberAdding
+{
+    use Dispatchable;
+
+    public User $user;
+
+    public Organization $organization;
+
+    public Role $role;
+
+    public function __construct(User $user, Organization $organization, Role $role)
+    {
+        $this->user = $user;
+        $this->organization = $organization;
+        $this->role = $role;
+    }
+}
--- a/app/Events/OrganizationInvitationAdding.php
+++ b/app/Events/OrganizationInvitationAdding.php
@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Events;
+
+use App\Enums\Role;
+use App\Models\Organization;
+use App\Models\User;
+use Illuminate\Foundation\Events\Dispatchable;
+
+class OrganizationInvitationAdding
+{
+    use Dispatchable;
+
+    public Organization $organization;
+
+    public string $email;
+
+    public Role $role;
+
+    public User $inviter;
+
+    public function __construct(
+        Organization $organization,
+        string $email,
+        Role $role,
+        User $inviter
+    ) {
+        $this->role = $role;
+        $this->email = $email;
+        $this->organization = $organization;
+        $this->inviter = $inviter;
+    }
+}
--- a/app/Exceptions/Api/UserResendEmailVerificationNoPendingEmailApiException.php
+++ b/app/Exceptions/Api/UserResendEmailVerificationNoPendingEmailApiException.php
@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class UserResendEmailVerificationNoPendingEmailApiException extends ApiException
+{
+    public const string KEY = 'user_resend_email_verification_no_pending_email';
+}
--- a/app/Filament/Resources/FailedJobResource.php
+++ b/app/Filament/Resources/FailedJobResource.php
@@ -50,7 +50,7 @@ class FailedJobResource extends Resource
                TextInput::make('queue')->disabled(),

                // make text a little bit smaller because often a complete Stack Trace is shown:
-                TextArea::make('exception')->disabled()->columnSpan(4)->extraInputAttributes(['style' => 'font-size: 80%;']),
+                Textarea::make('exception')->disabled()->columnSpan(4)->extraInputAttributes(['style' => 'font-size: 80%;']),
                PrettyJsonField::make('payload')->disabled()->columnSpan(4),
            ])->columns(4);
    }
--- a/app/Filament/Resources/OrganizationInvitationResource.php
+++ b/app/Filament/Resources/OrganizationInvitationResource.php
@@ -39,7 +39,7 @@ class OrganizationInvitationResource extends Resource
                    ->required(),
                Select::make('role')
                    ->options(Role::class),
-                Forms\Components\Select::make('organization_id')
+                Select::make('organization_id')
                    ->label('Organization')
                    ->relationship(name: 'organization', titleAttribute: 'name')
                    ->searchable(['name'])
--- a/app/Filament/Resources/OrganizationResource.php
+++ b/app/Filament/Resources/OrganizationResource.php
@@ -55,7 +55,7 @@ class OrganizationResource extends Resource
                    ->label('Is personal?')
                    ->hiddenOn(['create'])
                    ->required(),
-                Forms\Components\Select::make('user_id')
+                Select::make('user_id')
                    ->label('Owner')
                    ->relationship(name: 'owner', titleAttribute: 'email')
                    ->searchable(['name', 'email'])
@@ -76,7 +76,7 @@ class OrganizationResource extends Resource
                Select::make('time_format')
                    ->options(TimeFormat::toSelectArray())
                    ->required(),
-                Forms\Components\Select::make('currency')
+                Select::make('currency')
                    ->label('Currency')
                    ->options(function (): array {
                        $currencies = ISOCurrencyProvider::getInstance()->getAvailableCurrencies();
@@ -114,22 +114,22 @@ class OrganizationResource extends Resource
    {
        return $table
            ->columns([
-                Tables\Columns\TextColumn::make('name')
+                TextColumn::make('name')
                    ->searchable()
                    ->sortable(),
                Tables\Columns\IconColumn::make('personal_team')
                    ->boolean()
                    ->label('Is personal?')
                    ->sortable(),
-                Tables\Columns\TextColumn::make('owner.email')
+                TextColumn::make('owner.email')
                    ->sortable(),
-                Tables\Columns\TextColumn::make('currency'),
+                TextColumn::make('currency'),
                TextColumn::make('billable_rate')
                    ->money(fn (Organization $resource) => $resource->currency, divideBy: 100),
-                Tables\Columns\TextColumn::make('created_at')
+                TextColumn::make('created_at')
                    ->dateTime()
                    ->sortable(),
-                Tables\Columns\TextColumn::make('updated_at')
+                TextColumn::make('updated_at')
                    ->dateTime()
                    ->sortable()
                    ->toggleable(isToggledHiddenByDefault: true),
@@ -223,7 +223,7 @@ class OrganizationResource extends Resource

                                return $select;
                            }),
-                        Forms\Components\Select::make('timezone')
+                        Select::make('timezone')
                            ->label('Timezone')
                            ->options(fn (): array => app(TimezoneService::class)->getSelectOptions())
                            ->searchable()
--- a/app/Filament/Resources/OrganizationResource/RelationManagers/InvitationsRelationManager.php
+++ b/app/Filament/Resources/OrganizationResource/RelationManagers/InvitationsRelationManager.php
@@ -21,7 +21,7 @@ use Illuminate\Validation\Rule;

 class InvitationsRelationManager extends RelationManager
 {
-    protected static string $relationship = 'teamInvitations';
+    protected static string $relationship = 'organizationInvitations';

    protected static ?string $title = 'Invitations';

@@ -64,7 +64,7 @@ class InvitationsRelationManager extends RelationManager
                        $ownerRecord = $this->getOwnerRecord();

                        return app(InvitationService::class)
-                            ->inviteUser($ownerRecord, $data['email'], Role::from($data['role']));
+                            ->inviteUser($ownerRecord, $data['email'], Role::from($data['role']), auth()->user());
                    }),
            ])
            ->actions([
--- a/app/Filament/Resources/OrganizationResource/RelationManagers/UsersRelationManager.php
+++ b/app/Filament/Resources/OrganizationResource/RelationManagers/UsersRelationManager.php
@@ -49,13 +49,13 @@ class UsersRelationManager extends RelationManager
        return $table
            ->recordTitleAttribute('name')
            ->columns([
-                Tables\Columns\TextColumn::make('name'),
-                Tables\Columns\TextColumn::make('role'),
+                TextColumn::make('name'),
+                TextColumn::make('role'),
                TextColumn::make('billable_rate')
                    ->money($organization->currency, divideBy: 100),
            ])
            ->headerActions([
-                Tables\Actions\AttachAction::make()
+                AttachAction::make()
                    ->recordTitle(fn (User $record): string => "{$record->name} ({$record->email})")
                    ->form(fn (AttachAction $action): array => [
                        $action->getRecordSelect(),
--- a/app/Filament/Resources/ReportResource.php
+++ b/app/Filament/Resources/ReportResource.php
@@ -63,11 +63,11 @@ class ReportResource extends Resource
                        return $record->getRawOriginal('properties');
                    })
                    ->disabled(),
-                Forms\Components\DateTimePicker::make('created_at')
+                DateTimePicker::make('created_at')
                    ->label('Created At')
                    ->hiddenOn(['create'])
                    ->disabled(),
-                Forms\Components\DateTimePicker::make('updated_at')
+                DateTimePicker::make('updated_at')
                    ->label('Updated At')
                    ->hiddenOn(['create'])
                    ->disabled(),
@@ -78,10 +78,10 @@ class ReportResource extends Resource
    {
        return $table
            ->columns([
-                Tables\Columns\TextColumn::make('name')
+                TextColumn::make('name')
                    ->searchable()
                    ->sortable(),
-                Tables\Columns\TextColumn::make('description')
+                TextColumn::make('description')
                    ->searchable()
                    ->sortable(),
                ToggleColumn::make('is_public')
@@ -90,10 +90,10 @@ class ReportResource extends Resource
                TextColumn::make('organization.name')
                    ->searchable()
                    ->sortable(),
-                Tables\Columns\TextColumn::make('created_at')
+                TextColumn::make('created_at')
                    ->dateTime()
                    ->sortable(),
-                Tables\Columns\TextColumn::make('updated_at')
+                TextColumn::make('updated_at')
                    ->dateTime()
                    ->sortable()
                    ->toggleable(isToggledHiddenByDefault: true),
--- a/app/Filament/Resources/TimeEntryResource.php
+++ b/app/Filament/Resources/TimeEntryResource.php
@@ -93,11 +93,11 @@ class TimeEntryResource extends Resource
                            ($record->end?->toDateTimeString('minute') ?? '...').')';
                    })
                    ->label('Time'),
-                Tables\Columns\TextColumn::make('organization.name')
+                TextColumn::make('organization.name')
                    ->sortable(),
-                Tables\Columns\TextColumn::make('created_at')
+                TextColumn::make('created_at')
                    ->sortable(),
-                Tables\Columns\TextColumn::make('updated_at')
+                TextColumn::make('updated_at')
                    ->sortable(),
            ])
            ->filters([
--- a/app/Filament/Resources/UserResource.php
+++ b/app/Filament/Resources/UserResource.php
@@ -12,6 +12,7 @@ use App\Filament\Resources\UserResource\RelationManagers\OwnedOrganizationsRelat
 use App\Models\User;
 use App\Service\DeletionService;
 use App\Service\TimezoneService;
+use App\Service\UserService;
 use Brick\Money\ISOCurrencyProvider;
 use Exception;
 use Filament\Forms;
@@ -47,17 +48,17 @@ class UserResource extends Resource
        return $form
            ->columns(1)
            ->schema([
-                Forms\Components\TextInput::make('id')
+                TextInput::make('id')
                    ->label('ID')
                    ->disabled()
                    ->visibleOn(['update', 'show'])
                    ->readOnly()
                    ->maxLength(255),
-                Forms\Components\TextInput::make('name')
+                TextInput::make('name')
                    ->label('Name')
                    ->required()
                    ->maxLength(255),
-                Forms\Components\TextInput::make('email')
+                TextInput::make('email')
                    ->label('Email')
                    ->required()
                    ->rules($record?->is_placeholder ? [] : [
@@ -179,7 +180,7 @@ class UserResource extends Resource
            ])
            ->actions([
                Impersonate::make()->before(function (User $record): void {
-                    if ($record->currentTeam === null) {
+                    if ($record->currentOrganization === null) {
                        $organization = $record->organizations()->where('personal_team', '=', true)->first();
                        if ($organization === null) {
                            $organization = $record->organizations()->first();
@@ -187,8 +188,7 @@ class UserResource extends Resource
                        if ($organization === null) {
                            throw new Exception('User has no organization');
                        }
-                        $record->currentTeam()->associate($organization);
-                        $record->save();
+                        app(UserService::class)->switchCurrentOrganization($record, $organization);
                    }
                }),
                Tables\Actions\EditAction::make(),
--- a/app/Filament/Resources/UserResource/RelationManagers/OwnedOrganizationsRelationManager.php
+++ b/app/Filament/Resources/UserResource/RelationManagers/OwnedOrganizationsRelationManager.php
@@ -16,7 +16,7 @@ class OwnedOrganizationsRelationManager extends RelationManager
 {
    protected static ?string $title = 'Owned Organizations';

-    protected static string $relationship = 'ownedTeams';
+    protected static string $relationship = 'ownedOrganizations';

    public function form(Form $form): Form
    {
--- a/app/Http/Controllers/Api/V1/ApiTokenController.php
+++ b/app/Http/Controllers/Api/V1/ApiTokenController.php
@@ -20,7 +20,7 @@ class ApiTokenController extends Controller
    /**
     * List all api token of the currently authenticated user
     *
-     * This endpoint is independent of organization.
+     * This endpoint is independent of the organization.
     *
     * @operationId getApiTokens
     *
--- a/app/Http/Controllers/Api/V1/InvitationController.php
+++ b/app/Http/Controllers/Api/V1/InvitationController.php
@@ -40,7 +40,7 @@ class InvitationController extends Controller
    {
        $this->checkPermission($organization, 'invitations:view');

-        $invitations = $organization->teamInvitations()
+        $invitations = $organization->organizationInvitations()
            ->orderBy('created_at', 'desc')
            ->paginate(config('app.pagination_per_page_default'));

@@ -63,7 +63,7 @@ class InvitationController extends Controller
        $email = $request->getEmail();
        $role = $request->getRole();

-        $invitationService->inviteUser($organization, $email, $role);
+        $invitationService->inviteUser($organization, $email, $role, $this->user());

        return response()->json(null, 204);
    }
--- a/app/Http/Controllers/Api/V1/MemberController.php
+++ b/app/Http/Controllers/Api/V1/MemberController.php
@@ -192,7 +192,7 @@ class MemberController extends Controller
            throw new ThisPlaceholderCanNotBeInvitedUseTheMergeToolInsteadException;
        }

-        $invitationService->inviteUser($organization, $user->email, Role::Employee);
+        $invitationService->inviteUser($organization, $user->email, Role::Employee, $this->user());

        return response()->json(null, 204);
    }
--- a/app/Http/Controllers/Api/V1/OrganizationController.php
+++ b/app/Http/Controllers/Api/V1/OrganizationController.php
@@ -5,11 +5,18 @@ declare(strict_types=1);
 namespace App\Http\Controllers\Api\V1;

 use App\Enums\Role;
+use App\Events\AfterCreateOrganization;
+use App\Http\Requests\V1\Organization\OrganizationStoreRequest;
 use App\Http\Requests\V1\Organization\OrganizationUpdateRequest;
 use App\Http\Resources\V1\Organization\OrganizationResource;
 use App\Models\Organization;
 use App\Service\BillableRateService;
+use App\Service\DeletionService;
+use App\Service\IpLookup\IpLookupServiceContract;
+use App\Service\OrganizationService;
+use App\Service\UserService;
 use Illuminate\Auth\Access\AuthorizationException;
+use Illuminate\Http\JsonResponse;

 class OrganizationController extends Controller
 {
@@ -43,6 +50,9 @@ class OrganizationController extends Controller
        if ($request->getName() !== null) {
            $organization->name = $request->getName();
        }
+        if ($request->getCurrency() !== null) {
+            $organization->currency = $request->getCurrency();
+        }
        if ($request->getEmployeesCanSeeBillableRates() !== null) {
            $organization->employees_can_see_billable_rates = $request->getEmployeesCanSeeBillableRates();
        }
@@ -80,4 +90,46 @@ class OrganizationController extends Controller

        return new OrganizationResource($organization, true);
    }
+
+    /**
+     * Create organization
+     *
+     * @operationId createOrganization
+     */
+    public function store(OrganizationStoreRequest $request, OrganizationService $organizationService): OrganizationResource
+    {
+        $user = $this->user();
+        $ipLookupResponse = app(IpLookupServiceContract::class)->lookup($request->ip());
+
+        $currency = $ipLookupResponse?->currency;
+
+        $organization = $organizationService->createOrganization(
+            $request->getName(),
+            $user,
+            false,
+            $currency
+        );
+
+        app(UserService::class)->switchCurrentOrganization($user, $organization);
+
+        AfterCreateOrganization::dispatch($organization);
+
+        return new OrganizationResource($organization, true);
+    }
+
+    /**
+     * Delete organization
+     *
+     * @operationId deleteOrganization
+     *
+     * @throws AuthorizationException
+     */
+    public function destroy(Organization $organization, DeletionService $deletionService): JsonResponse
+    {
+        $this->checkPermission($organization, 'organizations:delete');
+
+        $deletionService->deleteOrganization($organization);
+
+        return response()->json(null, 204);
+    }
 }
--- a/app/Http/Controllers/Api/V1/TimeEntryController.php
+++ b/app/Http/Controllers/Api/V1/TimeEntryController.php
@@ -59,7 +59,7 @@ use Spatie\TemporaryDirectory\TemporaryDirectory;

 class TimeEntryController extends Controller
 {
-    private function assertNoOverlap(Organization $organization, Member $member, \Illuminate\Support\Carbon $start, ?\Illuminate\Support\Carbon $end, ?TimeEntry $exclude = null): void
+    private function assertNoOverlap(Organization $organization, Member $member, Carbon $start, ?Carbon $end, ?TimeEntry $exclude = null): void
    {
        if (! $organization->prevent_overlapping_time_entries) {
            return;
--- a/app/Http/Controllers/Api/V1/TimeZoneController.php
+++ b/app/Http/Controllers/Api/V1/TimeZoneController.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Service\TimezoneService;
+use Illuminate\Http\JsonResponse;
+
+class TimeZoneController extends Controller
+{
+    /**
+     * Get all timezones
+     *
+     * @response object{key: string}[]
+     *
+     * @operationId getTimezones
+     */
+    public function index(): JsonResponse
+    {
+        $timezones = app(TimezoneService::class)->getTimezones();
+
+        $response = [];
+
+        foreach ($timezones as $timezone) {
+            $response[] = (object) [
+                'key' => $timezone,
+            ];
+        }
+
+        return response()->json($response);
+    }
+}
--- a/app/Http/Controllers/Api/V1/UserController.php
+++ b/app/Http/Controllers/Api/V1/UserController.php
@@ -4,15 +4,29 @@ declare(strict_types=1);

 namespace App\Http\Controllers\Api\V1;

+use App\Exceptions\Api\CanNotDeleteUserWhoIsOwnerOfOrganizationWithMultipleMembers;
+use App\Exceptions\Api\UserResendEmailVerificationNoPendingEmailApiException;
+use App\Http\Requests\V1\User\UserUpdateCurrentOrganizationRequest;
+use App\Http\Requests\V1\User\UserUpdateRequest;
 use App\Http\Resources\V1\User\UserResource;
+use App\Mail\VerifyUpdatedEmailMail;
+use App\Models\Organization;
+use App\Models\User;
+use App\Service\DeletionService;
+use App\Service\UserService;
+use App\Support\Base64File;
 use Illuminate\Auth\Access\AuthorizationException;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Mail;
+use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Str;

 class UserController extends Controller
 {
    /**
     * Get the current user
     *
-     * This endpoint is independent of organization.
+     * This endpoint is independent of the organization.
     *
     * @operationId getMe
     *
@@ -24,4 +38,169 @@ class UserController extends Controller

        return new UserResource($user);
    }
+
+    /**
+     * Update the current organization of the current user
+     *
+     * Switches the organization that the user is currently working in. The user
+     * must be a member of the given organization. This endpoint is independent of
+     * the organization.
+     *
+     * @operationId updateMyCurrentOrganization
+     *
+     * @throws AuthorizationException
+     */
+    public function updateMyCurrentOrganization(UserUpdateCurrentOrganizationRequest $request, UserService $userService): UserResource
+    {
+        $user = $this->user();
+
+        /** @var Organization|null $organization */
+        $organization = $user->organizations()
+            ->whereKey($request->getOrganizationId())
+            ->first();
+
+        if ($organization === null) {
+            throw new AuthorizationException;
+        }
+
+        $userService->switchCurrentOrganization($user, $organization);
+
+        return new UserResource($user->refresh());
+    }
+
+    /**
+     * Update the current user
+     *
+     * This endpoint is independent of the organization.
+     *
+     * @operationId updateUser
+     */
+    public function update(User $user, UserUpdateRequest $request): UserResource
+    {
+        if ($user->getKey() !== $this->user()->getKey()) {
+            throw new AuthorizationException;
+        }
+
+        if ($request->hasPhotoKey()) {
+            $photoDisk = (string) config('filesystems.public');
+            $previousPhotoPath = $user->profile_photo_path;
+            $newPhoto = $request->getPhoto();
+
+            if ($newPhoto === null) {
+                $user->profile_photo_path = null;
+            } else {
+                $decoded = Base64File::decode($newPhoto);
+                assert($decoded !== null);
+                $extension = Base64File::extension($decoded['mime_type']);
+                assert($extension !== null);
+
+                $photoPath = 'profile-photos/'.Str::uuid().'.'.$extension;
+                Storage::disk($photoDisk)->put($photoPath, $decoded['data'], 'public');
+                $user->profile_photo_path = $photoPath;
+            }
+
+            if ($previousPhotoPath !== null) {
+                Storage::disk($photoDisk)->delete($previousPhotoPath);
+            }
+        }
+
+        $emailToVerify = null;
+        $email = $request->getEmail();
+        if ($email !== null && $email !== Str::lower($user->email)) {
+            $emailToVerify = $email;
+            $user->pending_email = $email;
+        }
+
+        if ($request->getName() !== null) {
+            $user->name = $request->getName();
+        }
+
+        if ($request->getTimezone() !== null) {
+            $user->timezone = $request->getTimezone();
+        }
+
+        if ($request->getWeekStart() !== null) {
+            $user->week_start = $request->getWeekStart();
+        }
+
+        $user->save();
+
+        if ($emailToVerify !== null) {
+            Mail::to($emailToVerify)->send(new VerifyUpdatedEmailMail($user, $emailToVerify));
+        }
+
+        return new UserResource($user);
+    }
+
+    /**
+     * Reset the pending email for a user.
+     *
+     * This endpoint is independent of the organization.
+     *
+     * @operationId resetUserPendingEmail
+     *
+     * @throws AuthorizationException Thrown when the authenticated user does not match the user whose email is pending verification.
+     */
+    public function resetPendingEmail(User $user): JsonResponse
+    {
+        if ($user->getKey() !== $this->user()->getKey()) {
+            throw new AuthorizationException;
+        }
+
+        $user->pending_email = null;
+        $user->save();
+
+        return response()->json(null, 204);
+    }
+
+    /**
+     * Resend the pending email update verification email.
+     *
+     * This endpoint is independent of the organization.
+     *
+     * @operationId resendUserEmailVerification
+     *
+     * @throws AuthorizationException Thrown when the authenticated user does not match the user whose email is pending verification.
+     * @throws UserResendEmailVerificationNoPendingEmailApiException Thrown when the user does not have a pending email to verify.
+     */
+    public function resendEmailVerification(User $user): JsonResponse
+    {
+        if ($user->getKey() !== $this->user()->getKey()) {
+            throw new AuthorizationException;
+        }
+
+        if ($user->pending_email === null) {
+            throw new UserResendEmailVerificationNoPendingEmailApiException;
+        }
+
+        Mail::to($user->pending_email)
+            ->queue(new VerifyUpdatedEmailMail($user, $user->pending_email));
+
+        return response()->json(null, 204);
+    }
+
+    /**
+     * Handles the deletion of a user.
+     *
+     * This endpoint is independent of the organization.
+     *
+     * @operationId deleteUser
+     *
+     * @param  User  $user  The user instance to be deleted.
+     * @param  DeletionService  $deletionService  The service responsible for performing the user deletion.
+     * @return JsonResponse A JSON response with a 204 No Content status upon successful deletion.
+     *
+     * @throws AuthorizationException Thrown when the authenticated user does not match the user to be deleted.
+     * @throws CanNotDeleteUserWhoIsOwnerOfOrganizationWithMultipleMembers Thrown when the user to be deleted is the owner of an organization with multiple members.
+     */
+    public function destroy(User $user, DeletionService $deletionService): JsonResponse
+    {
+        if ($user->getKey() !== $this->user()->getKey()) {
+            throw new AuthorizationException;
+        }
+
+        $deletionService->deleteUser($user);
+
+        return response()->json(null, 204);
+    }
 }
--- a/app/Http/Controllers/Api/V1/UserMembershipController.php
+++ b/app/Http/Controllers/Api/V1/UserMembershipController.php
@@ -14,7 +14,7 @@ class UserMembershipController extends Controller
    /**
     * Get the memberships of the current user
     *
-     * This endpoint is independent of organization.
+     * This endpoint is independent of the organization.
     *
     * @operationId getMyMemberships
     *
--- a/app/Http/Controllers/Api/V1/UserTimeEntryController.php
+++ b/app/Http/Controllers/Api/V1/UserTimeEntryController.php
@@ -17,7 +17,7 @@ class UserTimeEntryController extends Controller
    /**
     * Get the active time entry of the current user
     *
-     * This endpoint is independent of organization.
+     * This endpoint is independent of the organization.
     *
     * @operationId getMyActiveTimeEntry
     */
--- a/app/Http/Controllers/Controller.php
+++ b/app/Http/Controllers/Controller.php
@@ -59,7 +59,7 @@ class Controller extends BaseController
    protected function currentOrganization(): Organization
    {
        $user = $this->user();
-        $organization = $user->currentTeam;
+        $organization = $user->currentOrganization;
        if ($organization === null) {
            $organization = $user->organizations()->first();
        }
--- a/app/Http/Controllers/Web/Controller.php
+++ b/app/Http/Controllers/Web/Controller.php
@@ -4,4 +4,21 @@ declare(strict_types=1);

 namespace App\Http\Controllers\Web;

-abstract class Controller extends \App\Http\Controllers\Controller {}
+use App\Models\Organization;
+use App\Service\PermissionStore;
+use Illuminate\Auth\Access\AuthorizationException;
+
+abstract class Controller extends \App\Http\Controllers\Controller
+{
+    public function __construct(
+        protected PermissionStore $permissionStore,
+    ) {}
+
+    /**
+     * @throws AuthorizationException
+     */
+    protected function hasPermission(Organization $organization, string $permission): bool
+    {
+        return $this->permissionStore->has($organization, $permission);
+    }
+}
--- a/app/Http/Controllers/Web/DashboardController.php
+++ b/app/Http/Controllers/Web/DashboardController.php
@@ -4,30 +4,13 @@ declare(strict_types=1);

 namespace App\Http\Controllers\Web;

-use App\Enums\Role;
-use App\Service\DashboardService;
-use App\Service\PermissionStore;
-use Illuminate\Auth\Access\AuthorizationException;
 use Inertia\Inertia;
 use Inertia\Response;

 class DashboardController extends Controller
 {
-    /**
-     * @throws AuthorizationException
-     */
-    public function dashboard(DashboardService $dashboardService, PermissionStore $permissionStore): Response
+    public function dashboard(): Response
    {
-        $user = $this->user();
-        $organization = $this->currentOrganization();
-
-        $latestTeamActivity = null;
-        if ($permissionStore->has($organization, 'time-entries:view:all')) {
-            $latestTeamActivity = $dashboardService->latestTeamActivity($organization);
-        }
-
-        $showBillableRate = $this->member($organization)->role !== Role::Employee->value || $organization->employees_can_see_billable_rates;
-
        return Inertia::render('Dashboard');
    }
 }
--- a/app/Http/Controllers/Web/OrganizationController.php
+++ b/app/Http/Controllers/Web/OrganizationController.php
@@ -0,0 +1,63 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Web;
+
+use App\Models\Organization;
+use Brick\Money\Currency;
+use Brick\Money\ISOCurrencyProvider;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Str;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class OrganizationController extends Controller
+{
+    /**
+     * Show the team creation screen.
+     */
+    public function create(Request $request): Response
+    {
+        return Inertia::render('Teams/Create');
+    }
+
+    /**
+     * Show the organizatio details screen.
+     *
+     * @param  string  $organizationId  The organization ID
+     */
+    public function show(string $organizationId): Response|RedirectResponse
+    {
+        $organization = Str::isUuid($organizationId) ? Organization::find($organizationId) : null;
+        if ($organization === null) {
+            return redirect()->route('dashboard');
+        }
+        if (! $this->hasPermission($organization, 'organizations:view')) {
+            return redirect()->route('dashboard');
+        }
+
+        $owner = $organization->owner;
+
+        return Inertia::render('Teams/Show', [
+            'team' => [
+                'id' => $organization->getKey(),
+                'name' => $organization->name,
+                'currency' => $organization->currency,
+                'owner' => [
+                    'id' => $owner->getKey(),
+                    'name' => $owner->name,
+                    'profile_photo_url' => $owner->profile_photo_url,
+                ],
+            ],
+            'currencies' => array_map(function (Currency $currency): string {
+                return $currency->getName();
+            }, ISOCurrencyProvider::getInstance()->getAvailableCurrencies()),
+            'permissions' => [
+                'canDeleteTeam' => $this->hasPermission($organization, 'organizations:delete'),
+                'canUpdateTeam' => $this->hasPermission($organization, 'organizations:update'),
+            ],
+        ]);
+    }
+}
--- a/app/Http/Controllers/Web/OrganizationInvitationController.php
+++ b/app/Http/Controllers/Web/OrganizationInvitationController.php
@@ -0,0 +1,75 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Web;
+
+use App\Enums\Role;
+use App\Models\OrganizationInvitation;
+use App\Models\User;
+use App\Service\MemberService;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Support\Facades\Auth;
+use RuntimeException;
+
+class OrganizationInvitationController extends Controller
+{
+    public function accept(OrganizationInvitation $invitation, MemberService $memberService): RedirectResponse
+    {
+        $email = strtolower($invitation->email);
+        $role = Role::tryFrom($invitation->role);
+        if ($role === null || $role === Role::Owner || $role === Role::Placeholder) {
+            throw new RuntimeException('Invalid role');
+        }
+
+        $organization = $invitation->organization;
+        $invitee = User::query()
+            ->where('email', $email)
+            ->where('is_placeholder', '=', false)
+            ->first();
+
+        // No account yet — finish on registration.
+        if ($invitee === null) {
+            if ($invitation->accepted_at === null) {
+                $invitation->accepted_at = now();
+                $invitation->save();
+            }
+
+            return redirect(route('register'))
+                ->with('bannerText', __('Please create an account to finish joining the :organization organization.', [
+                    'organization' => $organization->name,
+                ]))
+                ->with('bannerStyle', 'info');
+        }
+
+        $alreadyMember = $memberService->isEmailAlreadyMember($organization, $email);
+        if (! $alreadyMember) {
+            $memberService->addMember($invitee, $organization, $role);
+            $invitation->delete();
+        }
+
+        // Logged out — banner on /login.
+        if (! Auth::check()) {
+            return redirect(route('login'))
+                ->with('bannerText', __('Great! You have accepted the invitation to join the :organization organization. Please log in to access it.', [
+                    'organization' => $organization->name,
+                ]))
+                ->with('bannerStyle', 'success');
+        }
+
+        // Logged in — banner on /dashboard.
+        if ($alreadyMember) {
+            return redirect(route('dashboard'))
+                ->with('bannerText', __('You are already a member of the :organization organization.', [
+                    'organization' => $organization->name,
+                ]))
+                ->with('bannerStyle', 'danger');
+        }
+
+        return redirect(route('dashboard'))
+            ->with('bannerText', __('Great! You have accepted the invitation to join the :organization organization.', [
+                'organization' => $organization->name,
+            ]))
+            ->with('bannerStyle', 'success');
+    }
+}
--- a/app/Http/Controllers/Web/OtherBrowserSessionsController.php
+++ b/app/Http/Controllers/Web/OtherBrowserSessionsController.php
@@ -0,0 +1,54 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Web;
+
+use Illuminate\Contracts\Auth\StatefulGuard;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Routing\Controller;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Validation\ValidationException;
+use Laravel\Fortify\Actions\ConfirmPassword;
+
+class OtherBrowserSessionsController extends Controller
+{
+    /**
+     * Log the user out of their other browser sessions across all devices.
+     */
+    public function destroy(Request $request, StatefulGuard $guard): RedirectResponse
+    {
+        $password = (string) $request->string('password');
+
+        $confirmed = app(ConfirmPassword::class)($guard, $request->user(), $password);
+
+        if (! $confirmed) {
+            throw ValidationException::withMessages([
+                'password' => __('The password is incorrect.'),
+            ]);
+        }
+
+        $guard->logoutOtherDevices($password);
+
+        $this->deleteOtherSessionRecords($request);
+
+        return back(303);
+    }
+
+    /**
+     * Delete the other browser session records from storage.
+     */
+    protected function deleteOtherSessionRecords(Request $request): void
+    {
+        if (config('session.driver') !== 'database') {
+            return;
+        }
+
+        DB::connection(config('session.connection'))
+            ->table(config('session.table', 'sessions'))
+            ->where('user_id', $request->user()->getAuthIdentifier())
+            ->where('id', '!=', $request->session()->getId())
+            ->delete();
+    }
+}
--- a/app/Http/Controllers/Web/UserController.php
+++ b/app/Http/Controllers/Web/UserController.php
@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Web;
+
+use App\Models\User;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Carbon;
+use Illuminate\Support\Str;
+
+class UserController extends Controller
+{
+    public function verifyEmailChange(Request $request, User $user): RedirectResponse
+    {
+        if ($request->user()?->getAuthIdentifier() !== $user->getKey()) {
+            abort(403);
+        }
+
+        $email = $request->query('email');
+        if (! is_string($email)) {
+            abort(403);
+        }
+
+        $email = Str::lower($email);
+
+        if ($user->pending_email !== $email) {
+            abort(403);
+        }
+
+        $emailAlreadyInUse = User::query()
+            ->where('email', '=', $email)
+            ->where('is_placeholder', '=', false)
+            ->whereKeyNot($user->getKey())
+            ->exists();
+
+        if ($emailAlreadyInUse) {
+            return redirect(route('dashboard'))
+                ->with('bannerStyle', 'danger')
+                ->with('bannerText', __('The email address is already in use.'));
+        }
+
+        $user->email = $email;
+        $user->pending_email = null;
+        $user->email_verified_at = Carbon::now();
+        $user->save();
+
+        return redirect(route('dashboard'))
+            ->with('bannerStyle', 'success')
+            ->with('bannerText', __('Your email address has been updated successfully.'));
+    }
+}
--- a/app/Http/Controllers/Web/UserProfileController.php
+++ b/app/Http/Controllers/Web/UserProfileController.php
@@ -0,0 +1,142 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Web;
+
+use App\Enums\Weekday;
+use App\Service\Dto\UserAgentDto;
+use App\Service\TimezoneService;
+use Illuminate\Http\Request;
+use Illuminate\Routing\Controller;
+use Illuminate\Support\Carbon;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\DB;
+use Inertia\Inertia;
+use Inertia\Response;
+use Laravel\Fortify\Actions\DisableTwoFactorAuthentication;
+use Laravel\Fortify\Features;
+
+class UserProfileController extends Controller
+{
+    /**
+     * Validate the two-factor authentication state for the request.
+     */
+    protected function validateTwoFactorAuthenticationState(Request $request): void
+    {
+        if (! Features::optionEnabled(Features::twoFactorAuthentication(), 'confirm')) {
+            return;
+        }
+
+        $currentTime = time();
+
+        // Notate totally disabled state in session...
+        if ($this->twoFactorAuthenticationDisabled($request)) {
+            $request->session()->put('two_factor_empty_at', $currentTime);
+        }
+
+        // If was previously totally disabled this session but is now confirming, notate time...
+        if ($this->hasJustBegunConfirmingTwoFactorAuthentication($request)) {
+            $request->session()->put('two_factor_confirming_at', $currentTime);
+        }
+
+        // If the profile is reloaded and is not confirmed but was previously in confirming state, disable...
+        if ($this->neverFinishedConfirmingTwoFactorAuthentication($request, $currentTime)) {
+            app(DisableTwoFactorAuthentication::class)(Auth::user());
+
+            $request->session()->put('two_factor_empty_at', $currentTime);
+            $request->session()->remove('two_factor_confirming_at');
+        }
+    }
+
+    /**
+     * Determine if two-factor authentication is totally disabled.
+     *
+     * @return bool
+     */
+    protected function twoFactorAuthenticationDisabled(Request $request)
+    {
+        return is_null($request->user()->two_factor_secret) &&
+            is_null($request->user()->two_factor_confirmed_at);
+    }
+
+    /**
+     * Determine if two-factor authentication is just now being confirmed within the last request cycle.
+     *
+     * @return bool
+     */
+    protected function hasJustBegunConfirmingTwoFactorAuthentication(Request $request)
+    {
+        return ! is_null($request->user()->two_factor_secret) &&
+            is_null($request->user()->two_factor_confirmed_at) &&
+            $request->session()->has('two_factor_empty_at') &&
+            is_null($request->session()->get('two_factor_confirming_at'));
+    }
+
+    /**
+     * Determine if two-factor authentication was never totally confirmed once confirmation started.
+     *
+     * @return bool
+     */
+    protected function neverFinishedConfirmingTwoFactorAuthentication(Request $request, int $currentTime)
+    {
+        return ! array_key_exists('code', $request->session()->getOldInput()) &&
+            is_null($request->user()->two_factor_confirmed_at) &&
+            $request->session()->get('two_factor_confirming_at', 0) !== $currentTime;
+    }
+
+    /**
+     * Show the general profile settings screen.
+     */
+    public function show(Request $request): Response
+    {
+        $this->validateTwoFactorAuthenticationState($request);
+
+        return Inertia::render('Profile/Show', [
+            'timezones' => app(TimezoneService::class)->getSelectOptions(),
+            'weekdays' => Weekday::toSelectArray(),
+            'confirmsTwoFactorAuthentication' => Features::optionEnabled(Features::twoFactorAuthentication(), 'confirm'),
+            'sessions' => $this->sessions($request),
+        ]);
+    }
+
+    /**
+     * Get the current sessions.
+     *
+     * @return array<int, object{agent: array{is_desktop: bool, platform: string|null, browser: string|null}, ip_address: string, is_current_device: bool, last_active: string}&\stdClass>
+     */
+    public function sessions(Request $request): array
+    {
+        if (config('session.driver') !== 'database') {
+            return [];
+        }
+
+        return collect(
+            DB::connection(config('session.connection'))->table(config('session.table', 'sessions'))
+                ->where('user_id', $request->user()->getAuthIdentifier())
+                ->orderBy('last_activity', 'desc')
+                ->get()
+        )->map(function (object $session) use ($request): object {
+            $agent = $this->createAgent(is_string($session->user_agent) ? $session->user_agent : '');
+
+            return (object) [
+                'agent' => [
+                    'is_desktop' => $agent->isDesktop(),
+                    'platform' => $agent->platform(),
+                    'browser' => $agent->browser(),
+                ],
+                'ip_address' => is_string($session->ip_address) ? $session->ip_address : '',
+                'is_current_device' => $session->id === $request->session()->getId(),
+                'last_active' => Carbon::createFromTimestamp($session->last_activity)->diffForHumans(),
+            ];
+        })->all();
+    }
+
+    /**
+     * Create a new agent instance from the given session.
+     */
+    protected function createAgent(string $userAgent): UserAgentDto
+    {
+        return tap(new UserAgentDto, fn ($agent) => $agent->setUserAgent($userAgent));
+    }
+}
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -4,9 +4,37 @@ declare(strict_types=1);

 namespace App\Http;

+use App\Http\Middleware\Authenticate;
 use App\Http\Middleware\CheckOrganizationBlocked;
+use App\Http\Middleware\EncryptCookies;
+use App\Http\Middleware\EnsureEmailIsVerified;
+use App\Http\Middleware\ForceHttps;
 use App\Http\Middleware\ForceJsonResponse;
+use App\Http\Middleware\HandleInertiaRequests;
+use App\Http\Middleware\PreventRequestsDuringMaintenance;
+use App\Http\Middleware\RedirectIfAuthenticated;
+use App\Http\Middleware\ShareInertiaData;
+use App\Http\Middleware\TrimStrings;
+use App\Http\Middleware\TrustProxies;
+use App\Http\Middleware\ValidateSignature;
+use App\Http\Middleware\VerifyCsrfToken;
+use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
+use Illuminate\Auth\Middleware\Authorize;
+use Illuminate\Auth\Middleware\RequirePassword;
+use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
+use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
+use Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests;
+use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
+use Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets;
+use Illuminate\Http\Middleware\HandleCors;
+use Illuminate\Http\Middleware\SetCacheHeaders;
+use Illuminate\Routing\Middleware\SubstituteBindings;
+use Illuminate\Routing\Middleware\ThrottleRequests;
+use Illuminate\Session\Middleware\AuthenticateSession;
+use Illuminate\Session\Middleware\StartSession;
+use Illuminate\View\Middleware\ShareErrorsFromSession;
+use Laravel\Passport\Http\Middleware\CreateFreshApiToken;

 class Kernel extends HttpKernel
 {
@@ -18,13 +46,13 @@ class Kernel extends HttpKernel
     * @var array<int, class-string|string>
     */
    protected $middleware = [
-        \App\Http\Middleware\ForceHttps::class,
-        \App\Http\Middleware\TrustProxies::class,
-        \Illuminate\Http\Middleware\HandleCors::class,
-        \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
-        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
-        \App\Http\Middleware\TrimStrings::class,
-        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
+        ForceHttps::class,
+        TrustProxies::class,
+        HandleCors::class,
+        PreventRequestsDuringMaintenance::class,
+        ValidatePostSize::class,
+        TrimStrings::class,
+        ConvertEmptyStringsToNull::class,
    ];

    /**
@@ -34,21 +62,21 @@ class Kernel extends HttpKernel
     */
    protected $middlewareGroups = [
        'web' => [
-            \App\Http\Middleware\EncryptCookies::class,
-            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
-            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \App\Http\Middleware\VerifyCsrfToken::class,
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
-            \App\Http\Middleware\HandleInertiaRequests::class,
-            \App\Http\Middleware\ShareInertiaData::class,
-            \Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets::class,
-            \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
+            EncryptCookies::class,
+            AddQueuedCookiesToResponse::class,
+            StartSession::class,
+            ShareErrorsFromSession::class,
+            VerifyCsrfToken::class,
+            SubstituteBindings::class,
+            HandleInertiaRequests::class,
+            ShareInertiaData::class,
+            AddLinkHeadersForPreloadedAssets::class,
+            CreateFreshApiToken::class,
        ],

        'api' => [
-            \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+            ThrottleRequests::class.':api',
+            SubstituteBindings::class,
            ForceJsonResponse::class,
        ],

@@ -64,17 +92,17 @@ class Kernel extends HttpKernel
     * @var array<string, class-string|string>
     */
    protected $middlewareAliases = [
-        'auth' => \App\Http\Middleware\Authenticate::class,
-        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
-        'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
-        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
-        'can' => \Illuminate\Auth\Middleware\Authorize::class,
-        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
-        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
-        'precognitive' => \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class,
-        'signed' => \App\Http\Middleware\ValidateSignature::class,
-        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
-        'verified' => \App\Http\Middleware\EnsureEmailIsVerified::class,
+        'auth' => Authenticate::class,
+        'auth.basic' => AuthenticateWithBasicAuth::class,
+        'auth.session' => AuthenticateSession::class,
+        'cache.headers' => SetCacheHeaders::class,
+        'can' => Authorize::class,
+        'guest' => RedirectIfAuthenticated::class,
+        'password.confirm' => RequirePassword::class,
+        'precognitive' => HandlePrecognitiveRequests::class,
+        'signed' => ValidateSignature::class,
+        'throttle' => ThrottleRequests::class,
+        'verified' => EnsureEmailIsVerified::class,
        'check-organization-blocked' => CheckOrganizationBlocked::class,
    ];
 }
--- a/app/Http/Middleware/ForceHttps.php
+++ b/app/Http/Middleware/ForceHttps.php
@@ -14,7 +14,7 @@ class ForceHttps
    /**
     * Handle an incoming request.
     *
-     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     * @param  Closure(Request): (Response)  $next
     */
    public function handle(Request $request, Closure $next, string ...$guards): Response
    {
--- a/app/Http/Middleware/ForceJsonResponse.php
+++ b/app/Http/Middleware/ForceJsonResponse.php
@@ -13,7 +13,7 @@ class ForceJsonResponse
    /**
     * Handle an incoming request.
     *
-     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     * @param  Closure(Request): (Response)  $next
     */
    public function handle(Request $request, Closure $next, string ...$guards): Response
    {
--- a/app/Http/Middleware/HandleInertiaRequests.php
+++ b/app/Http/Middleware/HandleInertiaRequests.php
@@ -46,7 +46,7 @@ class HandleInertiaRequests extends Middleware
        /** @var BillingContract $billing */
        $billing = app(BillingContract::class);

-        $currentOrganization = $request->user()?->currentTeam;
+        $currentOrganization = $request->user()?->currentOrganization;

        return array_merge(parent::share($request), [
            'has_billing_extension' => $hasBilling,
@@ -60,6 +60,8 @@ class HandleInertiaRequests extends Middleware
            ] : null,
            'flash' => [
                'message' => fn () => $request->session()->get('message'),
+                'bannerText' => fn () => $request->session()->get('bannerText'),
+                'bannerStyle' => fn () => $request->session()->get('bannerStyle'),
            ],
        ]);
    }
--- a/app/Http/Middleware/RedirectIfAuthenticated.php
+++ b/app/Http/Middleware/RedirectIfAuthenticated.php
@@ -15,7 +15,7 @@ class RedirectIfAuthenticated
    /**
     * Handle an incoming request.
     *
-     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     * @param  Closure(Request): (Response)  $next
     */
    public function handle(Request $request, Closure $next, string ...$guards): Response
    {
--- a/app/Http/Middleware/ShareInertiaData.php
+++ b/app/Http/Middleware/ShareInertiaData.php
@@ -9,12 +9,10 @@ use App\Models\User;
 use App\Service\PermissionStore;
 use Closure;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\Session;
 use Illuminate\Support\MessageBag;
 use Inertia\Inertia;
 use Laravel\Fortify\Features;
-use Laravel\Jetstream\Jetstream;
 use Symfony\Component\HttpFoundation\Response;

 class ShareInertiaData
@@ -27,28 +25,8 @@ class ShareInertiaData
        /** @var PermissionStore $permissions */
        $permissions = app(PermissionStore::class);
        Inertia::share([
-            'jetstream' => function () use ($request) {
-                /** @var User|null $user */
-                $user = $request->user();
-
-                return [
-                    'canCreateTeams' => $user !== null &&
-                        Jetstream::userHasTeamFeatures($user) &&
-                        Gate::forUser($user)->check('create', Jetstream::newTeamModel()),
-                    'canManageTwoFactorAuthentication' => Features::canManageTwoFactorAuthentication(),
-                    'canUpdatePassword' => Features::enabled(Features::updatePasswords()),
-                    'canUpdateProfileInformation' => Features::canUpdateProfileInformation(),
-                    'hasEmailVerification' => Features::enabled(Features::emailVerification()),
-                    'flash' => $request->session()->get('flash', []),
-                    'hasAccountDeletionFeatures' => Jetstream::hasAccountDeletionFeatures(),
-                    'hasApiFeatures' => Jetstream::hasApiFeatures(),
-                    'hasTeamFeatures' => Jetstream::hasTeamFeatures(),
-                    'hasTermsAndPrivacyPolicyFeature' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
-                    'managesProfilePhotos' => Jetstream::managesProfilePhotos(),
-                ];
-            },
            'auth' => [
-                'permissions' => $request->user() !== null && $request->user()->currentTeam !== null ? $permissions->getPermissions($request->user()->currentTeam) : [],
+                'permissions' => $request->user() !== null && $request->user()->currentOrganization !== null ? $permissions->getPermissions($request->user()->currentOrganization) : [],
                'user' => function () use ($request): array {
                    /** @var User|null $user */
                    $user = $request->user();
@@ -57,6 +35,8 @@ class ShareInertiaData
                        return [];
                    }

+                    $currentOrganization = $user->currentOrganization;
+
                    return array_merge([
                        'id' => $user->id,
                        'name' => $user->name,
@@ -69,12 +49,12 @@ class ShareInertiaData
                        'profile_photo_url' => $user->profile_photo_url,
                        'two_factor_enabled' => Features::enabled(Features::twoFactorAuthentication())
                            && ! is_null($user->two_factor_secret),
-                        'current_team' => $user->currentTeam !== null ? [
-                            'id' => $user->currentTeam->id,
-                            'user_id' => $user->currentTeam->user_id,
-                            'name' => $user->currentTeam->name,
-                            'personal_team' => $user->currentTeam->personal_team,
-                            'currency' => $user->currentTeam->currency,
+                        'current_team' => $currentOrganization !== null ? [
+                            'id' => $currentOrganization->id,
+                            'user_id' => $currentOrganization->user_id,
+                            'name' => $currentOrganization->name,
+                            'personal_team' => $currentOrganization->personal_team,
+                            'currency' => $currentOrganization->currency,
                        ] : null,
                    ], array_filter([
                        'all_teams' => $user->organizations->map(function (Organization $organization): array {
--- a/app/Http/Requests/V1/Member/MemberMergeIntoRequest.php
+++ b/app/Http/Requests/V1/Member/MemberMergeIntoRequest.php
@@ -7,6 +7,7 @@ namespace App\Http\Requests\V1\Member;
 use App\Http\Requests\V1\BaseFormRequest;
 use App\Models\Member;
 use App\Models\Organization;
+use Illuminate\Contracts\Validation\Rule;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
 use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
@@ -19,7 +20,7 @@ class MemberMergeIntoRequest extends BaseFormRequest
    /**
     * Get the validation rules that apply to the request.
     *
-     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule>>
+     * @return array<string, array<string|ValidationRule|Rule>>
     */
    public function rules(): array
    {
--- a/app/Http/Requests/V1/Organization/OrganizationStoreRequest.php
+++ b/app/Http/Requests/V1/Organization/OrganizationStoreRequest.php
@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\Organization;
+
+use App\Http\Requests\V1\BaseFormRequest;
+use App\Models\Organization;
+use Illuminate\Contracts\Validation\Rule;
+
+/**
+ * @property Organization $organization Organization from model binding
+ */
+class OrganizationStoreRequest extends BaseFormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|Rule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'name' => [
+                'required',
+                'string',
+                'max:255',
+            ],
+        ];
+    }
+
+    public function getName(): string
+    {
+        return (string) $this->input('name');
+    }
+}
--- a/app/Http/Requests/V1/Organization/OrganizationUpdateRequest.php
+++ b/app/Http/Requests/V1/Organization/OrganizationUpdateRequest.php
@@ -11,6 +11,7 @@ use App\Enums\NumberFormat;
 use App\Enums\TimeFormat;
 use App\Http\Requests\V1\BaseFormRequest;
 use App\Models\Organization;
+use App\Rules\CurrencyRule;
 use Illuminate\Validation\Rule;

 /**
@@ -21,7 +22,7 @@ class OrganizationUpdateRequest extends BaseFormRequest
    /**
     * Get the validation rules that apply to the request.
     *
-     * @return array<string, array<string|\Illuminate\Contracts\Validation\Rule>>
+     * @return array<string, array<string|\Illuminate\Contracts\Validation\Rule|\Illuminate\Contracts\Validation\ValidationRule>>
     */
    public function rules(): array
    {
@@ -30,6 +31,10 @@ class OrganizationUpdateRequest extends BaseFormRequest
                'string',
                'max:255',
            ],
+            'currency' => [
+                'string',
+                new CurrencyRule,
+            ],
            'billable_rate' => array_merge(
                [
                    'nullable',
@@ -68,6 +73,11 @@ class OrganizationUpdateRequest extends BaseFormRequest
        return $this->has('name') ? (string) $this->input('name') : null;
    }

+    public function getCurrency(): ?string
+    {
+        return $this->has('currency') ? (string) $this->input('currency') : null;
+    }
+
    public function getNumberFormat(): ?NumberFormat
    {
        return $this->has('number_format') ? NumberFormat::from($this->input('number_format')) : null;
--- a/app/Http/Requests/V1/User/UserUpdateCurrentOrganizationRequest.php
+++ b/app/Http/Requests/V1/User/UserUpdateCurrentOrganizationRequest.php
@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\User;
+
+use App\Http\Requests\V1\BaseFormRequest;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+class UserUpdateCurrentOrganizationRequest extends BaseFormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|ValidationRule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'organization_id' => [
+                'required',
+                'string',
+                'uuid',
+            ],
+        ];
+    }
+
+    public function getOrganizationId(): string
+    {
+        return (string) $this->input('organization_id');
+    }
+}
--- a/app/Http/Requests/V1/User/UserUpdateRequest.php
+++ b/app/Http/Requests/V1/User/UserUpdateRequest.php
@@ -0,0 +1,95 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\User;
+
+use App\Enums\Weekday;
+use App\Http\Requests\V1\BaseFormRequest;
+use App\Models\User;
+use App\Rules\Base64ImageRule;
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Str;
+use Illuminate\Validation\Rule;
+use Korridor\LaravelModelValidationRules\Rules\UniqueEloquent;
+
+/**
+ * @property User $user User from model binding
+ */
+class UserUpdateRequest extends BaseFormRequest
+{
+    protected function prepareForValidation(): void
+    {
+        if ($this->has('email') && is_string($this->input('email'))) {
+            $this->merge([
+                'email' => Str::lower((string) $this->input('email')),
+            ]);
+        }
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|\Illuminate\Contracts\Validation\Rule|ValidationRule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'name' => [
+                'string',
+                'max:255',
+            ],
+            'email' => [
+                'email',
+                'max:255',
+                UniqueEloquent::make(User::class, 'email')->ignore($this->user->id)->query(function (Builder $query) {
+                    /** @var Builder<User> $query */
+                    return $query->where('is_placeholder', '=', false);
+                }),
+            ],
+            'photo' => [
+                'nullable',
+                new Base64ImageRule,
+            ],
+            'timezone' => [
+                'timezone:all',
+            ],
+            'week_start' => [
+                Rule::enum(Weekday::class),
+            ],
+        ];
+    }
+
+    public function getName(): ?string
+    {
+        return $this->has('name') ? (string) $this->input('name') : null;
+    }
+
+    public function getEmail(): ?string
+    {
+        return $this->has('email') ? Str::lower((string) $this->input('email')) : null;
+    }
+
+    public function getTimezone(): ?string
+    {
+        return $this->has('timezone') ? (string) $this->input('timezone') : null;
+    }
+
+    public function getWeekStart(): ?Weekday
+    {
+        return $this->has('week_start') ? Weekday::from($this->input('week_start')) : null;
+    }
+
+    public function hasPhotoKey(): bool
+    {
+        return $this->has('photo');
+    }
+
+    public function getPhoto(): ?string
+    {
+        $value = $this->input('photo');
+
+        return is_string($value) ? $value : null;
+    }
+}
--- a/app/Http/Resources/V1/User/UserResource.php
+++ b/app/Http/Resources/V1/User/UserResource.php
@@ -28,6 +28,8 @@ class UserResource extends BaseResource
            'name' => $this->resource->name,
            /** @var string $email Email of user */
            'email' => $this->resource->email,
+            /** @var string|null $pending_email Email address awaiting verification (set when the user has requested an email change but not yet verified the new address) */
+            'pending_email' => $this->resource->pending_email,
            /** @var string $profile_photo_url Profile photo URL */
            'profile_photo_url' => $this->resource->profile_photo_url,
            /** @var string $timezone Timezone (f.e. Europe/Berlin or America/New_York) */
--- a/app/Listeners/RemovePlaceholder.php
+++ b/app/Listeners/RemovePlaceholder.php
@@ -1,43 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Listeners;
-
-use App\Models\Member;
-use App\Models\User;
-use App\Service\MemberService;
-use Illuminate\Database\Eloquent\Builder;
-use Laravel\Jetstream\Events\TeamMemberAdded;
-
-class RemovePlaceholder
-{
-    /**
-     * Handle the event.
-     */
-    public function handle(TeamMemberAdded $event): void
-    {
-        $memberService = app(MemberService::class);
-        $member = Member::query()
-            ->whereBelongsTo($event->team, 'organization')
-            ->whereBelongsTo($event->user, 'user')
-            ->firstOrFail();
-        $placeholders = Member::query()
-            ->whereHas('user', function (Builder $query) use ($event): void {
-                /** @var Builder<User> $query */
-                $query->where('is_placeholder', '=', true)
-                    ->where('email', '=', $event->user->email);
-            })
-            ->whereBelongsTo($event->team, 'organization')
-            ->with(['user'])
-            ->get();
-
-        foreach ($placeholders as $placeholder) {
-            /** @var Member $placeholder */
-            $placeholderUser = $placeholder->user;
-            $memberService->assignOrganizationEntitiesToDifferentMember($event->team, $placeholder, $member);
-            $placeholder->delete();
-            $placeholderUser->delete();
-        }
-    }
-}
--- a/app/Mail/OrganizationInvitationMail.php
+++ b/app/Mail/OrganizationInvitationMail.php
@@ -8,6 +8,7 @@ use App\Models\OrganizationInvitation;
 use Illuminate\Bus\Queueable;
 use Illuminate\Mail\Mailable;
 use Illuminate\Queue\SerializesModels;
+use Illuminate\Support\Carbon;
 use Illuminate\Support\Facades\URL;

 class OrganizationInvitationMail extends Mailable
@@ -32,9 +33,12 @@ class OrganizationInvitationMail extends Mailable
    public function build(): self
    {
        return $this->markdown('emails.organization-invitation', [
-            'acceptUrl' => URL::signedRoute('team-invitations.accept', [
-                'invitation' => $this->invitation,
-            ]),
+            'acceptUrl' => URL::to(URL::signedRoute(
+                'organization-invitations.accept',
+                ['invitation' => $this->invitation->getKey()],
+                Carbon::now()->addDays(90),
+                false
+            )),
        ])->subject(__('Organization Invitation'));
    }
 }
--- a/app/Mail/VerifyUpdatedEmailMail.php
+++ b/app/Mail/VerifyUpdatedEmailMail.php
@@ -0,0 +1,48 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Mail;
+
+use App\Models\User;
+use Illuminate\Bus\Queueable;
+use Illuminate\Mail\Mailable;
+use Illuminate\Queue\SerializesModels;
+use Illuminate\Support\Carbon;
+use Illuminate\Support\Facades\URL;
+use Illuminate\Support\Str;
+
+class VerifyUpdatedEmailMail extends Mailable
+{
+    use Queueable, SerializesModels;
+
+    public User $user;
+
+    public string $email;
+
+    public function __construct(User $user, string $email)
+    {
+        $this->user = $user;
+        $this->email = Str::lower($email);
+    }
+
+    /**
+     * Build the message.
+     */
+    public function build(): self
+    {
+        $verificationUrl = URL::temporarySignedRoute(
+            'users.verify-email-change',
+            Carbon::now()->addMinutes((int) config('auth.verification.expire', 60)),
+            [
+                'user' => $this->user->getKey(),
+                'email' => $this->email,
+            ],
+            false
+        );
+
+        return $this->markdown('emails.verify-updated-email', [
+            'verificationUrl' => URL::to($verificationUrl),
+        ])->subject(__('Verify Email Address'));
+    }
+}
--- a/app/Models/Member.php
+++ b/app/Models/Member.php
@@ -9,10 +9,11 @@ use App\Models\Concerns\HasUuids;
 use Database\Factories\MemberFactory;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\HasMany;
+use Illuminate\Database\Eloquent\Relations\Pivot;
 use Illuminate\Support\Carbon;
-use Laravel\Jetstream\Membership as JetstreamMembership;
 use OwenIt\Auditing\Contracts\Auditable as AuditableContract;

 /**
@@ -30,7 +31,7 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
 *
 * @method static MemberFactory factory()
 */
-class Member extends JetstreamMembership implements AuditableContract
+class Member extends Pivot implements AuditableContract
 {
    use CustomAuditable;

--- a/app/Models/Organization.php
+++ b/app/Models/Organization.php
@@ -14,6 +14,7 @@ use App\Models\Concerns\HasUuids;
 use Database\Factories\OrganizationFactory;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\BelongsToMany;
@@ -21,10 +22,6 @@ use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Database\Eloquent\Relations\Pivot;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Str;
-use Laravel\Jetstream\Events\TeamCreated;
-use Laravel\Jetstream\Events\TeamDeleted;
-use Laravel\Jetstream\Events\TeamUpdated;
-use Laravel\Jetstream\Team as JetstreamTeam;
 use OwenIt\Auditing\Contracts\Auditable as AuditableContract;

 /**
@@ -36,12 +33,13 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
 * @property string $user_id
 * @property bool $employees_can_see_billable_rates
 * @property bool $employees_can_manage_tasks
+ * @property bool $prevent_overlapping_time_entries
 * @property User $owner
 * @property Carbon|null $created_at
 * @property Carbon|null $updated_at
 * @property Collection<int, User> $users
 * @property Collection<int, User> $realUsers
- * @property-read Collection<int, OrganizationInvitation> $teamInvitations
+ * @property-read Collection<int, OrganizationInvitation> $organizationInvitations
 * @property Member $membership
 * @property NumberFormat $number_format
 * @property CurrencyFormat $currency_format
@@ -49,10 +47,9 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
 * @property IntervalFormat $interval_format
 * @property TimeFormat $time_format
 *
- * @method HasMany<OrganizationInvitation, $this> teamInvitations()
 * @method static OrganizationFactory factory()
 */
-class Organization extends JetstreamTeam implements AuditableContract
+class Organization extends Model implements AuditableContract
 {
    use CustomAuditable;

@@ -90,17 +87,6 @@ class Organization extends JetstreamTeam implements AuditableContract
        'personal_team',
    ];

-    /**
-     * The event map for the model.
-     *
-     * @var array<string, class-string>
-     */
-    protected $dispatchesEvents = [
-        'created' => TeamCreated::class,
-        'updated' => TeamUpdated::class,
-        'deleted' => TeamDeleted::class,
-    ];
-
    /**
     * The model's default values for attributes.
     *
@@ -109,23 +95,6 @@ class Organization extends JetstreamTeam implements AuditableContract
    protected $attributes = [
    ];

-    /**
-     * Get all the non-placeholder users of the organization including its owner.
-     *
-     * @return Collection<int, User>
-     */
-    public function allRealUsers(): Collection
-    {
-        return $this->realUsers->merge([$this->owner]);
-    }
-
-    public function hasRealUserWithEmail(string $email): bool
-    {
-        return $this->allRealUsers()->contains(function (User $user) use ($email): bool {
-            return $user->email === $email;
-        });
-    }
-
    /**
     * Get all the users that belong to the team.
     *
@@ -171,12 +140,21 @@ class Organization extends JetstreamTeam implements AuditableContract
    }

    /**
-     * This method prevents an unhandled exception when the ID is not a UUID.
-     * Normally this can be fixed with a route pattern, but Jetstream does not use route model binding.
-     *
-     * @param  array<string>  $columns
+     * @return HasMany<OrganizationInvitation, $this>
     */
-    public function findOrFail(string $id, array $columns = ['*']): \Laravel\Jetstream\Team
+    public function organizationInvitations(): HasMany
+    {
+        return $this->hasMany(OrganizationInvitation::class, 'organization_id');
+    }
+
+    /**
+     * Find a model by its primary key or throw an exception.
+     *
+     * @param  array<int, string>  $columns
+     *
+     * @throws ModelNotFoundException<Model>
+     */
+    public static function findOrFail(string $id, array $columns = ['*']): Model
    {
        if (! Str::isUuid($id)) {
            throw (new ModelNotFoundException)->setModel(
--- a/app/Models/OrganizationInvitation.php
+++ b/app/Models/OrganizationInvitation.php
@@ -8,9 +8,9 @@ use App\Models\Concerns\CustomAuditable;
 use App\Models\Concerns\HasUuids;
 use Database\Factories\OrganizationInvitationFactory;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Support\Carbon;
-use Laravel\Jetstream\TeamInvitation as JetstreamTeamInvitation;
 use OwenIt\Auditing\Contracts\Auditable as AuditableContract;

 /**
@@ -18,13 +18,14 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
 * @property string $email
 * @property string $role
 * @property string $organization_id
+ * @property Carbon|null $accepted_at
 * @property Carbon|null $updated_at
 * @property Carbon|null $created_at
 * @property-read Organization $organization
 *
 * @method static OrganizationInvitationFactory factory()
 */
-class OrganizationInvitation extends JetstreamTeamInvitation implements AuditableContract
+class OrganizationInvitation extends Model implements AuditableContract
 {
    use CustomAuditable;

@@ -41,14 +42,16 @@ class OrganizationInvitation extends JetstreamTeamInvitation implements Auditabl
    protected $table = 'organization_invitations';

    /**
-     * The attributes that are mass assignable.
+     * Get the attributes that should be cast.
     *
-     * @var array<int, string>
+     * @return array<string, string>
     */
-    protected $fillable = [
-        'email',
-        'role',
-    ];
+    public function casts(): array
+    {
+        return [
+            'accepted_at' => 'datetime',
+        ];
+    }

    /**
     * Get the organization that the invitation belongs to.
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -4,6 +4,7 @@ declare(strict_types=1);

 namespace App\Models;

+use App\Enums\Role;
 use App\Enums\Weekday;
 use App\Models\Concerns\CustomAuditable;
 use App\Models\Concerns\HasUuids;
@@ -25,8 +26,6 @@ use Illuminate\Notifications\Notifiable;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Facades\Storage;
 use Laravel\Fortify\TwoFactorAuthenticatable;
-use Laravel\Jetstream\HasProfilePhoto;
-use Laravel\Jetstream\HasTeams;
 use Laravel\Passport\AuthCode;
 use Laravel\Passport\Contracts\OAuthenticatable;
 use Laravel\Passport\HasApiTokens;
@@ -36,6 +35,7 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
 * @property string $id
 * @property string $name
 * @property string $email
+ * @property string|null $pending_email
 * @property Carbon|null $email_verified_at
 * @property string|null $password
 * @property string|null $two_factor_secret
@@ -44,13 +44,13 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
 * @property Weekday $week_start
 * @property string|null $profile_photo_path
 * @property-read Organization|null $currentOrganization
- * @property-read Organization|null $currentTeam
 * @property-read string $profile_photo_url
 * @property-read Collection<int, Token> $tokens
 * @property Carbon|null $created_at
 * @property Carbon|null $updated_at
 * @property string|null $current_team_id
 * @property Collection<int, Organization> $organizations
+ * @property Collection<int, Organization> $ownedOrganizations
 * @property Collection<int, TimeEntry> $timeEntries
 * @property Member $membership
 *
@@ -68,8 +68,6 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
    /** @use HasFactory<UserFactory> */
    use HasFactory;

-    use HasProfilePhoto;
-    use HasTeams;
    use HasUuids;
    use Notifiable;
    use TwoFactorAuthenticatable;
@@ -105,6 +103,7 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
    protected $casts = [
        'name' => 'string',
        'email' => 'string',
+        'pending_email' => 'string',
        'email_verified_at' => 'datetime',
        'is_admin' => 'boolean',
        'is_placeholder' => 'boolean',
@@ -129,16 +128,39 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
    {
        return Attribute::get(function (): string {
            return $this->profile_photo_path
-                ? Storage::disk($this->profilePhotoDisk())->url($this->profile_photo_path)
+                ? Storage::disk(config('filesystems.public'))->url($this->profile_photo_path)
                : $this->defaultProfilePhotoUrl();
        });
    }

+    /**
+     * Get the default profile photo URL if no profile photo has been uploaded.
+     */
+    protected function defaultProfilePhotoUrl(): string
+    {
+        $name = trim(collect(explode(' ', $this->name))->map(function ($segment) {
+            return mb_substr($segment, 0, 1);
+        })->join(' '));
+
+        return 'https://ui-avatars.com/api/?name='.urlencode($name).'&color=7F9CF5&background=EBF4FF';
+    }
+
    public function canAccessPanel(Panel $panel): bool
    {
        return in_array($this->email, config('auth.super_admins', []), true) && $this->hasVerifiedEmail();
    }

+    public function isMemberOfOrganization(Organization $organization): bool
+    {
+        if ($this->relationLoaded('organizations')) {
+            return $this->organizations->contains(function (Organization $o) use ($organization): bool {
+                return $o->getKey() === $organization->getKey();
+            });
+        }
+
+        return $this->organizations()->whereKey($organization->getKey())->exists();
+    }
+
    public function canBeImpersonated(): bool
    {
        return $this->is_placeholder === false;
@@ -159,6 +181,14 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
            ->as('membership');
    }

+    /**
+     * @return BelongsToMany<Organization, $this, Pivot, 'membership'>
+     */
+    public function ownedOrganizations(): BelongsToMany
+    {
+        return $this->organizations()->wherePivot('role', Role::Owner->value);
+    }
+
    /**
     * @return HasMany<TimeEntry, $this>
     */
@@ -213,12 +243,8 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
     */
    public function scopeBelongsToOrganization(Builder $builder, Organization $organization): Builder
    {
-        return $builder->where(function (Builder $builder) use ($organization): Builder {
-            return $builder->whereHas('organizations', function (Builder $query) use ($organization): void {
-                $query->whereKey($organization->getKey());
-            })->orWhereHas('ownedTeams', function (Builder $query) use ($organization): void {
-                $query->whereKey($organization->getKey());
-            });
+        return $builder->whereHas('organizations', function (Builder $query) use ($organization): void {
+            $query->whereKey($organization->getKey());
        });
    }
 }
--- a/app/Policies/OrganizationPolicy.php
+++ b/app/Policies/OrganizationPolicy.php
@@ -1,114 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Policies;
-
-use App\Models\Organization;
-use App\Models\User;
-use App\Service\PermissionStore;
-use Filament\Facades\Filament;
-use Illuminate\Auth\Access\HandlesAuthorization;
-
-class OrganizationPolicy
-{
-    use HandlesAuthorization;
-
-    /**
-     * Determine whether the user can view any models.
-     */
-    public function viewAny(User $user): bool
-    {
-        if (Filament::isServing()) {
-            return true;
-        }
-
-        return false;
-    }
-
-    /**
-     * Determine whether the user can view the model.
-     */
-    public function view(User $user, Organization $organization): bool
-    {
-        if (Filament::isServing()) {
-            return true;
-        }
-
-        return $user->belongsToTeam($organization);
-    }
-
-    /**
-     * Determine whether the user can create models.
-     */
-    public function create(User $user): bool
-    {
-        if (Filament::isServing()) {
-            return true;
-        }
-
-        return true;
-    }
-
-    /**
-     * Determine whether the user can update the model.
-     */
-    public function update(User $user, Organization $organization): bool
-    {
-        if (Filament::isServing()) {
-            return true;
-        }
-
-        return app(PermissionStore::class)->userHas($organization, $user, 'organizations:update');
-    }
-
-    /**
-     * Determine whether the user can add team members.
-     */
-    public function addTeamMember(User $user, Organization $organization): bool
-    {
-        if (Filament::isServing()) {
-            return true;
-        }
-
-        return true;
-    }
-
-    /**
-     * Determine whether the user can update team member permissions.
-     */
-    public function updateTeamMember(User $user, Organization $organization): bool
-    {
-        if (Filament::isServing()) {
-            return true;
-        }
-
-        // Note: since this policy is only used for jetstream endpoints, we can return false here
-        return false;
-    }
-
-    /**
-     * Determine whether the user can remove team members.
-     */
-    public function removeTeamMember(User $user, Organization $organization): bool
-    {
-        if (Filament::isServing()) {
-            return true;
-        }
-
-        // Note: since this policy is only used for jetstream endpoints that are no longer in use, we can return false here
-        return false;
-    }
-
-    /**
-     * Determine whether the user can delete the model.
-     */
-    public function delete(User $user, Organization $organization): bool
-    {
-        if (Filament::isServing()) {
-            return true;
-        }
-
-        return $user->ownsTeam($organization);
-    }
-}
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -4,14 +4,11 @@ declare(strict_types=1);

 namespace App\Providers;

-use App\Models\Organization;
 use App\Models\Passport\AuthCode;
 use App\Models\Passport\Client;
 use App\Models\Passport\RefreshToken;
 use App\Models\Passport\Token;
-use App\Policies\OrganizationPolicy;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
-use Laravel\Jetstream\Jetstream;
 use Laravel\Passport\Passport;

 class AuthServiceProvider extends ServiceProvider
@@ -22,7 +19,6 @@ class AuthServiceProvider extends ServiceProvider
     * @var array<class-string, class-string>
     */
    protected $policies = [
-        Organization::class => OrganizationPolicy::class,
    ];

    /**
@@ -56,11 +52,5 @@ class AuthServiceProvider extends ServiceProvider
        // Passport::tokensExpireIn(now()->addDays(15));
        // Passport::refreshTokensExpireIn(now()->addDays(30));
        Passport::personalAccessTokensExpireIn(now()->addMonths(12));
-
-        // same as passport default above
-        Jetstream::defaultApiTokenPermissions(['read']);
-
-        // use passport scopes for jetstream token permissions
-        Jetstream::permissions(Passport::scopeIds());
    }
 }
--- a/app/Providers/EventServiceProvider.php
+++ b/app/Providers/EventServiceProvider.php
@@ -4,11 +4,9 @@ declare(strict_types=1);

 namespace App\Providers;

-use App\Listeners\RemovePlaceholder;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
 use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
-use Laravel\Jetstream\Events\TeamMemberAdded;

 class EventServiceProvider extends ServiceProvider
 {
@@ -21,9 +19,6 @@ class EventServiceProvider extends ServiceProvider
        Registered::class => [
            SendEmailVerificationNotification::class,
        ],
-        TeamMemberAdded::class => [
-            RemovePlaceholder::class,
-        ],
    ];

    /**
--- a/app/Providers/FortifyServiceProvider.php
+++ b/app/Providers/FortifyServiceProvider.php
@@ -15,11 +15,13 @@ use Illuminate\Cache\RateLimiting\Limit;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\RateLimiter;
+use Illuminate\Support\Facades\Route;
 use Illuminate\Support\ServiceProvider;
 use Illuminate\Support\Str;
+use Inertia\Inertia;
+use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
 use Laravel\Fortify\Contracts\TwoFactorLoginResponse;
 use Laravel\Fortify\Fortify;
-use Laravel\Fortify\Http\Responses\LoginResponse;

 class FortifyServiceProvider extends ServiceProvider
 {
@@ -41,6 +43,48 @@ class FortifyServiceProvider extends ServiceProvider
        Fortify::updateUserPasswordsUsing(UpdateUserPassword::class);
        Fortify::resetUserPasswordsUsing(ResetUserPassword::class);

+        Fortify::registerView(function () {
+            return Inertia::render('Auth/Register', [
+                'terms_url' => config('auth.terms_url'),
+                'privacy_policy_url' => config('auth.privacy_policy_url'),
+                'newsletter_consent' => config('auth.newsletter_consent'),
+            ]);
+        });
+
+        Fortify::loginView(function () {
+            return Inertia::render('Auth/Login', [
+                'canResetPassword' => Route::has('password.request'),
+                'status' => session('status'),
+            ]);
+        });
+
+        Fortify::requestPasswordResetLinkView(function () {
+            return Inertia::render('Auth/ForgotPassword', [
+                'status' => session('status'),
+            ]);
+        });
+
+        Fortify::resetPasswordView(function (Request $request) {
+            return Inertia::render('Auth/ResetPassword', [
+                'email' => $request->input('email'),
+                'token' => $request->route('token'),
+            ]);
+        });
+
+        Fortify::verifyEmailView(function () {
+            return Inertia::render('Auth/VerifyEmail', [
+                'status' => session('status'),
+            ]);
+        });
+
+        Fortify::twoFactorChallengeView(function () {
+            return Inertia::render('Auth/TwoFactorChallenge');
+        });
+
+        Fortify::confirmPasswordView(function () {
+            return Inertia::render('Auth/ConfirmPassword');
+        });
+
        Fortify::authenticateUsing(function (Request $request): ?User {
            /** @var User|null $user */
            $user = User::query()
@@ -65,7 +109,7 @@ class FortifyServiceProvider extends ServiceProvider
            return Limit::perMinute(5)->by($request->session()->get('login.id'));
        });

-        $this->app->instance(LoginResponse::class, new CustomLoginResponse);
+        $this->app->instance(LoginResponseContract::class, new CustomLoginResponse);
        $this->app->instance(TwoFactorLoginResponse::class, new CustomTwoFactorLoginResponse);
    }
 }
--- a/app/Providers/JetstreamServiceProvider.php
+++ b/app/Providers/JetstreamServiceProvider.php
@@ -1,337 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Providers;
-
-use App\Actions\Jetstream\AddOrganizationMember;
-use App\Actions\Jetstream\CreateOrganization;
-use App\Actions\Jetstream\DeleteOrganization;
-use App\Actions\Jetstream\DeleteUser;
-use App\Actions\Jetstream\InviteOrganizationMember;
-use App\Actions\Jetstream\RemoveOrganizationMember;
-use App\Actions\Jetstream\UpdateMemberRole;
-use App\Actions\Jetstream\UpdateOrganization;
-use App\Actions\Jetstream\ValidateOrganizationDeletion;
-use App\Enums\Role;
-use App\Enums\Weekday;
-use App\Models\Member;
-use App\Models\Organization;
-use App\Models\OrganizationInvitation;
-use App\Models\User;
-use App\Service\TimezoneService;
-use Brick\Money\Currency;
-use Brick\Money\ISOCurrencyProvider;
-use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Gate;
-use Illuminate\Support\ServiceProvider;
-use Inertia\Inertia;
-use Laravel\Fortify\Fortify;
-use Laravel\Jetstream\Actions\UpdateTeamMemberRole;
-use Laravel\Jetstream\Actions\ValidateTeamDeletion;
-use Laravel\Jetstream\Jetstream;
-
-class JetstreamServiceProvider extends ServiceProvider
-{
-    /**
-     * Register any application services.
-     */
-    public function register(): void
-    {
-        //
-    }
-
-    /**
-     * Bootstrap any application services.
-     */
-    public function boot(): void
-    {
-        $this->configurePermissions();
-
-        Jetstream::createTeamsUsing(CreateOrganization::class);
-        Jetstream::updateTeamNamesUsing(UpdateOrganization::class);
-        Jetstream::addTeamMembersUsing(AddOrganizationMember::class);
-        Jetstream::inviteTeamMembersUsing(InviteOrganizationMember::class);
-        Jetstream::removeTeamMembersUsing(RemoveOrganizationMember::class);
-        Jetstream::deleteTeamsUsing(DeleteOrganization::class);
-        Jetstream::deleteUsersUsing(DeleteUser::class);
-        Jetstream::useTeamModel(Organization::class);
-        Jetstream::useMembershipModel(Member::class);
-        Jetstream::useTeamInvitationModel(OrganizationInvitation::class);
-        app()->singleton(UpdateTeamMemberRole::class, UpdateMemberRole::class);
-        app()->singleton(ValidateTeamDeletion::class, ValidateOrganizationDeletion::class);
-        Fortify::registerView(function () {
-            return Inertia::render('Auth/Register', [
-                'terms_url' => config('auth.terms_url'),
-                'privacy_policy_url' => config('auth.privacy_policy_url'),
-                'newsletter_consent' => config('auth.newsletter_consent'),
-            ]);
-        });
-        Gate::define('removeTeamMember', function (User $user, Organization $team) {
-            return false;
-        });
-    }
-
-    /**
-     * Configure the roles and permissions that are available within the application.
-     */
-    protected function configurePermissions(): void
-    {
-        Jetstream::defaultApiTokenPermissions([]);
-
-        Jetstream::role(Role::Owner->value, 'Owner', [
-            'charts:view:own',
-            'charts:view:all',
-            'projects:view',
-            'projects:view:all',
-            'projects:create',
-            'projects:update',
-            'projects:delete',
-            'project-members:view',
-            'project-members:create',
-            'project-members:update',
-            'project-members:delete',
-            'tasks:view',
-            'tasks:view:all',
-            'tasks:create',
-            'tasks:create:all',
-            'tasks:update',
-            'tasks:update:all',
-            'tasks:delete',
-            'tasks:delete:all',
-            'time-entries:view:all',
-            'time-entries:create:all',
-            'time-entries:update:all',
-            'time-entries:delete:all',
-            'time-entries:view:own',
-            'time-entries:create:own',
-            'time-entries:update:own',
-            'time-entries:delete:own',
-            'tags:view',
-            'tags:create',
-            'tags:update',
-            'tags:delete',
-            'clients:view',
-            'clients:view:all',
-            'clients:create',
-            'clients:update',
-            'clients:delete',
-            'organizations:view',
-            'organizations:update',
-            'organizations:delete',
-            'import',
-            'export',
-            'invitations:view',
-            'invitations:create',
-            'invitations:resend',
-            'invitations:remove',
-            'members:view',
-            'members:invite-placeholder',
-            'members:change-ownership',
-            'members:make-placeholder',
-            'members:merge-into',
-            'members:update',
-            'members:delete',
-            'billing',
-            'reports:view',
-            'reports:create',
-            'reports:update',
-            'reports:delete',
-            'invoices:view',
-            'invoices:create',
-            'invoices:update',
-            'invoices:download',
-            'invoices:delete',
-            'invoice-settings:view',
-            'invoice-settings:update',
-        ])->description('Owner users can perform any action. There is only one owner per organization.');
-
-        Jetstream::role(Role::Admin->value, 'Administrator', [
-            'charts:view:own',
-            'charts:view:all',
-            'projects:view',
-            'projects:view:all',
-            'projects:create',
-            'projects:update',
-            'projects:delete',
-            'project-members:view',
-            'project-members:create',
-            'project-members:update',
-            'project-members:delete',
-            'tasks:view',
-            'tasks:view:all',
-            'tasks:create',
-            'tasks:create:all',
-            'tasks:update',
-            'tasks:update:all',
-            'tasks:delete',
-            'tasks:delete:all',
-            'time-entries:view:all',
-            'time-entries:create:all',
-            'time-entries:update:all',
-            'time-entries:delete:all',
-            'time-entries:view:own',
-            'time-entries:create:own',
-            'time-entries:update:own',
-            'time-entries:delete:own',
-            'tags:view',
-            'tags:create',
-            'tags:update',
-            'tags:delete',
-            'clients:view',
-            'clients:view:all',
-            'clients:create',
-            'clients:update',
-            'clients:delete',
-            'organizations:view',
-            'organizations:update',
-            'import',
-            'export',
-            'invitations:view',
-            'invitations:create',
-            'invitations:resend',
-            'invitations:remove',
-            'members:view',
-            'members:invite-placeholder',
-            'members:make-placeholder',
-            'members:merge-into',
-            'members:delete',
-            'members:update',
-            'reports:view',
-            'reports:create',
-            'reports:update',
-            'reports:delete',
-            'invoices:view',
-            'invoices:create',
-            'invoices:update',
-            'invoices:download',
-            'invoices:delete',
-            'invoice-settings:view',
-            'invoice-settings:update',
-        ])->description('Administrator users can perform any action, except accessing the billing dashboard.');
-
-        Jetstream::role(Role::Manager->value, 'Manager', [
-            'charts:view:own',
-            'charts:view:all',
-            'projects:view',
-            'projects:view:all',
-            'projects:create',
-            'projects:update',
-            'projects:delete',
-            'project-members:view',
-            'project-members:create',
-            'project-members:update',
-            'project-members:delete',
-            'tasks:view',
-            'tasks:view:all',
-            'tasks:create',
-            'tasks:create:all',
-            'tasks:update',
-            'tasks:update:all',
-            'tasks:delete',
-            'tasks:delete:all',
-            'time-entries:view:all',
-            'time-entries:create:all',
-            'time-entries:update:all',
-            'time-entries:delete:all',
-            'time-entries:view:own',
-            'time-entries:create:own',
-            'time-entries:update:own',
-            'time-entries:delete:own',
-            'tags:view',
-            'tags:create',
-            'tags:update',
-            'tags:delete',
-            'clients:view',
-            'clients:view:all',
-            'clients:create',
-            'clients:update',
-            'clients:delete',
-            'organizations:view',
-            'invitations:view',
-            'members:view',
-            'reports:view',
-            'reports:create',
-            'reports:update',
-            'reports:delete',
-            'invoices:view',
-            'invoices:create',
-            'invoices:update',
-            'invoices:download',
-            'invoices:delete',
-            'invoice-settings:view',
-            'invoice-settings:update',
-        ])->description('Managers have full access to all projects, time entries, ect. but cannot manage the organization (add/remove member, edit the organization, ect.).');
-
-        Jetstream::role(Role::Employee->value, 'Employee', [
-            'charts:view:own',
-            'projects:view',
-            'tags:view',
-            'tasks:view',
-            'clients:view',
-            'time-entries:view:own',
-            'time-entries:create:own',
-            'time-entries:update:own',
-            'time-entries:delete:own',
-            'organizations:view',
-        ])->description('Employees have the ability to read, create, and update their own time entries, they can see the projects that they are members of and the clients they are assigned to.');
-
-        Jetstream::role(Role::Placeholder->value, 'Placeholder', [
-        ])->description('Placeholders are used for importing data. They cannot log in and have no permissions.');
-
-        Jetstream::inertia()
-            ->whenRendering(
-                'Profile/Show',
-                function (Request $request, array $data): array {
-                    return array_merge($data, [
-                        'timezones' => $this->app->get(TimezoneService::class)->getSelectOptions(),
-                        'weekdays' => Weekday::toSelectArray(),
-                    ]);
-                }
-            )
-            ->whenRendering(
-                'Teams/Show',
-                function (Request $request, array $data): array {
-                    /** @var Organization $teamModel */
-                    $teamModel = $data['team'];
-                    $owner = $teamModel->owner;
-
-                    return array_merge($data, [
-                        'team' => [
-                            'id' => $teamModel->getKey(),
-                            'name' => $teamModel->name,
-                            'currency' => $teamModel->currency,
-                            'owner' => [
-                                'id' => $owner->getKey(),
-                                'name' => $owner->name,
-                                'email' => $owner->email,
-                                'profile_photo_url' => $owner->profile_photo_url,
-                            ],
-                            'users' => $teamModel->users->map(function (User $user): array {
-                                return [
-                                    'id' => $user->getKey(),
-                                    'name' => $user->name,
-                                    'email' => $user->email,
-                                    'profile_photo_url' => $user->profile_photo_url,
-                                    'membership' => [
-                                        'id' => $user->membership->id,
-                                        'role' => $user->membership->role,
-                                    ],
-                                ];
-                            }),
-                            'team_invitations' => $teamModel->teamInvitations->map(function (OrganizationInvitation $invitation): array {
-                                return [
-                                    'id' => $invitation->getKey(),
-                                    'email' => $invitation->email,
-                                    'role' => $invitation->role,
-                                ];
-                            }),
-                        ],
-                        'currencies' => array_map(function (Currency $currency): string {
-                            return $currency->getName();
-                        }, ISOCurrencyProvider::getInstance()->getAvailableCurrencies()),
-                    ]);
-                }
-            );
-    }
-}
--- a/app/Rules/Base64ImageRule.php
+++ b/app/Rules/Base64ImageRule.php
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Rules;
+
+use App\Support\Base64File;
+use Closure;
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Translation\PotentiallyTranslatedString;
+
+class Base64ImageRule implements ValidationRule
+{
+    private const array ALLOWED_MIME_TYPES = [
+        'image/jpeg',
+        'image/png',
+    ];
+
+    private const int MAX_BYTES = 1024 * 1024;
+
+    /**
+     * Run the validation rule.
+     *
+     * @param  Closure(string): PotentiallyTranslatedString  $fail
+     */
+    public function validate(string $attribute, mixed $value, Closure $fail): void
+    {
+        if (! is_string($value)) {
+            $fail(__('validation.string'));
+
+            return;
+        }
+
+        $file = Base64File::decode($value);
+        if ($file === null || ! in_array($file['mime_type'], self::ALLOWED_MIME_TYPES, true)) {
+            $fail(__('validation.mimes', ['values' => 'jpg, png']));
+
+            return;
+        }
+
+        if (strlen($file['data']) > self::MAX_BYTES) {
+            $fail(__('validation.max.file', ['max' => (string) (self::MAX_BYTES / 1024)]));
+        }
+    }
+}
--- a/app/Service/DeletionService.php
+++ b/app/Service/DeletionService.php
@@ -173,7 +173,7 @@ class DeletionService
        $user->authCodes()->delete();

        // Note: Since the deletion of the profile photo is not reversible via a database rollback this needs to be done last
-        $user->deleteProfilePhoto();
+        $this->userService->deleteProfilePhoto($user);

        $user->delete();

--- a/app/Service/Dto/UserAgentDto.php
+++ b/app/Service/Dto/UserAgentDto.php
@@ -0,0 +1,179 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Service\Dto;
+
+use Closure;
+use Detection\MobileDetect;
+
+/**
+ * @copyright Originally created by Jens Segers: https://github.com/jenssegers/agent
+ */
+class UserAgentDto extends MobileDetect
+{
+    /**
+     * List of additional operating systems.
+     *
+     * @var array<string, string>
+     */
+    protected static array $additionalOperatingSystems = [
+        'Windows' => 'Windows',
+        'Windows NT' => 'Windows NT',
+        'OS X' => 'Mac OS X',
+        'Debian' => 'Debian',
+        'Ubuntu' => 'Ubuntu',
+        'Macintosh' => 'PPC',
+        'OpenBSD' => 'OpenBSD',
+        'Linux' => 'Linux',
+        'ChromeOS' => 'CrOS',
+    ];
+
+    /**
+     * List of additional browsers.
+     *
+     * @var array<string, string>
+     */
+    protected static array $additionalBrowsers = [
+        'Opera Mini' => 'Opera Mini',
+        'Opera' => 'Opera|OPR',
+        'Edge' => 'Edge|Edg',
+        'Coc Coc' => 'coc_coc_browser',
+        'UCBrowser' => 'UCBrowser',
+        'Vivaldi' => 'Vivaldi',
+        'Chrome' => 'Chrome',
+        'Firefox' => 'Firefox',
+        'Safari' => 'Safari',
+        'IE' => 'MSIE|IEMobile|MSIEMobile|Trident/[.0-9]+',
+        'Netscape' => 'Netscape',
+        'Mozilla' => 'Mozilla',
+        'WeChat' => 'MicroMessenger',
+    ];
+
+    /**
+     * Key value store for resolved strings.
+     *
+     * @var array<string, mixed>
+     */
+    protected array $store = [];
+
+    /**
+     * Get the platform name from the User Agent.
+     */
+    public function platform(): ?string
+    {
+        return $this->retrieveUsingCacheOrResolve('platform', function () {
+            return $this->findDetectionRulesAgainstUserAgent(
+                $this->mergeRules(MobileDetect::getOperatingSystems(), static::$additionalOperatingSystems)
+            );
+        });
+    }
+
+    /**
+     * Get the browser name from the User Agent.
+     */
+    public function browser(): ?string
+    {
+        return $this->retrieveUsingCacheOrResolve('browser', function (): ?string {
+            return $this->findDetectionRulesAgainstUserAgent(
+                $this->mergeRules(static::$additionalBrowsers, MobileDetect::getBrowsers())
+            );
+        });
+    }
+
+    /**
+     * Determine if the device is a desktop computer.
+     */
+    public function isDesktop(): bool
+    {
+        return $this->retrieveUsingCacheOrResolve('desktop', function (): bool {
+            // Check specifically for cloudfront headers if the useragent === 'Amazon CloudFront'
+            if (
+                $this->getUserAgent() === static::$cloudFrontUA
+                && $this->getHttpHeader('HTTP_CLOUDFRONT_IS_DESKTOP_VIEWER') === 'true'
+            ) {
+                return true;
+            }
+
+            return ! $this->isMobile() && ! $this->isTablet();
+        });
+    }
+
+    /**
+     * Match a detection rule and return the matched key.
+     *
+     * @param  array<string, string|list<string>>  $rules
+     */
+    protected function findDetectionRulesAgainstUserAgent(array $rules): ?string
+    {
+        $userAgent = $this->getUserAgent();
+
+        foreach ($rules as $key => $regex) {
+            if (is_array($regex)) {
+                $regex = implode('|', $regex);
+            }
+
+            if (empty($regex)) {
+                continue;
+            }
+
+            if ($this->match($regex, $userAgent)) {
+                if ($key !== '') {
+                    return $key;
+                }
+
+                $match = reset($this->matchesArray);
+
+                return is_string($match) ? $match : null;
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * Retrieve from the given key from the cache or resolve the value.
+     *
+     * @template TReturn of string|bool|null
+     *
+     * @param  Closure():TReturn  $callback
+     * @return TReturn
+     */
+    protected function retrieveUsingCacheOrResolve(string $key, Closure $callback): string|bool|null
+    {
+        $cacheKey = $this->createCacheKey($key);
+
+        if (! is_null($cacheItem = $this->store[$cacheKey] ?? null)) {
+            return $cacheItem;
+        }
+
+        return tap(call_user_func($callback), function ($result) use ($cacheKey): void {
+            $this->store[$cacheKey] = $result;
+        });
+    }
+
+    /**
+     * Merge multiple rules into one array.
+     *
+     * @param  array<string, string|list<string>>  ...$all
+     * @return array<string, string>
+     */
+    protected function mergeRules(array ...$all): array
+    {
+        $merged = [];
+
+        foreach ($all as $rules) {
+            foreach ($rules as $key => $value) {
+                $value = is_array($value) ? implode('|', $value) : $value;
+
+                if (empty($merged[$key])) {
+                    $merged[$key] = $value;
+                } else {
+                    $merged[$key] .= '|'.$value;
+                }
+            }
+        }
+
+        return $merged;
+    }
+}
--- a/app/Service/InvitationService.php
+++ b/app/Service/InvitationService.php
@@ -5,27 +5,25 @@ declare(strict_types=1);
 namespace App\Service;

 use App\Enums\Role;
+use App\Events\OrganizationInvitationAdding;
 use App\Exceptions\Api\InvitationForTheEmailAlreadyExistsApiException;
 use App\Exceptions\Api\UserIsAlreadyMemberOfOrganizationApiException;
 use App\Mail\OrganizationInvitationMail;
-use App\Models\Member;
 use App\Models\Organization;
 use App\Models\OrganizationInvitation;
+use App\Models\User;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Mail;
-use Laravel\Jetstream\Events\InvitingTeamMember;

 class InvitationService
 {
    /**
     * @throws UserIsAlreadyMemberOfOrganizationApiException|InvitationForTheEmailAlreadyExistsApiException
     */
-    public function inviteUser(Organization $organization, string $email, Role $role): OrganizationInvitation
+    public function inviteUser(Organization $organization, string $email, Role $role, User $inviter): OrganizationInvitation
    {
-        if (Member::query()
-            ->whereBelongsTo($organization, 'organization')
-            ->whereRelation('user', 'email', '=', $email)
-            ->where('role', '!=', Role::Placeholder->value)
-            ->exists()) {
+        if (app(MemberService::class)->isEmailAlreadyMember($organization, $email)) {
            throw new UserIsAlreadyMemberOfOrganizationApiException;
        }

@@ -36,7 +34,7 @@ class InvitationService
            throw new InvitationForTheEmailAlreadyExistsApiException;
        }

-        InvitingTeamMember::dispatch($organization, $email, $role->value);
+        OrganizationInvitationAdding::dispatch($organization, $email, $role, $inviter);

        $invitation = new OrganizationInvitation;
        $invitation->email = $email;
@@ -48,4 +46,37 @@ class InvitationService

        return $invitation;
    }
+
+    /**
+     * @return Collection<int, Organization>
+     */
+    public function processAcceptedInvitations(User $user): Collection
+    {
+        $organizations = new Collection;
+
+        $invitations = OrganizationInvitation::query()
+            ->where('email', $user->email)
+            ->whereNotNull('accepted_at')
+            ->get();
+
+        foreach ($invitations as $invitation) {
+            $organization = $invitation->organization;
+            $role = Role::tryFrom($invitation->role);
+            if ($role === null) {
+                Log::error('Invalid role in invitation', [
+                    'invitation' => $invitation->getKey(),
+                    'role' => $invitation->role,
+                ]);
+
+                continue;
+            }
+            app(MemberService::class)->addMember($user, $organization, $role);
+
+            $invitation->delete();
+
+            $organizations->push($organization);
+        }
+
+        return $organizations;
+    }
 }
--- a/app/Service/MemberService.php
+++ b/app/Service/MemberService.php
@@ -5,6 +5,8 @@ declare(strict_types=1);
 namespace App\Service;

 use App\Enums\Role;
+use App\Events\MemberAdded;
+use App\Events\MemberAdding;
 use App\Events\MemberRemoved;
 use App\Exceptions\Api\CanNotRemoveOwnerFromOrganization;
 use App\Exceptions\Api\ChangingRoleOfPlaceholderIsNotAllowed;
@@ -21,8 +23,6 @@ use App\Models\User;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Facades\DB;
 use InvalidArgumentException;
-use Laravel\Jetstream\Events\AddingTeamMember;
-use Laravel\Jetstream\Events\TeamMemberAdded;

 class MemberService
 {
@@ -36,7 +36,7 @@ class MemberService
    public function addMember(User $user, Organization $organization, Role $role, bool $asSuperAdmin = false): Member
    {
        if (! $asSuperAdmin) {
-            AddingTeamMember::dispatch($organization, $user);
+            MemberAdding::dispatch($user, $organization, $role);
        }

        $member = new Member;
@@ -49,14 +49,36 @@ class MemberService
            $user->currentOrganization()->associate($organization);
            $user->save();
        });
+        $this->mergePlaceholderMembersIntoExistingMember($member, $organization, $user);

        if (! $asSuperAdmin) {
-            TeamMemberAdded::dispatch($organization, $user);
+            MemberAdded::dispatch($member, $organization, $user);
        }

        return $member;
    }

+    private function mergePlaceholderMembersIntoExistingMember(Member $member, Organization $organization, User $user): void
+    {
+        $placeholders = Member::query()
+            ->whereHas('user', function (Builder $query) use ($user): void {
+                /** @var Builder<User> $query */
+                $query->where('is_placeholder', '=', true)
+                    ->where('email', '=', $user->email);
+            })
+            ->whereBelongsTo($organization, 'organization')
+            ->with(['user'])
+            ->get();
+
+        foreach ($placeholders as $placeholder) {
+            /** @var Member $placeholder */
+            $placeholderUser = $placeholder->user;
+            $this->assignOrganizationEntitiesToDifferentMember($organization, $placeholder, $member);
+            $placeholder->delete();
+            $placeholderUser->delete();
+        }
+    }
+
    /**
     * @throws CanNotRemoveOwnerFromOrganization
     * @throws EntityStillInUseApiException
@@ -71,7 +93,7 @@ class MemberService
        $isPlaceholder = $user->is_placeholder;

        if (! $isPlaceholder && $user->current_team_id === $member->organization_id) {
-            $user->currentTeam()->disassociate();
+            $user->currentOrganization()->disassociate();
            $user->save();
        }

@@ -190,7 +212,7 @@ class MemberService
    {
        $user = $member->user;
        if ($user->current_team_id === $member->organization_id) {
-            $user->currentTeam()->disassociate();
+            $user->currentOrganization()->disassociate();
            $user->save();
        }

@@ -209,4 +231,13 @@ class MemberService
            $this->userService->makeSureUserHasCurrentOrganization($user);
        }
    }
+
+    public function isEmailAlreadyMember(Organization $organization, string $email): bool
+    {
+        return Member::query()
+            ->whereBelongsTo($organization, 'organization')
+            ->whereRelation('user', 'email', '=', $email)
+            ->where('role', '!=', Role::Placeholder->value)
+            ->exists();
+    }
 }
--- a/app/Service/PermissionStore.php
+++ b/app/Service/PermissionStore.php
@@ -4,14 +4,238 @@ declare(strict_types=1);

 namespace App\Service;

+use App\Enums\Role;
 use App\Models\Organization;
 use App\Models\User;
 use Illuminate\Support\Facades\Auth;
-use Laravel\Jetstream\Jetstream;
-use Laravel\Jetstream\Role;

 class PermissionStore
 {
+    /**
+     * @var array<string, array{name: string, permissions: array<string>, description: string}>
+     */
+    private const array ROLE_DEFINITIONS = [
+        'owner' => [
+            'name' => 'Owner',
+            'permissions' => [
+                'charts:view:own',
+                'charts:view:all',
+                'projects:view',
+                'projects:view:all',
+                'projects:create',
+                'projects:update',
+                'projects:delete',
+                'project-members:view',
+                'project-members:create',
+                'project-members:update',
+                'project-members:delete',
+                'tasks:view',
+                'tasks:view:all',
+                'tasks:create',
+                'tasks:create:all',
+                'tasks:update',
+                'tasks:update:all',
+                'tasks:delete',
+                'tasks:delete:all',
+                'time-entries:view:all',
+                'time-entries:create:all',
+                'time-entries:update:all',
+                'time-entries:delete:all',
+                'time-entries:view:own',
+                'time-entries:create:own',
+                'time-entries:update:own',
+                'time-entries:delete:own',
+                'tags:view',
+                'tags:create',
+                'tags:update',
+                'tags:delete',
+                'clients:view',
+                'clients:view:all',
+                'clients:create',
+                'clients:update',
+                'clients:delete',
+                'organizations:view',
+                'organizations:update',
+                'organizations:delete',
+                'import',
+                'export',
+                'invitations:view',
+                'invitations:create',
+                'invitations:resend',
+                'invitations:remove',
+                'members:view',
+                'members:invite-placeholder',
+                'members:change-ownership',
+                'members:make-placeholder',
+                'members:merge-into',
+                'members:update',
+                'members:delete',
+                'billing',
+                'reports:view',
+                'reports:create',
+                'reports:update',
+                'reports:delete',
+                'invoices:view',
+                'invoices:create',
+                'invoices:update',
+                'invoices:download',
+                'invoices:delete',
+                'invoice-settings:view',
+                'invoice-settings:update',
+            ],
+            'description' => 'Owner users can perform any action. There is only one owner per organization.',
+        ],
+        'admin' => [
+            'name' => 'Administrator',
+            'permissions' => [
+                'charts:view:own',
+                'charts:view:all',
+                'projects:view',
+                'projects:view:all',
+                'projects:create',
+                'projects:update',
+                'projects:delete',
+                'project-members:view',
+                'project-members:create',
+                'project-members:update',
+                'project-members:delete',
+                'tasks:view',
+                'tasks:view:all',
+                'tasks:create',
+                'tasks:create:all',
+                'tasks:update',
+                'tasks:update:all',
+                'tasks:delete',
+                'tasks:delete:all',
+                'time-entries:view:all',
+                'time-entries:create:all',
+                'time-entries:update:all',
+                'time-entries:delete:all',
+                'time-entries:view:own',
+                'time-entries:create:own',
+                'time-entries:update:own',
+                'time-entries:delete:own',
+                'tags:view',
+                'tags:create',
+                'tags:update',
+                'tags:delete',
+                'clients:view',
+                'clients:view:all',
+                'clients:create',
+                'clients:update',
+                'clients:delete',
+                'organizations:view',
+                'organizations:update',
+                'import',
+                'export',
+                'invitations:view',
+                'invitations:create',
+                'invitations:resend',
+                'invitations:remove',
+                'members:view',
+                'members:invite-placeholder',
+                'members:make-placeholder',
+                'members:merge-into',
+                'members:delete',
+                'members:update',
+                'reports:view',
+                'reports:create',
+                'reports:update',
+                'reports:delete',
+                'invoices:view',
+                'invoices:create',
+                'invoices:update',
+                'invoices:download',
+                'invoices:delete',
+                'invoice-settings:view',
+                'invoice-settings:update',
+            ],
+            'description' => 'Administrator users can perform any action, except accessing the billing dashboard.',
+        ],
+        'manager' => [
+            'name' => 'Manager',
+            'permissions' => [
+                'charts:view:own',
+                'charts:view:all',
+                'projects:view',
+                'projects:view:all',
+                'projects:create',
+                'projects:update',
+                'projects:delete',
+                'project-members:view',
+                'project-members:create',
+                'project-members:update',
+                'project-members:delete',
+                'tasks:view',
+                'tasks:view:all',
+                'tasks:create',
+                'tasks:create:all',
+                'tasks:update',
+                'tasks:update:all',
+                'tasks:delete',
+                'tasks:delete:all',
+                'time-entries:view:all',
+                'time-entries:create:all',
+                'time-entries:update:all',
+                'time-entries:delete:all',
+                'time-entries:view:own',
+                'time-entries:create:own',
+                'time-entries:update:own',
+                'time-entries:delete:own',
+                'tags:view',
+                'tags:create',
+                'tags:update',
+                'tags:delete',
+                'clients:view',
+                'clients:view:all',
+                'clients:create',
+                'clients:update',
+                'clients:delete',
+                'organizations:view',
+                'invitations:view',
+                'members:view',
+                'reports:view',
+                'reports:create',
+                'reports:update',
+                'reports:delete',
+                'invoices:view',
+                'invoices:create',
+                'invoices:update',
+                'invoices:download',
+                'invoices:delete',
+                'invoice-settings:view',
+                'invoice-settings:update',
+            ],
+            'description' => 'Managers have full access to all projects, time entries, ect. but cannot manage the organization (add/remove member, edit the organization, ect.).',
+        ],
+        'employee' => [
+            'name' => 'Employee',
+            'permissions' => [
+                'charts:view:own',
+                'projects:view',
+                'tags:view',
+                'tasks:view',
+                'clients:view',
+                'time-entries:view:own',
+                'time-entries:create:own',
+                'time-entries:update:own',
+                'time-entries:delete:own',
+                'organizations:view',
+            ],
+            'description' => 'Employees have the ability to read, create, and update their own time entries, they can see the projects that they are members of and the clients they are assigned to.',
+        ],
+        'placeholder' => [
+            'name' => 'Placeholder',
+            'permissions' => [],
+            'description' => 'Placeholders are used for importing data. They cannot log in and have no permissions.',
+        ],
+    ];
+
+    /**
+     * @var array<string, array<string>>
+     */
+    private static array $customRolePermissions = [];
+
    /**
     * @var array<string, array<string>>
     */
@@ -22,6 +246,37 @@ class PermissionStore
        $this->permissionCache = [];
    }

+    /**
+     * @return array<string, array{name: string, permissions: array<string>, description: string}>
+     */
+    public static function roleDefinitions(): array
+    {
+        return self::ROLE_DEFINITIONS;
+    }
+
+    /**
+     * @param  array<string>  $permissions
+     */
+    public static function registerCustomRole(string $role, array $permissions): void
+    {
+        self::$customRolePermissions[$role] = $permissions;
+    }
+
+    public static function resetCustomRoles(): void
+    {
+        self::$customRolePermissions = [];
+    }
+
+    /**
+     * @return array<string>
+     */
+    public static function permissionsForRole(string $role): array
+    {
+        return self::$customRolePermissions[$role]
+            ?? self::ROLE_DEFINITIONS[$role]['permissions']
+            ?? [];
+    }
+
    public function has(Organization $organization, string $permission): bool
    {
        /** @var User|null $user */
@@ -36,7 +291,7 @@ class PermissionStore
    public function userHas(Organization $organization, User $user, string $permission): bool
    {
        if (! isset($this->permissionCache[$user->getKey().'|'.$organization->getKey()])) {
-            if (! $user->belongsToTeam($organization)) {
+            if (! $user->isMemberOfOrganization($organization)) {
                return false;
            }

@@ -54,7 +309,7 @@ class PermissionStore
     */
    private function getPermissionsByUser(Organization $organization, User $user): array
    {
-        if (! $user->belongsToTeam($organization)) {
+        if (! $user->isMemberOfOrganization($organization)) {
            return [];
        }

@@ -68,14 +323,11 @@ class PermissionStore
            return [];
        }

-        /** @var Role|null $roleObj */
-        $roleObj = Jetstream::findRole($role);
-
-        $permissions = $roleObj->permissions ?? [];
+        $permissions = self::permissionsForRole($role);

        // If the organization allows employees to manage tasks and the user is an employee,
        // add the task management permissions for accessible projects
-        if ($role === \App\Enums\Role::Employee->value && $organization->employees_can_manage_tasks) {
+        if ($role === Role::Employee->value && $organization->employees_can_manage_tasks) {
            $permissions = array_merge($permissions, [
                'tasks:create',
                'tasks:update',
--- a/app/Service/ReportExport/CsvExport.php
+++ b/app/Service/ReportExport/CsvExport.php
@@ -10,6 +10,9 @@ use Illuminate\Database\Eloquent\Model;
 use Illuminate\Http\File;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Facades\Storage;
+use League\Csv\CannotInsertRecord;
+use League\Csv\Exception;
+use League\Csv\UnavailableStream;
 use League\Csv\Writer;
 use Spatie\TemporaryDirectory\TemporaryDirectory;

@@ -58,9 +61,9 @@ abstract class CsvExport
    abstract public function mapRow(Model $model): array;

    /**
-     * @throws \League\Csv\CannotInsertRecord
-     * @throws \League\Csv\Exception
-     * @throws \League\Csv\UnavailableStream
+     * @throws CannotInsertRecord
+     * @throws Exception
+     * @throws UnavailableStream
     */
    public function export(): void
    {
@@ -72,6 +75,7 @@ abstract class CsvExport
        $writer->insertOne(static::HEADER);

        $this->builder->chunk($this->chunk, function (Collection $models) use ($writer): void {
+            /** @var T $model */
            foreach ($models as $model) {
                $data = $this->mapRow($model);
                $row = $this->convertRow($data);
--- a/app/Service/TimeEntryFilter.php
+++ b/app/Service/TimeEntryFilter.php
@@ -62,7 +62,7 @@ class TimeEntryFilter
        if ($start === null) {
            return $this;
        }
-        $this->builder->where('start', '>', $start);
+        $this->builder->where('start', '>=', $start);

        return $this;
    }
--- a/app/Service/UserService.php
+++ b/app/Service/UserService.php
@@ -19,6 +19,7 @@ use App\Models\TimeEntry;
 use App\Models\User;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Storage;

 class UserService
 {
@@ -38,7 +39,7 @@ class UserService
    ): User {
        $user = new User;
        $user->name = $name;
-        $user->email = $email;
+        $user->email = strtolower($email);
        $user->password = Hash::make($password);
        $user->timezone = $timezone;
        $user->week_start = $weekStart;
@@ -47,19 +48,22 @@ class UserService
        }
        $user->save();

-        $organization = app(OrganizationService::class)->createOrganization(
-            $this->getOrganizationNameForUserName($user->name),
-            $user,
-            true,
-            $currency,
-            $numberFormat,
-            $currencyFormat,
-            $dateFormat,
-            $intervalFormat,
-            $timeFormat,
-        );
+        $organizations = app(InvitationService::class)->processAcceptedInvitations($user);

-        $user->ownedTeams()->save($organization);
+        if ($organizations->isEmpty()) {
+            $organization = app(OrganizationService::class)->createOrganization(
+                $this->getOrganizationNameForUserName($user->name),
+                $user,
+                true,
+                $currency,
+                $numberFormat,
+                $currencyFormat,
+                $dateFormat,
+                $intervalFormat,
+                $timeFormat,
+            );
+            $this->switchCurrentOrganization($user, $organization);
+        }

        return $user;
    }
@@ -100,13 +104,17 @@ class UserService
            true
        );

-        // Set the organization as the user's current organization
-        $user->currentOrganization()->associate($organization);
-        $user->save();
+        $this->switchCurrentOrganization($user, $organization);

        AfterCreateOrganization::dispatch($organization);
    }

+    public function switchCurrentOrganization(User $user, Organization $organization): void
+    {
+        $user->currentOrganization()->associate($organization);
+        $user->save();
+    }
+
    public function getOrganizationNameForUserName(string $username): string
    {
        return explode(' ', $username, 2)[0]."'s Organization";
@@ -154,4 +162,16 @@ class UserService
            $oldOwner->save();
        }
    }
+
+    public function deleteProfilePhoto(User $user): void
+    {
+        if ($user->profile_photo_path === null) {
+            return;
+        }
+
+        Storage::disk(config('filesystems.public'))->delete($user->profile_photo_path);
+
+        $user->profile_photo_path = null;
+        $user->save();
+    }
 }
--- a/app/Support/Base64File.php
+++ b/app/Support/Base64File.php
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Support;
+
+use Symfony\Component\Mime\MimeTypes;
+
+class Base64File
+{
+    /**
+     * @return array{data: string, mime_type: string}|null
+     */
+    public static function decode(string $value): ?array
+    {
+        if (str_contains($value, ',')) {
+            [, $value] = explode(',', $value, 2);
+        }
+
+        $value = preg_replace('/\s+/', '', $value);
+        if ($value === null || $value === '') {
+            return null;
+        }
+
+        $decoded = base64_decode($value, true);
+        if ($decoded === false) {
+            return null;
+        }
+
+        $mimeType = (new \finfo(FILEINFO_MIME_TYPE))->buffer($decoded);
+        if ($mimeType === false) {
+            return null;
+        }
+
+        return [
+            'data' => $decoded,
+            'mime_type' => $mimeType,
+        ];
+    }
+
+    public static function extension(string $mimeType): ?string
+    {
+        return MimeTypes::getDefault()->getExtensions($mimeType)[0] ?? null;
+    }
+}
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -1,6 +1,10 @@
 <?php

 declare(strict_types=1);
+use App\Exceptions\Handler;
+use App\Http\Kernel;
+use Illuminate\Contracts\Debug\ExceptionHandler;
+use Illuminate\Foundation\Application;

 /*
 |--------------------------------------------------------------------------
@@ -13,7 +17,7 @@ declare(strict_types=1);
 |
 */

-$app = new Illuminate\Foundation\Application(
+$app = new Application(
    $_ENV['APP_BASE_PATH'] ?? dirname(__DIR__)
 );

@@ -30,7 +34,7 @@ $app = new Illuminate\Foundation\Application(

 $app->singleton(
    Illuminate\Contracts\Http\Kernel::class,
-    App\Http\Kernel::class
+    Kernel::class
 );

 $app->singleton(
@@ -39,8 +43,8 @@ $app->singleton(
 );

 $app->singleton(
-    Illuminate\Contracts\Debug\ExceptionHandler::class,
-    App\Exceptions\Handler::class
+    ExceptionHandler::class,
+    Handler::class
 );

 /*
--- a/composer.json
+++ b/composer.json
@@ -18,8 +18,8 @@
        "korridor/laravel-computed-attributes": "^3.1",
        "korridor/laravel-has-many-sync": "^3.1",
        "korridor/laravel-model-validation-rules": "^3.0",
+        "laravel/fortify": "^1.37",
        "laravel/framework": "^12.19.3",
-        "laravel/jetstream": "^5.0",
        "laravel/octane": "^2.3",
        "laravel/passport": "^13.0.5",
        "laravel/tinker": "^2.8",
@@ -27,6 +27,7 @@
        "league/flysystem-aws-s3-v3": "^3.0",
        "league/iso3166": "^4.3",
        "maatwebsite/excel": "^3.1",
+        "mobiledetect/mobiledetectlib": "^4.11",
        "novadaemon/filament-pretty-json": "^2.2",
        "nwidart/laravel-modules": "^12.0.4",
        "owen-it/laravel-auditing": "^14.0.0",
@@ -131,7 +132,8 @@
            "pestphp/pest-plugin": true,
            "php-http/discovery": true,
            "wikimedia/composer-merge-plugin": true
-        }
+        },
+        "process-timeout": 900
    },
    "minimum-stability": "stable",
    "prefer-stable": true
--- a/composer.lock
+++ b/composer.lock
--- a/config/app.php
+++ b/config/app.php
@@ -7,6 +7,12 @@ use App\Enums\DateFormat;
 use App\Enums\IntervalFormat;
 use App\Enums\NumberFormat;
 use App\Enums\TimeFormat;
+use App\Providers\AppServiceProvider;
+use App\Providers\AuthServiceProvider;
+use App\Providers\EventServiceProvider;
+use App\Providers\Filament\AdminPanelProvider;
+use App\Providers\FortifyServiceProvider;
+use App\Providers\RouteServiceProvider;
 use Illuminate\Support\Facades\Facade;
 use Illuminate\Support\ServiceProvider;
 use Nwidart\Modules\LaravelModulesServiceProvider;
@@ -190,13 +196,12 @@ return [
        /*
         * Application Service Providers...
         */
-        App\Providers\AppServiceProvider::class,
-        App\Providers\AuthServiceProvider::class,
-        App\Providers\EventServiceProvider::class,
-        App\Providers\Filament\AdminPanelProvider::class,
-        App\Providers\RouteServiceProvider::class,
-        App\Providers\FortifyServiceProvider::class,
-        App\Providers\JetstreamServiceProvider::class,
+        AppServiceProvider::class,
+        AuthServiceProvider::class,
+        EventServiceProvider::class,
+        AdminPanelProvider::class,
+        RouteServiceProvider::class,
+        FortifyServiceProvider::class,
        // Warning: Do not add TelescopeServiceProvider here since it is already conditionally registered in AppServiceProvider
        LaravelModulesServiceProvider::class,
    ])->toArray(),
--- a/config/audit.php
+++ b/config/audit.php
@@ -1,6 +1,11 @@
 <?php

 declare(strict_types=1);
+use App\Extensions\Auditing\Resolvers\CustomIpAddressResolver;
+use OwenIt\Auditing\Models\Audit;
+use OwenIt\Auditing\Resolvers\UrlResolver;
+use OwenIt\Auditing\Resolvers\UserAgentResolver;
+use OwenIt\Auditing\Resolvers\UserResolver;

 return [

@@ -15,7 +20,7 @@ return [
    |
    */

-    'implementation' => OwenIt\Auditing\Models\Audit::class,
+    'implementation' => Audit::class,

    /*
    |--------------------------------------------------------------------------
@@ -32,7 +37,7 @@ return [
            'web',
            'api',
        ],
-        'resolver' => OwenIt\Auditing\Resolvers\UserResolver::class,
+        'resolver' => UserResolver::class,
    ],

    /*
@@ -44,9 +49,9 @@ return [
    |
    */
    'resolvers' => [
-        'ip_address' => App\Extensions\Auditing\Resolvers\CustomIpAddressResolver::class,
-        'user_agent' => OwenIt\Auditing\Resolvers\UserAgentResolver::class,
-        'url' => OwenIt\Auditing\Resolvers\UrlResolver::class,
+        'ip_address' => CustomIpAddressResolver::class,
+        'user_agent' => UserAgentResolver::class,
+        'url' => UrlResolver::class,
    ],

    /*
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Gregor Vostrak	4ff8a72f0b	add comprehensive 2 factor authentication e2e tests	2026-06-10 14:13:21 +02:00
Gregor Vostrak	4790693017	add back destroy other browser sessions endpoint (jetstream migration)	2026-06-10 13:28:35 +02:00
Gregor Vostrak	3caf7438b5	update e2e test setup to use user settings api endpoint	2026-06-09 16:24:52 +02:00
Gregor Vostrak	d929d31847	change redirects and references to new organization routes	2026-06-09 13:08:22 +02:00
Gregor Vostrak	d7bb36d50f	add currency to organization update endpoint	2026-06-09 12:37:20 +02:00
Gregor Vostrak	b3785f0aa6	replace hardcoded inertia props with organization delete/update perms	2026-06-09 01:43:13 +02:00
Gregor Vostrak	8e47f07f09	remove unused inertia organization page props	2026-06-09 00:32:44 +02:00
Gregor Vostrak	da611086e8	fix inertia backend role data structure after jetstream migration	2026-06-09 00:19:36 +02:00
Gregor Vostrak	a220d0e592	call api for organization create/update/delete and switch	2026-06-09 00:12:55 +02:00
Constantin Graf	0e2c4431a0	Fixed current organization after normal registration	2026-06-08 23:06:07 +02:00
Constantin Graf	2f4c079f9f	Added tests	2026-06-08 22:57:02 +02:00
Gregor Vostrak	f826474f88	add switch current organization endpoint	2026-06-08 18:57:23 +02:00
Constantin Graf	98bbe800f1	Removed Laravel Jetstream	2026-06-08 17:34:55 +02:00
Gregor Vostrak	7035d5fd6e	remove jetstream inertia properties; remove unused ApiTokenManager;	2026-06-05 16:43:01 +02:00
Gregor Vostrak	f32ec59bb5	move banners on login and register cards into the cards	2026-05-29 17:40:16 +02:00
Gregor Vostrak	d2b6be137f	add pending email cancel button	2026-05-29 17:40:16 +02:00
Constantin Graf	dc082b2b19	Replaces all Jetstream model trait functions and relations	2026-05-29 17:40:16 +02:00
Constantin Graf	82ad8ee316	Add reset pending email endpoint to user controller	2026-05-29 17:40:16 +02:00
Gregor Vostrak	117c3c4b6c	move user delete to api endpoint	2026-05-29 17:40:16 +02:00
Gregor Vostrak	4c2586936d	use api routes for profile information updates	2026-05-29 17:40:16 +02:00
Gregor Vostrak	ca843168f6	show null billable rate as empty not as 0 to avoid confusion	2026-05-29 17:40:16 +02:00
Gregor Vostrak	67dcf77635	fix e2e selectors to adapt to reka-ui change;	2026-05-29 17:40:16 +02:00
Gregor Vostrak	dcd21345b2	add pending email to UserResource and update openapi client	2026-05-29 17:40:16 +02:00
Gregor Vostrak	1f832a24a0	update ui package dependencies; update lucide imports	2026-05-29 17:40:16 +02:00
Gregor Vostrak	07cf3f7405	add user endpoint tests for idempotence email update, unauthenticated update and invalid email	2026-05-29 17:37:14 +02:00
Gregor Vostrak	a880ccb32c	update npm dependencies	2026-05-29 17:37:13 +02:00
Gregor Vostrak	5a41c356d4	add profile page e2e tests	2026-05-29 17:27:16 +02:00
Gregor Vostrak	72bddfba8b	update email address change info to use session based banners	2026-05-29 17:27:16 +02:00
Gregor Vostrak	34a1a89c30	add 1MB photo upload limit	2026-05-29 17:27:15 +02:00
Gregor Vostrak	77e4d768d4	add photo delete logic to user update endpoint	2026-05-29 17:27:15 +02:00
Constantin Graf	d42e3ffff0	Updated composer dependencies	2026-05-29 17:27:15 +02:00
Constantin Graf	4e26c8ad6d	Add more tests	2026-05-29 17:27:15 +02:00
Constantin Graf	57794940f1	Add migration to lower case the user emails	2026-05-29 17:27:15 +02:00
Constantin Graf	09827d3d83	Migrate permission away from Jetstream; Moved update user to REST API	2026-05-29 17:27:15 +02:00
Gregor Vostrak	64c5da5223	rephrase logged out user invite accept message to clarify that the invite was accepted	2026-05-29 17:27:15 +02:00
Gregor Vostrak	983e6c3815	add banners for invitation accept	2026-05-29 17:27:15 +02:00
Constantin Graf	f34b60874e	Updated invitation flow, Moved jetstream function to REST endpoints; Lower case email	2026-05-29 17:27:15 +02:00
Gregor Vostrak	8eab0485c9	revert reka-ui update; fix DST cellMath;	2026-05-29 17:14:52 +02:00
Gregor Vostrak	0aa0f0bd77	use cn helper for alert-dialog modals	2026-05-29 17:14:52 +02:00
Gregor Vostrak	eb63c4ef03	fix light mode timesheet background and add missing aria-label	2026-05-29 17:14:52 +02:00
Gregor Vostrak	54fffd07bc	add timesheet unit and e2e tests; add unit test CI setup	2026-05-29 17:14:52 +02:00
Gregor Vostrak	da235dfdc8	remove special “Add new project” state in TimeTrackerProjectTaskDropdown	2026-05-29 17:14:52 +02:00
Gregor Vostrak	0debdddef9	set min release age for npm packages to 7 days to prevent supply chain attacks	2026-05-29 17:14:52 +02:00
Gregor Vostrak	62354cfe8b	remove timetrackerprojecttaskdropdown test without setup	2026-05-29 17:14:52 +02:00
Gregor Vostrak	396e7b2b6b	fix DST boundary issue in timesheets	2026-05-29 17:14:52 +02:00
Gregor Vostrak	221889ff87	fix "No project" duplicating rows, unify no project senitel to null	2026-05-29 17:14:52 +02:00
Gregor Vostrak	7ce3fa2740	change TimeEntryFilter start filter to be inclusive	2026-05-29 17:14:52 +02:00
Gregor Vostrak	df34014bfe	fix e2e tests	2026-05-29 17:14:52 +02:00
Gregor Vostrak	faf3ee471c	fix formatting	2026-05-29 17:14:52 +02:00
Gregor Vostrak	866e5d8594	clamp running time entry duration to min 0 for FullCalendarHeaderDuration calc	2026-05-29 17:14:52 +02:00
Gregor Vostrak	72cd0b6f05	fix formatting	2026-05-29 17:14:52 +02:00
Gregor Vostrak	6d93e48b1d	add missing dayjs plugins for isSameOrBefore and isSameOrAfter	2026-05-29 17:14:52 +02:00
Gregor Vostrak	09af0f775f	add timesheets page	2026-05-29 17:14:52 +02:00
Gregor Vostrak	1cc000a584	fix local storage filter migration state for visibility filter	2026-05-26 11:37:24 +02:00
Gregor Vostrak	1a754f6756	improve modal and field group spacing for project modal layout	2026-05-26 11:15:15 +02:00
Gregor Vostrak	d69d25d059	add project table visibility filter	2026-05-26 11:15:15 +02:00
Gregor Vostrak	0e15d9d9c2	add project visibility ui	2026-05-26 11:15:15 +02:00
dependabot[bot]	7d9ecd9526	Bump aglipanci/laravel-pint-action from 2.5 to 2.6 Bumps [aglipanci/laravel-pint-action](https://github.com/aglipanci/laravel-pint-action) from 2.5 to 2.6. - [Release notes](https://github.com/aglipanci/laravel-pint-action/releases) - [Commits](https://github.com/aglipanci/laravel-pint-action/compare/2.5...2.6) --- updated-dependencies: - dependency-name: aglipanci/laravel-pint-action dependency-version: '2.6' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-20 15:28:48 +02:00
dependabot[bot]	3a17f80f99	Bump codecov/codecov-action from 5.4.3 to 5.5.1 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.4.3 to 5.5.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5.4.3...v5.5.1) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 5.5.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-20 15:14:44 +02:00
dependabot[bot]	e29ea2ea42	Bump actions/setup-node from 4 to 6 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-20 15:13:14 +02:00
dependabot[bot]	fb6e4639ce	Bump actions/download-artifact from 4 to 6 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 6. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-20 15:12:01 +02:00
dependabot[bot]	69bc41988a	Bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-20 15:11:19 +02:00
Gregor Vostrak	f7663b1c8b	Clarify out of scope items for vulnerability reports Added out of scope section for vulnerability reporting.	2026-05-18 19:21:32 +02:00
Gregor Vostrak	793bd11dcf	remove member, invitation, and owner email disclosure from Teams/Show inertia props The Teams/Show Inertia page serialized members, pending invitations, and the owner email into props using only a belongsToTeam authorization gate, while the corresponding API endpoints correctly enforced members:view and invitations:view. The serialized data was unused by the live UI (the TeamMemberManager partial that referenced it was orphaned), so dropping the fields removes the disclosure surface without functional impact. The owner card retains name and photo.	2026-05-18 19:04:57 +02:00
Gregor Vostrak	77a62afd69	add alphabetic sorting to multiselect dropdowns	2026-04-29 18:32:05 +02:00