Include the invitation UUID in generated magic link tokens and validate the
matching stored invitation link before logging the user in, preventing stale
or same-email invitations from being reused.
Move the email-verification URL hash from sha1 to sha256 and verify it
directly in the controller using hash_equals, instead of going through
Laravel's EmailVerificationRequest (which only compares against sha1).
The signed URL still carries the authoritative HMAC; the hash upgrade
keeps the identity binding aligned with modern hashing guidance.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The invitation-link login path previously marked the account as
email-verified as a side effect of authenticating, without the user ever
proving control of the mailbox. Remove that branch so every account
goes through the standard signed-URL verification flow.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Refactor the invitation acceptance flow to use a landing page pattern:
- GET shows invitation details (team name, role, confirmation button)
- POST processes the acceptance with proper form submission
- Remove unused revoke GET route (handled by Livewire component)
- Add Blade view for the invitation landing page
- Add feature tests for the new invitation flow
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore(version): update coolify-realtime to version 1.0.9 in docker-compose and versions files
* feat(migration): add is_sentinel_enabled column to server_settings with default true
* fix(migration): update default value handling for is_sentinel_enabled column in server_settings
* feat(seeder): dispatch StartProxy action for each server in ProductionSeeder
* feat(seeder): add CheckAndStartSentinelJob dispatch for each server in ProductionSeeder
* fix(seeder): conditionally dispatch CheckAndStartSentinelJob based on server's sentinel status
* feat(seeder): conditionally dispatch StartProxy action based on proxy check result
* refactor(ui): terminal
* refactor(ui): remove terminal header from execute-container-command view
* refactor(ui): remove unnecessary padding from deployment, backup, and logs sections
* fix(service): disable healthcheck logging for Gotenberg (#6005)
* fix(service): Joplin volume name (#5930)
* chore(version): update coolify version to 4.0.0-beta.420 and nightly version to 4.0.0-beta.421
* fix(server): update sentinelUpdatedAt assignment to use server's sentinel_updated_at property
* feat(service): update Changedetection template (#5937)
* chore(service): changedetection remove unused code
* fix(service): audiobookshelf healthcheck command (#5993)
* refactor(service): update Hoarder to their new name karakeep (#5964)
* fix(service): downgrade Evolution API phone version (#5977)
* feat(service): add Miniflux service (#5843)
* refactor(service): karakeep naming and formatting
* refactor(service): improve miniflux
- improve DB url
- add depends_on
- formatting, naming & order
* feat(service): add Pingvin Share service (#5969)
* fix(service): pingvinshare-with-clamav
- add platform to make clamav work
- formatting
* feat(auth): Add Discord OAuth Provider (#5552)
* feat(auth): Add Clerk OAuth Provider (#5553)
* feat(auth): add Zitadel OAuth Provider (#5490)
* Update composer.lock
* fix(ssh): scp requires square brackets for ipv6 (#6001)
* refactor(core): rename API rate limit ENV
* refactor(ui): simplify container selection form in execute-container-command view
* chore(service): Update Evolution API image to the official one (#6031)
* chore(versions): bump coolify versions to v4.0.0-beta.420 and v4.0.0-beta.421
* fix(github): changing github app breaks the webhook. it does not anymore
* feat(service): enhance service status handling and UI updates
* fix(parser): improve FQDN generation and update environment variable handling
* fix(ui): enhance status refresh buttons with loading indicators
* fix(ui): update confirmation button text for stopping database and service
* fix(routes): update middleware for deploy route to use 'api.ability:deploy'
* fix(ui): refine API token creation form and update helper text for clarity
* fix(ui): adjust layout of deployments section for improved alignment
* chore(dependencies): update composer dependencies to latest versions including resend-laravel to ^0.19.0 and aws-sdk-php to 3.347.0
* refactor(email): streamline SMTP and resend settings logic for improved clarity
* fix(ui): adjust project grid layout and refine server border styling for better visibility
* fix(ui): update border styling for consistency across components and enhance loading indicators
* feat(cleanup): add functionality to delete teams with no members or servers in CleanupStuckedResources command
* refactor(invitation): rename methods for consistency and enhance invitation deletion logic
* refactor(user): streamline user deletion process and enhance team management logic
* fix(ui): add padding to section headers in settings views for improved spacing
* fix(ui): reduce gap between input fields in email settings for better alignment
* fix(docker): conditionally enable gzip compression in Traefik labels based on configuration
* fix(parser): enable gzip compression conditionally for Pocketbase images and streamline service creation logic
* fix(ui): update padding for trademarks policy and enhance spacing in advanced settings section
* feat(ui): add heart icon and enhance popup messaging for sponsorship support
* feat(settings): add sponsorship popup toggle and corresponding database migration
* fix(ui): correct closing tag for sponsorship link in layout popups
* fix(ui): refine wording in sponsorship donation prompt in layout popups
* fix(ui): update navbar icon color and enhance popup layout for sponsorship support
* Update resources/views/livewire/project/shared/health-checks.blade.php
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update app/Livewire/Subscription/Index.php
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix(ui): add target="_blank" to sponsorship links in layout popups for improved user experience
* fix(models): refine comment wording in User model for clarity on user deletion criteria
* Update app/Providers/RouteServiceProvider.php
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix(models): improve user deletion logic in User model to handle team member roles and prevent deletion if user is alone in root team
* fix(ui): update wording in sponsorship prompt for clarity and engagement
---------
Co-authored-by: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Co-authored-by: Khiet Tam Nguyen <86177399+nktnet1@users.noreply.github.com>
Co-authored-by: Carsten <BanditsBacon@users.noreply.github.com>
Co-authored-by: Alberto Rizzi <48057685+albertorizzi@users.noreply.github.com>
Co-authored-by: Jonas Klesen <deklesen@gmail.com>
Co-authored-by: Stew Night. <22344601+stewnight@users.noreply.github.com>
Co-authored-by: Jeffer Marcelino <jeffersunde72@gmail.com>
Co-authored-by: Lucas Eduardo <lucas59356@gmail.com>
Co-authored-by: CrazyTim71 <118295691+CrazyTim71@users.noreply.github.com>
Co-authored-by: Yassir Elmarissi <yassir.elmarissi@hm.edu>
Co-authored-by: Hauke Schnau <hauke@schnau-lilienthal.de>
Co-authored-by: Darren Sisson <74752850+djsisson@users.noreply.github.com>
Co-authored-by: Alkesh Das <67038642+smad-bro@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
- Replace `! $type` checks with `blank($type)` for consistency
- Modify email settings configuration to handle null/disabled states
- Ensure proper fallback and configuration of email providers
Andras Bacsai