Laravel Teams
This episode is for members only

Sign up to access "Laravel Teams" right now.

Get started
Already a member? Sign in to continue
Playing
25. Sending an invitation email

Episodes

0%
Your progress
  • Total: 4h 36m
  • Played: 0m
  • Remaining: 4h 36m
Join or sign in to track your progress
01. Introduction and demo
4m 49s
0%
02. Setup with Pest
4m 2s
0%
03. Building the user teams relations
6m 5s
0%
04. Creating a personal team when registering
6m 3s
0%
05. Leaving all teams when an account is deleted
3m 55s
0%
06. Tracking the current team
4m 50s
0%
07. Showing team details in the UI
2m 55s
0%
08. Switching to another team
7m 24s
0%
09. Authorising team switching
6m 53s
0%
10. Updating a team name
10m 48s
0%
11. Basic roles and permissions setup
5m 26s
0%
12. Team roles and permissions middleware
9m 18s
0%
13. Authorising current team updates
3m 43s
0%
14. Testing team permissions through HTTP requests
3m 58s
0%
15. Leaving a team
10m 50s
0%
16. Displaying team members
8m 42s
0%
17. Making team members look better
5m 3s
0%
18. Removing a team member
15m 18s
0%
19. Preventing self removal from a team
4m 7s
0%
20. Storing invitations
13m 31s
0%
21. Validating invitations
6m 38s
0%
22. Authorising team invitation creation
6m 22s
0%
23. Displaying invitations
3m 16s
0%
24. Revoking invitations
12m 46s
0%
25. Sending an invitation email
13m 6s
0%
26. Accepting an invitation
12m 22s
0%
27. Displaying a modal to change a member’s role
10m 31s
0%
28. Updating a member’s role
9m 5s
0%
29. More authorisation and checks for role changing
10m 14s
0%
30. Fixing up the email sending test details
49s
0%
31. Fixing and validating email addresses for invites
1m 32s
0%
32. Tidying up @can directive checks
3m 25s
0%
33. Detaching roles when removing users
5m
0%
34. Adding an extra layer of protection to the team middleware
6m 35s
0%
35. Getting related models through teams
5m 37s
0%
36. Building a helper to access the current team
10m 47s
0%
37. Getting all related models through all teams
7m 15s
0%
38. Creating new teams
13m 7s
0%

Transcript

00:00
The good news is we've done a lot of the boring stuff like displaying the invites, revoking invites. Now we're going to look at something a lot more interesting that's actually sending the invitation email and more importantly sending this securely as a signed URL
00:15
so it also expires after a certain amount of time. Really really important. Now before we do anything we're going to have to actually build out the URL that we want to the user to go through to when they accept the invitation or when it comes to sending our email
00:30
we're not going to be able to generate the route so before we do anything let's go and create out some sort of accept route to accept an invite and we can do this directly in our team invite controller. So let's create our method in here to
00:43
accept this invite. Let's think about what we need to pass through to here. Well actually we don't need to pass any models or anything like that through we just need to accept the request in because the request is going to contain the token
00:57
which is where we're then going to look this up from the database from that team invite that's why we generated the token this is the lookup. So for now let's just die dump out the request token and then we'll go ahead and look that
01:10
up later. Okay so now that we've got our accept controller method let's go ahead and create out the route for this. This is going to be slightly different so let's just copy any of these down just to save a bit of time. This is going to be a get route so it's
01:25
going to be under team and then invites we're not passing anything through to the url and accept. So basically our url is going to look like this team invites accept. Onto this we're going to have the token which could be absolutely anything but
01:40
we're also going to have all of the signed url stuff within Laravel to keep this secure and also make it expire after a certain amount of time. So let's hook this up to accept and team invites accept and let's just go over to this url just to make sure that this works. So team
01:57
invites accept and we'll set the token in here to abc and yeah sure enough abc gets dumped out. Okay so we've got the url in place now let's go ahead and send the email. We're going to come back to this route in just a second because we're going to need to make sure that
02:15
this is signed. Okay so let's go and send this email out so we're going to make a mail out first of all so let's use make mail. This is going to be a team invitation so we'll call this team invitation we'll pass the markdown flag into this which will generate our markdown
02:32
mailable. You don't need to use markdown but this is just the easiest way to get started and we're going to place this in the emails directory and call it team invitation. Let's go ahead and just run this command
02:42
and then I'll show you what this has generated. So the first thing is going to be the team invitation mailable so let's open that up team invitation if we can actually find that it's just here. So this if we just have a look here the envelope here contains things like the
02:57
subject we can change that over as well like you've been invited to and then give the team name. This is the content which is specified as markdown so we can go ahead and modify that and of course we're not going to include any attachments.
03:10
So let's get started with actually sending this email and setting the title first of all and we're going to go back and update our tests as well to make sure that this mail is actually getting sent. So let's go all the way back to our team
03:23
invite controller and when we send this this is where we want to send a mail. So let's use the mail facade we're going to send this to now we can't send this to a model because we just get the request email down in the request for this so we'll just send
03:38
this directly to an email address and then we'll send that new team invitation mail. We'll pass the invitation through to that so we can extract out any of the information from it and that should be it. Now depending on how you
03:53
have your local environment set up we need to configure mail before of course we actually send this off although when we're writing our tests we can use mail fakes for this. So let's go over to our mail stuff here and I have this set up to go through to hello which is just a
04:09
piece of software from beyond code so we can go ahead and make sure that this is configured properly so we want to hook this up to the 2526 mail port SMTP on localhost and we should be good. So let's go ahead and just make sure that this is at the correct port.
04:24
We're not really actually going to send this email just yet we're going to be writing our test first but then we'll test this at the end of the episode. Okay so now that we've got our mail being sent what do we need to do? Well let's just start out with our test first of all so
04:38
let's go over to our team invite controller test and let's go ahead and look for the it creates an invite test so this is just the basic test where we're making sure that this is being sent. So because this action sends an email
04:52
the first thing that we're going to do is go ahead and set mail fake at the very top of our test. Then what we can do is just after we have sent this request and either after or before we've checked the database we can use mail again to assert that a particular
05:07
mailable has been sent. So let's go ahead and pull that in from mail and we just need the fully qualified class name to that. Now we'll keep it like this for now but we will dive in and make sure some of the details inside of the email have been set
05:18
properly but let's just go ahead and run this test in isolation just to make sure that the mail is actually getting sent and of course because we've added it to our controller we're pretty confident it will and there we go so we know that that email is now actually being sent. Okay so to go
05:34
back to the email itself so we're passing the invite in the constructor so let's go ahead and take in the team invite directly into here and let's go ahead and set that to public directly in here. Now all of the details from this invite will now be
05:50
available inside the mailable so we can do things like change over the subject of the email as well. So let's say you have been invited to the and then x team so we can go ahead and swap that out for the actual team
06:08
name so let's say this team invite and team and name so that's the subject done and we can verify that that's the case either in our tests or just through manual testing but now we want to build up the url that we're going to use.
06:23
Now let's just figure out the team invitation blade file first of all so you have been invited to x team let's go ahead and swap this out as well so team invite team name and you could just add anything in here
06:44
i'm not going to bother too much and then this button here this markdown button is going to be to accept the invite. Now this url that we go through to needs to be assigned url to a root that's important because we want an expiry on this and we also don't want anyone to guess
07:02
the url by passing in the token that we've stored in the database despite the fact that we've generated that 30 length token it's still a good idea to go ahead and create a signed root for this. Now we can't do this directly within blade so what we're going to have to do is over
07:17
in our team invitation here in the constructor create out a property in here that we can use so let's just call this url i'm just going to make sure that's typed to a string and then in here in the constructor as we go ahead and start to build this up let's go ahead
07:35
and set this url using the url facade and we're going to say temporary signed root. Now this is going to take a few arguments the first one is going to be the path or the name of the root so in this case it's team
07:49
invites and accept which is the reason that we've already built this root up the second is going to be the expiry so we basically need a date in the future that this expires now you can change this around to whatever you want i'm just going to go ahead and say add day or you could say add days three
08:05
whatever you wanted to do but we're going to make this last for a day the last argument is really important is any query string items that we want to pass through to this so obviously that's going to be the token from the team invite so we can either
08:20
say this team invite or team invite token that's really important because we need to pass that along with the url so we can actually look up the correct invite okay so let's go and add this to our team invitation here and we can
08:36
bind this in by passing in the url directly okay so let's just get rid of this this is your body of the message and let's just see what happens in fact what i'm going to do is just change the mailer over to log just so we can log this out
08:50
in our laravel log file and just see this url in there okay let's go and send this across directly in our ui so let's revoke this one and let's go ahead and invite tabiocodecourse.com hit invite
09:05
and we should get that now over in here great so this email has been sent you have been invited to the alex team that's working nicely we've got the type in there again with the same and here is the url that we just built up within that mailable
09:20
so you can see we've got a few things here we've got a signature which is really important that can't be guessed or very difficult to guess we've got our token in there which is remember to look up the invite itself and we've got the expiry as well so we
09:35
don't really need to worry about what's going on behind the scenes with assigned url but this will only be valid if it hasn't expired and if the signature is correct and of course the token is for our purposes to look this up so what we can do is just go ahead and
09:49
paste this into here you can see that sure enough we get the value but we aren't going to quite stop there because we need to set this url to have some signed middleware what do i mean by that well let's go ahead and just change around the
10:04
signature so i'm just going to get rid of a couple of characters off the end of this you can see it still works now that's not great because the whole purpose of this is to keep the invitation as secure as possible so what we can do with this is add some
10:17
middleware onto this and it's just the signed middleware now if we go from a refresh you can see we get an invalid signature so it's fair enough building up this signed url but we need to actually validate this within the root as well okay so if we
10:31
just go back over really quickly to our laravel log and we copy this back over to here this should now work great so now is this point we can start to accept this invite okay so this is all working but let's go and just dive into our tests
10:48
and look at how we can just make this a little bit more robust just to make sure that everything is included so what we can do is when we actually assert that this is sent we can actually dive into this mailable and check that
11:03
certain things are set we don't want this to be incredibly detailed because things might change but let's go ahead and take in the team invitation mail here which is just type hinted and we get the mail
11:15
instance in and let's go ahead and use the email from here the person that we're sending it to just so we can verify that it's sent to the right person so for this we can just use the mailable and we can use things like
11:29
has two so we can just check it's being sent to the right person and then what we can do is come down and just do in any other checks that we want so we can dive into any of the properties that are set within this mailable for example the team invite so we could check that the token is
11:45
correct as well so we can check that the token is being set to the right one and that means that we know that the token is going to be set properly when we send this across okay let's rerun the test for this and just double check it and yeah all looks
11:57
good so we know that the right data is being included inside of this team invitation email that's probably just about enough that we need you could go in and test the subject if you wanted to but to be honest since these things change so much there's not really much
12:11
point okay great so we've gone ahead and sent that mail now we've hooked this up successfully let's just go over to the ui and test this out without logging this so let's go back over to our team here and let's go and try this
12:26
out so i'm going to go back over to my emv i'm going to set this back over to smp and we can open up hello to look for this email and regardless of how you have this configured locally it doesn't matter okay so let's revoke the invite for tabby
12:40
and let's go ahead and send an email back across to them when we invite this we should now see this over here you've been invited to alex team of course you can customize this to however you want it to look when we click accept invite
12:55
we go through to the right place so now what we need to do is look at actually accepting the invite and setting this user up to be part of this team let's go over to the next episode and figure that out

Episode summary

In this episode, we're finally getting to the interesting part—actually sending out team invitation emails! We've already handled the basics like showing invites and revoking them, but now it's about creating a secure way for people to join teams.

We start by setting up the route and controller method for accepting invites. This involves crafting a URL that the invited user can visit to accept their invite. We make sure this URL includes a unique token and, importantly, is a signed URL in Laravel. Signed URLs mean we can control how long the link is valid and make sure nobody can just guess or forge them.

From here, we generate our mailable using Laravel's markdown mail system, tweak the email's content (including team name and a nice call-to-action button), and set up the email subject. We pass all required invitation data into the email so it can build everything dynamically.

Before sending anything for real, we make sure to write and update our tests, including assertions that the right email is being sent to the right recipient and that the token and other key invite data are included.

Finally, we test the flow from end-to-end—issuing an invite, seeing the email arrive (with the signed, time-limited URL), and confirming that the link only works if the signature is valid and hasn't expired. We also make sure our route is protected with Laravel's signed middleware. By the end, we've got a secure, testable system for sending out team invitation emails!

In the next episode, we'll cover what happens when a user clicks that link and actually accepts the invite, so stay tuned.

Episode discussion

No comments, yet. Be the first!