Skip to content

feat: per-account SMTP email settings and admin account approval#1257

Open
scracha wants to merge 2 commits into
HiEventsDev:developfrom
scracha:feature/multi-tenant-email-and-approval
Open

feat: per-account SMTP email settings and admin account approval#1257
scracha wants to merge 2 commits into
HiEventsDev:developfrom
scracha:feature/multi-tenant-email-and-approval

Conversation

@scracha

@scracha scracha commented Jul 6, 2026

Copy link
Copy Markdown

Summary

Adds multi-tenancy support for email configuration and a registration approval gate.

Per-Account SMTP Email Settings

  • Each account (tenant) can configure their own SMTP server via Account Settings > Email tab
  • Falls back to server-level .env SMTP when not configured or disabled
  • SMTP password encrypted at rest (Laravel encrypted cast)
  • SSRF protection on SMTP host field (blocks private/internal IPs and cloud metadata endpoints)
  • Password never returned to frontend (only smtp_password_set boolean)
  • Admin-only access enforced on both GET and POST endpoints

Admin Account Approval

  • New env vars: APP_REQUIRE_ACCOUNT_APPROVAL and APP_ADMIN_EMAIL
  • When enabled, new registrations require admin approval before login is permitted
  • Admin receives an email with a signed magic link (30-day expiry, AES-256 encrypted token)
  • Login page shows clear pending approval message with a Resend Approval Request button
  • Resend endpoint is rate-limited (3 per 10 minutes) to prevent admin inbox spam
  • Existing accounts are backfilled as approved during migration

New API Endpoints

  • GET /accounts/{id}/email-settings (auth + admin)
  • POST /accounts/{id}/email-settings (auth + admin)
  • GET /accounts/approve?token=... (public, magic link)
  • POST /accounts/resend-approval (public, rate-limited)

Database Migrations

  • create_account_email_settings table
  • add approved_at to accounts (backfills existing as approved)

Frontend

  • Email Settings tab in Account Settings (admin-only)
  • Pending Approval page after registration
  • Admin Approve Account page (standalone, no auth needed)
  • Login error now shows actual API message instead of generic text

.env.example updated

  • APP_REQUIRE_ACCOUNT_APPROVAL=false
  • APP_ADMIN_EMAIL=

scracha added 2 commits July 2, 2026 23:09
… logo. Fix HiEventsDev#1238 broken uploadimages via volume block (appdata) in docker config
Multi-tenancy features:
- Per-account SMTP email settings (admin-only, encrypted passwords)
- Admin approval gate for new account registrations
- SSRF protection on SMTP host validation
- Rate-limited resend approval endpoint

Backend:
- New account_email_settings table with encrypted password storage
- AccountMailerFactory resolves per-account mailer or falls back to .env default
- All mail-sending services (orders, tickets, event messages) use account mailer
- Account approval flow: register -> admin email -> magic link -> user confirmation
- Login blocked for unapproved accounts with clear messaging
- NotInternalHost validation rule blocks private/reserved IPs

Frontend:
- Email Settings tab in Account Settings (admin-only)
- Pending Approval page after registration
- Login shows 'pending approval' banner with resend button
- Admin approval landing page (standalone, no auth required)

Config:
- APP_REQUIRE_ACCOUNT_APPROVAL=true/false
- APP_ADMIN_EMAIL=admin@example.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant