- SessionCreated event now carries only domain data (no isFirstSession)
- Mails listener uses ordered guard clauses, deferring the DB query
until cheaper checks pass
- Drop $user Document allocation in favour of direct array access
- Inline FileName validator and $smtpEnabled into their use sites
- Extract $isBranded to eliminate duplicate APP_BRANDED_EMAIL_BASE_TEMPLATE check
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Moves session alert email side effect out of the account controller
into a dedicated `Mails` listener that reacts to a new `SessionCreated`
bus event. The event is now always dispatched on session creation; the
listener owns all conditional logic (first session, sessionAlerts flag,
email-link sessions, user email presence).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Swap the order of createDocument('sessions') and purgeCachedDocument('users')
in the email/password session creation flow. Previously, the cache was purged
before the session was written, opening a race window in Swoole's async
environment where a concurrent account.get() could re-cache the user with no
sessions, causing sessionVerify to fail with a 401. This matches the correct
ordering already used by the token-based flows (magic URL, OTP, phone).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove team deletion for sole owner+sole member case; let orphan teams
be cleaned up by Cloud's inactive project cleanup (safer, avoids
accidental data loss)
- Add explicit ordering by $createdAt so the most veteran member gets
ownership transfer, with limit(1) for clarity
- Remove confirm filter on primary user transfer in membership deletion
so all members (including unconfirmed) are considered
- Remove redundant ownership transfer from Deletes worker since the API
controller already handles it before queueing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prevent unconfirmed (pending invite) members from being promoted to
owner or set as the team's primary user during membership/account
deletion by adding a Query::equal('confirm', [true]) filter to the
relevant findOne queries.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Instead of blocking account deletion when the user has confirmed team
memberships, handle memberships gracefully during deletion:
- Sole owner + sole member: delete the team and queue project cleanup
- Sole owner + other members: transfer ownership to the next member
- Non-owner / multiple owners: no special handling needed (worker cleans up)
Also update the Deletes worker to transfer the team's primary user
reference when removing a deleted user's memberships.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The users.php and messaging.php legacy controllers were missing the
userType field in their log output, creating an inconsistency with the
new audit user type distinction feature. Also adds missing mode field
to users.php logs endpoint.
https://claude.ai/code/session_01J9gKXwbHoLggsGwJi6KUnM
Matej Bačo
Matej Bačo
Damodar Lohani
Chirag Aggarwal
Damodar Lohani
loks0n
Harsh Mahajan
Claude