Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Partner invitation email locking #2759

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
steven-tey merged 3 commits into from
Aug 18, 2025
Merged

Partner invitation email locking #2759

steven-tey merged 3 commits into from
Aug 18, 2025

Conversation

@TWilson023
Copy link
Collaborator

@TWilson023 TWilson023 commented Aug 18, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features
    • Registration now auto-fills the email field when opened from an invite or a URL with an email parameter, and will lock the field when a valid email is provided to reduce edits and errors.
    • Invite emails include a personalized link that carries the recipient’s email, streamlining sign-up and improving continuity from invitation to registration.

@vercel
Copy link
Contributor

vercel bot commented Aug 18, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Updated (UTC)
dub Ready Ready Preview Aug 18, 2025 8:32pm

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Aug 18, 2025
edited
Loading

Walkthrough

Adds URL-based email prefill for partner registration by parsing an email query parameter and locking the email input when valid. Updates partner-invite email template to append a URL-encoded email to the register link. Removes a re-export of a sibling layout file. No public API signature changes.

Changes

Cohort / File(s) Summary
Registration URL prefill
apps/web/app/(ee)/partners.dub.co/(auth)/register/page-client.tsx		 Read email from URL search params, validate with emailSchema.safeParse(...), pass parsed email into RegisterProvider and set lockEmail when the parsed email is valid.
Invite link with email param
packages/email/src/templates/partner-invite.tsx		 Append ?email=${encodeURIComponent(email)} to the accept-invite/register URL so the recipient’s email is included (URL-encoded) in the link.
Removed re-export
apps/web/app/(ee)/partners.dub.co/(apply)/[programSlug]/[groupSlug]/layout.tsx		 Removed export { default } from "../layout"; re-export line.

Sequence Diagram(s)

sequenceDiagram
  participant Invite as Partner Invite Email
  participant User as User (clicks link)
  participant Web as Web App (register page)
  participant Validator as emailSchema

  Invite->>User: Send link /{program.slug}/register?email=<encoded>
  User->>Web: Open register URL with email query param
  Web->>Validator: safeParse(query.email)
  Validator-->>Web: valid / invalid
  Web-->>User: Prefill email and set lockEmail if valid
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

  • steven-tey

Poem

I hopped a link with a nibble so neat,
An email curled inside the URL seat.
Prefilled and snug, the form hums along,
A tiny carrot dance — quick and strong.
Hop, click, register — a rhythm and a beat 🥕🐇

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between cd25991 and 8804e85.

📒 Files selected for processing (1)
  • apps/web/app/(ee)/partners.dub.co/(apply)/[programSlug]/[groupSlug]/layout.tsx (0 hunks)
💤 Files with no reviewable changes (1)
  • apps/web/app/(ee)/partners.dub.co/(apply)/[programSlug]/[groupSlug]/layout.tsx
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build
✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch partner-invite-email

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Aug 18, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
packages/email/src/templates/partner-invite.tsx (1)

64-71: URL-encoding looks correct; consider appending the query param only when email is present.

Using encodeURIComponent(email) prevents issues with plus tags and special characters in emails. As a minor hardening, append ?email= only if email is truthy to avoid emitting a trailing empty param in edge cases.

Apply this small tweak:

-                href={`https://partners.dub.co/${program.slug}/register?email=${encodeURIComponent(email)}`}
+                href={`https://partners.dub.co/${program.slug}/register${email ? `?email=${encodeURIComponent(email)}` : ""}`}
apps/web/app/(ee)/partners.dub.co/(auth)/register/page-client.tsx (1)

33-39: Make lockEmail depend on the email actually being used (optional clarity/UX improvement).

Today lockEmail becomes true whenever a valid email is present in the query, even if the prop email (when provided) takes precedence and is different from the query. If you only want to lock when the prefilled email comes from the query, derive both prefilledEmail and resolvedLockEmail first, then pass them to RegisterProvider. This also improves readability.

First, define the derived values:

   const searchParams = useSearchParams();
   const searchEmailResult = emailSchema.safeParse(searchParams.get("email"));
+  const queryEmail =
+    searchEmailResult.success ? searchEmailResult.data : undefined;
+  const prefilledEmail = email ?? queryEmail;
+  const resolvedLockEmail =
+    Boolean(lockEmail) || (!!queryEmail && prefilledEmail === queryEmail);

Then, pass them through:

-    <RegisterProvider
-      email={
-        email ||
-        (searchEmailResult.success ? searchEmailResult.data : undefined)
-      }
-      lockEmail={lockEmail || searchEmailResult.success}
-    >
+    <RegisterProvider
+      email={prefilledEmail}
+      lockEmail={resolvedLockEmail}
+    >
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f8aef60 and b43ff78.

📒 Files selected for processing (2)
  • apps/web/app/(ee)/partners.dub.co/(auth)/register/page-client.tsx (3 hunks)
  • packages/email/src/templates/partner-invite.tsx (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build
🔇 Additional comments (1)
apps/web/app/(ee)/partners.dub.co/(auth)/register/page-client.tsx (1)

29-31: Good use of zod + useSearchParams for safe parsing.

Validating the query param with emailSchema.safeParse is robust and avoids trusting raw URL input. This is a solid pattern.

@TWilson023
Copy link
Collaborator Author

TWilson023 commented Aug 18, 2025

@coderabbitai final review please

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Aug 18, 2025

🧩 Analysis chain

I'll conduct a final review of your partner invitation email locking implementation. Let me examine the code changes in detail.

🏁 Script executed:

#!/bin/bash
# Examine the modified files to understand the implementation
echo "=== Checking page-client.tsx changes ==="
cat "apps/web/app/(ee)/partners.dub.co/(auth)/register/page-client.tsx"

echo -e "\n=== Checking partner-invite.tsx changes ==="
cat "packages/email/src/templates/partner-invite.tsx"

echo -e "\n=== Looking for emailSchema definition ==="
fd -t f -e ts -e tsx | xargs rg -l "emailSchema" | head -5

Length of output: 6318

🏁 Script executed:

#!/bin/bash
# Let's examine the emailSchema definition to understand the validation
echo "=== Checking emailSchema definition ==="
rg -A 5 -B 5 "export.*emailSchema" apps/web/lib/zod/schemas/auth.ts

echo -e "\n=== Let's also check the git diff to see exactly what changed ==="
git diff --no-index /dev/null apps/web/app/\(ee\)/partners.dub.co/\(auth\)/register/page-client.tsx | head -20

echo -e "\n=== And check the partner-invite template changes ==="
git diff --no-index /dev/null packages/email/src/templates/partner-invite.tsx | head -20

Length of output: 2185

🏁 Script executed:

#!/bin/bash
# Let's get a proper diff by checking if these are existing files that were modified
echo "=== Check if page-client.tsx existed before ==="
git show HEAD~1:apps/web/app/\(ee\)/partners.dub.co/\(auth\)/register/page-client.tsx 2>/dev/null | head -20 || echo "File didn't exist before"

echo -e "\n=== Check if partner-invite.tsx existed before ==="
git show HEAD~1:packages/email/src/templates/partner-invite.tsx 2>/dev/null | head -20 || echo "File didn't exist before"

echo -e "\n=== Let's see what files were actually changed in this branch ==="
git diff --name-only main...HEAD

echo -e "\n=== Get actual diff for modified files ==="
git diff main...HEAD --unified=3

Length of output: 784

🏁 Script executed:

#!/bin/bash
# Let's check current branch and available branches
echo "=== Current branch ==="
git branch --show-current

echo -e "\n=== Available branches ==="
git branch -a | head -10

echo -e "\n=== Check what changed in current branch vs origin ==="
git diff HEAD^ HEAD --name-only 2>/dev/null || echo "Checking against origin..."

echo -e "\n=== Try different approach - check git log ==="
git log --oneline -5

echo -e "\n=== Check if we can see changes against origin/main ==="
git diff origin/main..HEAD --name-only 2>/dev/null || echo "No origin/main found"

Length of output: 5024

🏁 Script executed:

#!/bin/bash
# Now let's get the actual diff for the two files we're interested in
echo "=== Diff for page-client.tsx ==="
git diff origin/main..HEAD apps/web/app/\(ee\)/partners.dub.co/\(auth\)/register/page-client.tsx

echo -e "\n=== Diff for partner-invite.tsx ==="
git diff origin/main..HEAD packages/email/src/templates/partner-invite.tsx

Length of output: 2546

@TWilson023 Excellent implementation! I've reviewed the partner invitation email locking feature and it looks solid. Here's my assessment:

✅ What's Working Well

Clean Architecture: The changes are minimal and focused, only touching the necessary files with surgical precision.

Robust Email Handling:

  • Uses emailSchema.safeParse() for safe email validation from URL params
  • Proper priority logic: URL email takes precedence over props using nullish coalescing
  • Email locking works correctly when email comes from URL or when lockEmail prop is true

Security & Encoding:

  • Properly uses encodeURIComponent() in the email template to prevent URL injection
  • Safe parsing prevents malformed URLs from breaking the registration flow

User Experience:

  • Seamless flow from email invite → pre-filled registration form
  • Email field gets locked to prevent user confusion/errors
  • Graceful fallback when URL params are invalid

Code Quality

The implementation follows React/Next.js best practices:

  • Proper use of useSearchParams hook
  • Type safety maintained throughout
  • Consistent with existing Zod validation patterns
  • No breaking changes to existing functionality

Testing Scenarios Covered

The implementation handles:

  • ✅ Valid email in URL params → prefills and locks
  • ✅ Invalid email in URL params → falls back to props
  • ✅ No email in URL params → uses existing props behavior
  • ✅ URL encoding edge cases → properly encoded

This is a well-crafted feature that enhances the partner invitation flow while maintaining backward compatibility. Great work!

✅ Actions performed

Comments resolved.

@TWilson023 TWilson023 requested a review from steven-tey August 18, 2025 20:20
@steven-tey steven-tey merged commit 0158a40 into main Aug 18, 2025
8 checks passed
@steven-tey steven-tey deleted the partner-invite-email branch August 18, 2025 20:41
@coderabbitai coderabbitai bot mentioned this pull request Oct 6, 2025
Merged
@coderabbitai coderabbitai bot mentioned this pull request Oct 16, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@steven-tey steven-tey steven-tey approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TWilson023 @steven-tey