- SessionCreated event now carries only domain data (no isFirstSession)
- Mails listener uses ordered guard clauses, deferring the DB query
until cheaper checks pass
- Drop $user Document allocation in favour of direct array access
- Inline FileName validator and $smtpEnabled into their use sites
- Extract $isBranded to eliminate duplicate APP_BRANDED_EMAIL_BASE_TEMPLATE check
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Moves session alert email side effect out of the account controller
into a dedicated `Mails` listener that reacts to a new `SessionCreated`
bus event. The event is now always dispatched on session creation; the
listener owns all conditional logic (first session, sessionAlerts flag,
email-link sessions, user email presence).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Swap the order of createDocument('sessions') and purgeCachedDocument('users')
in the email/password session creation flow. Previously, the cache was purged
before the session was written, opening a race window in Swoole's async
environment where a concurrent account.get() could re-cache the user with no
sessions, causing sessionVerify to fail with a 401. This matches the correct
ordering already used by the token-based flows (magic URL, OTP, phone).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove team deletion for sole owner+sole member case; let orphan teams
be cleaned up by Cloud's inactive project cleanup (safer, avoids
accidental data loss)
- Add explicit ordering by $createdAt so the most veteran member gets
ownership transfer, with limit(1) for clarity
- Remove confirm filter on primary user transfer in membership deletion
so all members (including unconfirmed) are considered
- Remove redundant ownership transfer from Deletes worker since the API
controller already handles it before queueing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prevent unconfirmed (pending invite) members from being promoted to
owner or set as the team's primary user during membership/account
deletion by adding a Query::equal('confirm', [true]) filter to the
relevant findOne queries.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Instead of blocking account deletion when the user has confirmed team
memberships, handle memberships gracefully during deletion:
- Sole owner + sole member: delete the team and queue project cleanup
- Sole owner + other members: transfer ownership to the next member
- Non-owner / multiple owners: no special handling needed (worker cleans up)
Also update the Deletes worker to transfer the team's primary user
reference when removing a deleted user's memberships.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
