fix(security): strengthen email invite validation logic, fix invite page UI

[waleedlatif1]

Summary

strengthen email invite validation logic, fix invite page UI

Type of Change

• Other: security + UI

Testing

Tested manually.

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

Screenshots/Videos

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
sim	Ready	Preview	Comment	Aug 28, 2025 7:07am

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Skipped			Aug 28, 2025 7:07am

[greptile-apps]

Greptile Summary

This PR delivers two major improvements: strengthening email invitation security and modernizing the invite page UI. The security enhancements remove flexible email matching logic that previously allowed users with similar (but not identical) emails to accept invitations intended for others - a significant vulnerability. The new implementation enforces strict email matching, requires verified email addresses, and adds comprehensive validation including user existence checks and membership status verification. These changes affect both workspace and organization invitation flows, with consistent error handling and redirect logic.

The UI overhaul completely redesigns the invitation pages with a modern, branded experience. Key improvements include dynamic logo support, CSS variable-based theming for multi-tenancy, distinct visual states for organization vs workspace invitations, and comprehensive error handling with contextual action buttons. The invite error page now handles five new error cases with appropriate user guidance, while the main invite page features a cleaner layout that replaces Card components with custom styling. The changes maintain backward compatibility while significantly improving the user experience through better loading states, mobile-friendly design, and integrated branding support.

Confidence score: 5/5

• This PR is safe to merge with minimal risk as it strengthens security without breaking existing functionality
• Score reflects well-structured security improvements and comprehensive UI enhancements with proper error handling
• No files require special attention as all changes follow established patterns and maintain consistency

PR Description Notes:

• Consider adding more detail about the specific security vulnerability that was addressed
• The "Tests added/updated and passing" checkbox is checked but only manual testing is mentioned in the summary

_{6 files reviewed, 1 comment}

_{Edit Code Review Bot Settings | Greptile}