feat: prevent join requests with equal mail

lib/membership/join_request/changes/approve_request.ex

@@ -16,11 +16,13 @@ defmodule Mv.Membership.JoinRequest.Changes.ApproveRequest do
 
     if current_status == :submitted do
       reviewed_by_id = Helpers.actor_id(context.actor)
+      reviewed_by_display = Helpers.actor_email(context.actor)
 
       changeset
       |> Ash.Changeset.force_change_attribute(:status, :approved)
       |> Ash.Changeset.force_change_attribute(:approved_at, DateTime.utc_now())
       |> Ash.Changeset.force_change_attribute(:reviewed_by_user_id, reviewed_by_id)
+      |> Ash.Changeset.force_change_attribute(:reviewed_by_display, reviewed_by_display)
     else
       Ash.Changeset.add_error(changeset,
         field: :status,

lib/membership/join_request/changes/helpers.ex

@@ -16,4 +16,24 @@ defmodule Mv.Membership.JoinRequest.Changes.Helpers do
   end
 
   def actor_id(_), do: nil
+
+  @doc """
+  Extracts the actor's email for display (e.g. reviewed_by_display).
+
+  Supports both atom and string keys for compatibility with different actor representations.
+  """
+  @spec actor_email(term()) :: String.t() | nil
+  def actor_email(nil), do: nil
+
+  def actor_email(actor) when is_map(actor) do
+    raw = Map.get(actor, :email) || Map.get(actor, "email")
+    if is_nil(raw), do: nil, else: actor_email_string(raw)
+  end
+
+  def actor_email(_), do: nil
+
+  defp actor_email_string(raw) do
+    s = raw |> to_string() |> String.trim()
+    if s == "", do: nil, else: s
+  end
 end

lib/membership/join_request/changes/regenerate_confirmation_token.ex

@@ -0,0 +1,30 @@
+defmodule Mv.Membership.JoinRequest.Changes.RegenerateConfirmationToken do
+  @moduledoc """
+  Sets a new confirmation token hash and expiry on an existing join request (resend flow).
+
+  Used when the user submits the join form again with the same email while a request
+  is still pending_confirmation. Internal use only (domain calls with authorize?: false).
+  """
+  use Ash.Resource.Change
+
+  alias Mv.Membership.JoinRequest
+
+  @confirmation_validity_hours 24
+
+  @spec change(Ash.Changeset.t(), keyword(), Ash.Resource.Change.context()) :: Ash.Changeset.t()
+  def change(changeset, _opts, _context) do
+    token = Ash.Changeset.get_argument(changeset, :confirmation_token)
+
+    if is_binary(token) and token != "" do
+      hash = JoinRequest.hash_confirmation_token(token)
+      expires_at = DateTime.utc_now() |> DateTime.add(@confirmation_validity_hours, :hour)
+
+      changeset
+      |> Ash.Changeset.force_change_attribute(:confirmation_token_hash, hash)
+      |> Ash.Changeset.force_change_attribute(:confirmation_token_expires_at, expires_at)
+      |> Ash.Changeset.force_change_attribute(:confirmation_sent_at, DateTime.utc_now())
+    else
+      changeset
+    end
+  end
+end

lib/membership/join_request/changes/reject_request.ex

@@ -15,11 +15,13 @@ defmodule Mv.Membership.JoinRequest.Changes.RejectRequest do
 
     if current_status == :submitted do
       reviewed_by_id = Helpers.actor_id(context.actor)
+      reviewed_by_display = Helpers.actor_email(context.actor)
 
       changeset
       |> Ash.Changeset.force_change_attribute(:status, :rejected)
       |> Ash.Changeset.force_change_attribute(:rejected_at, DateTime.utc_now())
       |> Ash.Changeset.force_change_attribute(:reviewed_by_user_id, reviewed_by_id)
+      |> Ash.Changeset.force_change_attribute(:reviewed_by_display, reviewed_by_display)
     else
       Ash.Changeset.add_error(changeset,
         field: :status,