Add in-app account share invitation accept/decline

Recipients can now accept or decline share invitations directly from the
accounts page without needing the email token. Adds ID-based backend
endpoints and a pending invitations UI section with Accept/Decline buttons.

Also fixes ReceivedShareDto field name mismatch (sharedByUserName → sharedByName).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: Rodrigo Leote

frontend/messages/en.json

@@ -871,7 +871,14 @@
       "pendingInvitation": "Pending",
       "accepted": "Active",
       "declined": "Declined",
-      "revoked": "Revoked"
+      "revoked": "Revoked",
+      "pendingInvitations": "Pending Invitations",
+      "accept": "Accept",
+      "decline": "Decline",
+      "invitationAccepted": "Invitation accepted! The account is now available.",
+      "invitationDeclined": "Invitation declined.",
+      "acceptFailed": "Failed to accept invitation. Please try again.",
+      "declineFailed": "Failed to decline invitation. Please try again."
     }
   },
   "reconciliation": {

frontend/messages/pt-BR.json

@@ -836,7 +836,14 @@
       "pendingInvitation": "Pendente",
       "accepted": "Ativo",
       "declined": "Recusado",
-      "revoked": "Revogado"
+      "revoked": "Revogado",
+      "pendingInvitations": "Convites Pendentes",
+      "accept": "Aceitar",
+      "decline": "Recusar",
+      "invitationAccepted": "Convite aceito! A conta agora está disponível.",
+      "invitationDeclined": "Convite recusado.",
+      "acceptFailed": "Falha ao aceitar convite. Tente novamente.",
+      "declineFailed": "Falha ao recusar convite. Tente novamente."
     },
     "createNewAccount": "Criar Nova Conta",
     "createNewAccountDesc": "Adicione uma nova conta financeira para acompanhar seu dinheiro",

frontend/src/app/accounts/page.tsx

@@ -8,7 +8,8 @@ import { Card, CardContent, CardHeader, CardTitle } from '@/components/ui/card';
 import { Button } from '@/components/ui/button';
 import { formatCurrency } from '@/lib/utils';
 import { AccountTypeBadge } from '@/components/ui/account-type-badge';
-import { apiClient } from '@/lib/api-client';
+import { apiClient, ReceivedShareDto } from '@/lib/api-client';
+import { CheckIcon, XMarkIcon, EnvelopeIcon } from '@heroicons/react/24/outline';
 import Link from 'next/link';
 import { toast } from 'sonner';
 import {
@@ -64,6 +65,8 @@ export default function AccountsPage() {
   const [archiveConfirm, setArchiveConfirm] = useState<{ show: boolean; account?: Account }>({ show: false });
   const [deleteConfirm, setDeleteConfirm] = useState<{ show: boolean; account?: Account }>({ show: false });
   const [shareModal, setShareModal] = useState<{ show: boolean; account?: Account }>({ show: false });
+  const [pendingInvitations, setPendingInvitations] = useState<ReceivedShareDto[]>([]);
+  const [processingShareIds, setProcessingShareIds] = useState<Set<number>>(new Set());
 
   useEffect(() => {
     if (!isLoading && !isAuthenticated) {
@@ -75,6 +78,7 @@ export default function AccountsPage() {
   useEffect(() => {
     if (isAuthenticated && typeof window !== 'undefined') {
       loadAccounts();
+      loadPendingInvitations();
     }
   }, [isAuthenticated]);
 
@@ -97,6 +101,54 @@ export default function AccountsPage() {
     }
   };
 
+  const loadPendingInvitations = async () => {
+    try {
+      const shares = await apiClient.getReceivedShares();
+      setPendingInvitations((shares || []).filter(s => s.status === 1));
+    } catch (error) {
+      console.error('Failed to load pending invitations:', error);
+    }
+  };
+
+  const handleAcceptInvitation = async (shareId: number) => {
+    if (processingShareIds.has(shareId)) return;
+    setProcessingShareIds(prev => new Set(prev).add(shareId));
+    try {
+      await apiClient.acceptShareById(shareId);
+      toast.success(t('sharing.invitationAccepted'));
+      loadAccounts();
+      loadPendingInvitations();
+    } catch (error) {
+      console.error('Failed to accept invitation:', error);
+      toast.error(t('sharing.acceptFailed'));
+    } finally {
+      setProcessingShareIds(prev => {
+        const next = new Set(prev);
+        next.delete(shareId);
+        return next;
+      });
+    }
+  };
+
+  const handleDeclineInvitation = async (shareId: number) => {
+    if (processingShareIds.has(shareId)) return;
+    setProcessingShareIds(prev => new Set(prev).add(shareId));
+    try {
+      await apiClient.declineShareById(shareId);
+      toast.success(t('sharing.invitationDeclined'));
+      loadPendingInvitations();
+    } catch (error) {
+      console.error('Failed to decline invitation:', error);
+      toast.error(t('sharing.declineFailed'));
+    } finally {
+      setProcessingShareIds(prev => {
+        const next = new Set(prev);
+        next.delete(shareId);
+        return next;
+      });
+    }
+  };
+
   const handleArchiveAccount = async (account: Account) => {
     try {
       // Archive the account
@@ -218,6 +270,69 @@ export default function AccountsPage() {
           </Card>
         </div>
 
+        {/* Pending Invitations */}
+        {pendingInvitations.length > 0 && (
+          <Card className="bg-white/90 backdrop-blur-xs border-0 shadow-lg border-l-4 border-l-amber-400 mb-8">
+            <CardHeader className="pb-3">
+              <CardTitle className="flex items-center gap-2 text-lg">
+                <EnvelopeIcon className="w-5 h-5 text-amber-600" />
+                {t('sharing.pendingInvitations')}
+                <span className="inline-flex items-center justify-center w-6 h-6 rounded-full bg-amber-100 text-amber-800 text-xs font-bold">
+                  {pendingInvitations.length}
+                </span>
+              </CardTitle>
+            </CardHeader>
+            <CardContent className="pt-0">
+              <div className="space-y-3">
+                {pendingInvitations.map((invitation) => (
+                  <div
+                    key={invitation.id}
+                    className="flex flex-col sm:flex-row sm:items-center gap-3 p-4 rounded-lg bg-gray-50/50 opacity-75 border border-gray-200"
+                  >
+                    <div className="flex items-center gap-3 min-w-0 flex-1">
+                      <div className="w-10 h-10 sm:w-12 sm:h-12 flex-shrink-0 bg-gradient-to-br from-gray-300 to-gray-500 rounded-xl flex items-center justify-center">
+                        <BuildingOffice2Icon className="w-5 h-5 sm:w-6 sm:h-6 text-white" />
+                      </div>
+                      <div className="min-w-0">
+                        <h4 className="text-base font-semibold text-gray-900 truncate">{invitation.accountName}</h4>
+                        <div className="flex items-center gap-2 mt-0.5 flex-wrap">
+                          <span className="inline-flex items-center px-2 py-0.5 rounded-full text-xs font-medium bg-amber-100 text-amber-800">
+                            {t('sharing.pendingInvitation')}
+                          </span>
+                          <span className="text-xs text-gray-500">
+                            {t('sharing.sharedByName', { name: invitation.sharedByName })}
+                            {' - '}
+                            {getShareRoleName(invitation.role)}
+                          </span>
+                        </div>
+                      </div>
+                    </div>
+                    <div className="flex items-center gap-2 pl-13 sm:pl-0">
+                      <Button
+                        size="sm"
+                        onClick={() => handleAcceptInvitation(invitation.id)}
+                        disabled={processingShareIds.has(invitation.id)}
+                      >
+                        <CheckIcon className="w-4 h-4 mr-1" />
+                        {t('sharing.accept')}
+                      </Button>
+                      <Button
+                        variant="outline"
+                        size="sm"
+                        onClick={() => handleDeclineInvitation(invitation.id)}
+                        disabled={processingShareIds.has(invitation.id)}
+                      >
+                        <XMarkIcon className="w-4 h-4 mr-1" />
+                        {t('sharing.decline')}
+                      </Button>
+                    </div>
+                  </div>
+                ))}
+              </div>
+            </CardContent>
+          </Card>
+        )}
+
         {/* Accounts List */}
         <Card className="bg-white/90 backdrop-blur-xs border-0 shadow-lg">
           <CardHeader>

frontend/src/lib/api-client.ts

@@ -1596,6 +1596,14 @@ class ApiClient {
     return this.post('/api/account-shares/decline', { token });
   }
 
+  async acceptShareById(shareId: number): Promise<AccountShareDto> {
+    return this.post(`/api/account-shares/${shareId}/accept`);
+  }
+
+  async declineShareById(shareId: number): Promise<void> {
+    return this.post(`/api/account-shares/${shareId}/decline`);
+  }
+
   // AI Description Cleaning methods
   async previewDescriptionCleaning(descriptions: { rawDescription: string; merchantNameHint?: string }[]): Promise<{
     results: Array<{
@@ -1651,7 +1659,7 @@ export interface ReceivedShareDto {
   id: number;
   accountId: number;
   accountName: string;
-  sharedByUserName: string;
+  sharedByName: string;
   role: number;
   status: number;
   createdAt: string;

src/Core/MyMascada.Application/Features/AccountSharing/Commands/AcceptAccountShareByIdCommand.cs

@@ -0,0 +1,65 @@
+using MediatR;
+using MyMascada.Application.Common.Interfaces;
+using MyMascada.Application.Features.AccountSharing.DTOs;
+using MyMascada.Domain.Common;
+using MyMascada.Domain.Enums;
+
+namespace MyMascada.Application.Features.AccountSharing.Commands;
+
+/// <summary>
+/// Command to accept a pending account share invitation by share ID (for in-app use).
+/// </summary>
+public class AcceptAccountShareByIdCommand : IRequest<AccountShareDto>
+{
+    public int ShareId { get; set; }
+    public Guid UserId { get; set; }
+}
+
+public class AcceptAccountShareByIdCommandHandler : IRequestHandler<AcceptAccountShareByIdCommand, AccountShareDto>
+{
+    private readonly IAccountShareRepository _accountShareRepository;
+
+    public AcceptAccountShareByIdCommandHandler(IAccountShareRepository accountShareRepository)
+    {
+        _accountShareRepository = accountShareRepository;
+    }
+
+    public async Task<AccountShareDto> Handle(AcceptAccountShareByIdCommand request, CancellationToken cancellationToken)
+    {
+        var share = await _accountShareRepository.GetByIdAsync(request.ShareId);
+        if (share == null)
+            throw new ArgumentException($"Share with ID {request.ShareId} not found.");
+
+        // Validate the share belongs to this user
+        if (share.SharedWithUserId != request.UserId)
+            throw new UnauthorizedAccessException("This invitation was not sent to you.");
+
+        // Validate not expired
+        if (share.InvitationExpiresAt.HasValue && share.InvitationExpiresAt.Value < DateTimeProvider.UtcNow)
+            throw new InvalidOperationException("This invitation has expired.");
+
+        // Validate status is Pending
+        if (share.Status != AccountShareStatus.Pending)
+            throw new InvalidOperationException($"This invitation cannot be accepted because its status is '{share.Status}'.");
+
+        // Accept the share
+        share.Status = AccountShareStatus.Accepted;
+        share.InvitationToken = null;
+        share.UpdatedAt = DateTimeProvider.UtcNow;
+
+        await _accountShareRepository.UpdateAsync(share);
+
+        return new AccountShareDto
+        {
+            Id = share.Id,
+            AccountId = share.AccountId,
+            AccountName = share.Account.Name,
+            SharedWithUserId = share.SharedWithUserId,
+            SharedWithUserEmail = share.SharedWithUser.Email,
+            SharedWithUserName = share.SharedWithUser.FullName,
+            Role = share.Role,
+            Status = share.Status,
+            CreatedAt = share.CreatedAt
+        };
+    }
+}

src/Core/MyMascada.Application/Features/AccountSharing/Commands/DeclineAccountShareByIdCommand.cs

@@ -0,0 +1,53 @@
+using MediatR;
+using MyMascada.Application.Common.Interfaces;
+using MyMascada.Domain.Common;
+using MyMascada.Domain.Enums;
+
+namespace MyMascada.Application.Features.AccountSharing.Commands;
+
+/// <summary>
+/// Command to decline a pending account share invitation by share ID (for in-app use).
+/// </summary>
+public class DeclineAccountShareByIdCommand : IRequest<Unit>
+{
+    public int ShareId { get; set; }
+    public Guid UserId { get; set; }
+}
+
+public class DeclineAccountShareByIdCommandHandler : IRequestHandler<DeclineAccountShareByIdCommand, Unit>
+{
+    private readonly IAccountShareRepository _accountShareRepository;
+
+    public DeclineAccountShareByIdCommandHandler(IAccountShareRepository accountShareRepository)
+    {
+        _accountShareRepository = accountShareRepository;
+    }
+
+    public async Task<Unit> Handle(DeclineAccountShareByIdCommand request, CancellationToken cancellationToken)
+    {
+        var share = await _accountShareRepository.GetByIdAsync(request.ShareId);
+        if (share == null)
+            throw new ArgumentException($"Share with ID {request.ShareId} not found.");
+
+        // Validate the share belongs to this user
+        if (share.SharedWithUserId != request.UserId)
+            throw new UnauthorizedAccessException("This invitation was not sent to you.");
+
+        // Validate not expired
+        if (share.InvitationExpiresAt.HasValue && share.InvitationExpiresAt.Value < DateTimeProvider.UtcNow)
+            throw new InvalidOperationException("This invitation has expired.");
+
+        // Validate status is Pending
+        if (share.Status != AccountShareStatus.Pending)
+            throw new InvalidOperationException($"This invitation cannot be declined because its status is '{share.Status}'.");
+
+        // Decline the share
+        share.Status = AccountShareStatus.Declined;
+        share.InvitationToken = null;
+        share.UpdatedAt = DateTimeProvider.UtcNow;
+
+        await _accountShareRepository.UpdateAsync(share);
+
+        return Unit.Value;
+    }
+}

src/Core/MyMascada.Application/Features/AccountSharing/Validators/AcceptAccountShareByIdCommandValidator.cs

@@ -0,0 +1,18 @@
+using FluentValidation;
+using MyMascada.Application.Features.AccountSharing.Commands;
+
+namespace MyMascada.Application.Features.AccountSharing.Validators;
+
+public class AcceptAccountShareByIdCommandValidator : AbstractValidator<AcceptAccountShareByIdCommand>
+{
+    public AcceptAccountShareByIdCommandValidator()
+    {
+        RuleFor(x => x.UserId)
+            .NotEmpty()
+            .WithMessage("User ID is required");
+
+        RuleFor(x => x.ShareId)
+            .GreaterThan(0)
+            .WithMessage("Share ID must be greater than 0");
+    }
+}

src/Core/MyMascada.Application/Features/AccountSharing/Validators/DeclineAccountShareByIdCommandValidator.cs

@@ -0,0 +1,18 @@
+using FluentValidation;
+using MyMascada.Application.Features.AccountSharing.Commands;
+
+namespace MyMascada.Application.Features.AccountSharing.Validators;
+
+public class DeclineAccountShareByIdCommandValidator : AbstractValidator<DeclineAccountShareByIdCommand>
+{
+    public DeclineAccountShareByIdCommandValidator()
+    {
+        RuleFor(x => x.UserId)
+            .NotEmpty()
+            .WithMessage("User ID is required");
+
+        RuleFor(x => x.ShareId)
+            .GreaterThan(0)
+            .WithMessage("Share ID must be greater than 0");
+    }
+}