Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/AlexanderDamont1/Stratus/llms.txt

Use this file to discover all available pages before exploring further.

Stratus uses Laravel Breeze for authentication. Every user account goes through a registration and email verification process before accessing the platform. Sensitive actions require additional password confirmation.

Registration

1

Open the registration page

Navigate to /register. The form requires three fields:
  • Name — your display name
  • Email address — must be unique across all accounts
  • Password — stored as a bcrypt hash; never stored in plain text
2

Submit the form

On submission, Stratus creates your account and immediately sends a verification email to the address you provided.
3

Verify your email

Check your inbox for the verification link. Click it to confirm your address. You must complete this step before you can access the dashboard or any protected pages.
If you do not receive the verification email, you can request a new one from the verification notice screen at /verify-email. Resending submits to POST /email/verification-notification. Resend requests are rate-limited to 6 attempts per minute per user.

Login

Once your account is registered, log in at /login using your email address and password. After a successful login, Stratus redirects you to the dashboard (/dashboard).
If you have not yet verified your email, logging in will redirect you to the email verification notice screen rather than the dashboard. The dashboard requires both auth and verified middleware.

Login rate limiting

Login attempts are rate-limited per email address and IP address combination. After 5 failed attempts, further login requests are blocked until the lockout period expires. The remaining wait time is shown in the validation error message.
Rate limiting resets automatically after the lockout period. If you are locked out and need immediate access, contact your system administrator.

Email verification

Email verification is enforced for all routes that require it via the verified middleware. The dashboard is one such route — you cannot reach it with an unverified account.
RouteMiddleware
/dashboardauth, verified
/profileauth
The verification flow works as follows:
1

Verification email is sent

Stratus sends a signed link to your email address immediately after registration.
2

Click the link

The link points to /verify-email/{id}/{hash}. It is signed and validated on the server — forged or tampered links are rejected.
3

Access is granted

Once verified, your account gains access to the dashboard and any other routes protected by the verified middleware.
Verification links are signed. Modifying the URL or sharing it with another account will cause verification to fail.

Password reset

If you forget your password, use the forgot-password flow to set a new one.
1

Request a reset link

Navigate to /forgot-password and enter your email address. Stratus will send a password reset link to that address if an account exists.
2

Open the reset link

Click the link in the email. It points to /reset-password/{token}, where the token is a one-time, time-limited value.
3

Set a new password

Enter and confirm your new password. Stratus hashes and saves it, then redirects you to the login page.
For security, Stratus does not reveal whether an email address exists in the system when you submit the forgot-password form.

Password confirmation

Certain sensitive actions — such as accessing security settings — require you to re-enter your current password before proceeding. This step happens at /confirm-password. Once confirmed, your session records the confirmation so you are not prompted again for a short period.

Changing your password

While logged in, you can change your password from your profile page. The update is handled via PUT /password. Your new password must meet the application’s validation rules and is stored as a bcrypt hash.

Logout

To log out, submit the logout action (typically via the Log out button in the navigation). Stratus invalidates your session and redirects you to the login page. Logout is a POST request to /logout — it cannot be triggered by simply visiting a URL.

Security notes

Passwords are never stored in plain text. Stratus uses Laravel’s default bcrypt hashing via the hashed cast on the User model. The password field and remember_token field are both excluded from any serialized output.
Resending the verification email is throttled to 6 requests per minute per user. This prevents abuse of the email sending endpoint.
Email verification links use Laravel’s signed URL feature. Any modification to the URL — including the id, hash, or signature parameters — causes the request to be rejected with a 403 response.
When a user logs out or deletes their account, Stratus invalidates the current session and regenerates the CSRF token to prevent session fixation attacks.

Profile management

Edit your name, email, or delete your account

Dashboard

What you see after a successful login