Security Enhancement:
- Server-side validation of email status before allowing verification
- Only allow verifying emails in VerificationPending state
- Show "Action not possible" message for invalid states
- Extract and validate share-id on server side
- Return 404 for invalid share-ids or missing tenant emails
Implementation:
- Convert page.tsx to async server component
- Fetch location and check tenantEmailStatus
- Pass isPending prop to client component
- Add bilingual "not-allowed" translations (same as unsubscribe page)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
db9c57472d