Add post-donation redirect URL and JWT donation details

[Copilot]

Summary of the problem

Organizations need to redirect donors to custom URLs after donation completion, with optional signed donation details for integration with external systems.

Describe your changes

Database & Models

• Added post_donation_redirect_url (string) and post_donation_include_details (boolean) to event_configurations
• URL validation on redirect field (HTTP/HTTPS only)

JWT Service

• Created DonationJwtService for generating/verifying signed tokens
• Payload includes: donation public ID, donor name (respects anonymous), amount, expiration (1h TTL)
• Signed with Rails.application.secret_key_base using HMAC-SHA256

Controller Updates

• DonationsController#finished checks for redirect URL and conditionally appends JWT as hcb_donation query param
• Permitted new config attributes in EventsController

UI

• Added redirect URL input and include-details toggle to donation settings

Example Flow

# Configuration
event.config.post_donation_redirect_url = "https://example.com/thanks"
event.config.post_donation_include_details = true

# After donation, user redirected to:
# https://example.com/thanks?hcb_donation=eyJhbGc...
# 
# JWT payload:
# {
#   "id": "don_abc123",
#   "name": "John Doe", 
#   "amount": 10000,
#   "exp": 1702843200
# }

Third parties can verify JWT signature to confirm donation authenticity and personalize thank-you pages.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Donations] Add post_donation_redirect_url and post_donation_include_details to event configuration</issue_title>
<issue_description>Add the following to event configuration:

• post_donation_redirect_url
• post_donation_include_details

We'd like to support the following flow:

• A user goes to an organization's donate page
• They fill out the form and donate
• They get redirected to post_donation_redirect_url (if present—otherwise the current system stays)
• On the redirect, if post_donation_include_details is true, add the hcb_donation URL query parameter. It should be a JWT containing the following:
  • ID (the public ID for the donation)
  • Name
  • Amount
• The JWT should be signed to allow third parties to verify it
• These two fields should be configurable in the Donations event settings tab
• Use a switch for the include details configuration

(I'm creating this to assign to Copilot—I won't dedicate any more human cycles until the team agrees on a path forward)</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Donations] Add post_donation_redirect_url and post_donation_include_details to event configuration #12406

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.