Improve email visibility and confirmation handling

Gemfile

@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 
 source "https://rubygems.org"
-
+group :development do
+  gem 'letter_opener'
+end
 ruby "3.3.8"
 gem "rails", "~> 7.2"
-
+gem "paper_trail"
 gem "after_party" # post-deployment tasks
 gem "amazing_print" # easier console reading
 gem "authtrail" # Track Devise login activity

Gemfile.lock

@@ -398,6 +398,9 @@ GEM
     orm_adapter (0.5.0)
     ostruct (0.6.3)
     pagy (9.4.0)
+    paper_trail (17.0.0)
+      activerecord (>= 7.1)
+      request_store (~> 1.4)
     parallel (1.27.0)
     parallel_tests (5.5.0)
       parallel
@@ -744,6 +747,7 @@ DEPENDENCIES
   noticed
   oj
   pagy
+  paper_trail
   parallel_tests
   paranoia
   pdf-forms

app/controllers/users_controller.rb

@@ -1,4 +1,5 @@
 class UsersController < ApplicationController
+  before_action :load_users_not_confirmed , only: :edit
   before_action :get_user
   before_action :authorize_user_with_policy
   before_action :set_active_casa_admins
@@ -51,6 +52,8 @@ def remove_language
     end
   end
 
+
+
   def update_password
     unless valid_user_password
       @user.errors.add(:base, "Current password is incorrect")
@@ -69,23 +72,47 @@ def update_password
     redirect_to edit_users_path
   end
 
+
+
   def update_email
+
     unless valid_user_password
       @user.errors.add(:base, "Current password is incorrect")
       return render "edit", status: :unprocessable_entity
     end
-
+ 
     unless update_user_email
       return render "edit", status: :unprocessable_entity
-    end
+    end 
 
     bypass_sign_in(@user) if @user == true_user
 
-    redirect_to edit_users_path
+    flash.now[:success] = "Your email address has been updated. Click the link sent to your new email to complete the update."
+
+    respond_to do |format|
+      format.turbo_stream do
+      render turbo_stream: turbo_stream.replace("email-confirmed-message", html: flash.now[:success])
+    end
+      format.html
+    end
+
+
+
+
+    UserMailer.email_changed_notification(@user).deliver
+
+
+
   end
 
   private
 
+
+  def load_users_not_confirmed 
+    @users = User.all.where.not(unconfirmed_email:[nil, ""]).pluck(:unconfirmed_email)
+  end
+
+
   def set_language
     @language = Language.find_by(id: params[:id] || params[:language_id])
   end
@@ -119,8 +146,11 @@ def email_params
   end
 
   def update_user_email
-    @user.update({email: email_params[:email]})
-    @user.filter_old_emails!(@user.email)
+    sucess = @user.update({email: email_params[:email]})
+    @user.filter_old_emails!(@user.email) if sucess 
+
+    sucess
+    puts 
   end
 
   def user_params

app/mailers/user_mailer.rb

@@ -5,4 +5,15 @@ def password_changed_reminder(user)
 
     mail(to: @user.email, subject: "CASA Password Changed")
   end
+
+  def email_changed_notification (user)
+    @user = user 
+
+
+    mail(to: @user.email, subject: "Your CASA account's email has been updated to #{@user.email}")
+
+
+  end
+
+
 end

app/models/user.rb

@@ -7,10 +7,12 @@ class User < ApplicationRecord
   include ByOrganizationScope
   include DateHelper
 
+
   before_save :normalize_phone_number
   after_create :skip_email_confirmation_upon_creation
   after_create :create_preference_set
   before_update :record_previous_email
+
 
   validates_with UserValidator
 

app/views/all_casa_admins/edit.html.erb

@@ -2,6 +2,7 @@
   <div class="title mb-30 mt-30">
     <h1>Edit Profile</h1>
   </div>
+
 </div>
 
 <div class="card-style">

app/views/devise/mailer/email_changed.html.erb

@@ -3,5 +3,5 @@
 <% if @resource.try(:unconfirmed_email?) %>
   <p>We're contacting you to notify you that your email is being changed to <%= @resource.unconfirmed_email %>.</p>
 <% else %>
-  <p>We're contacting you to notify you that your email has been changed to <%= @resource.email %>.</p>
+  <p>Your CASA account's email has been updated to <%= @resource.email %>.</p>
 <% end %>

app/views/user_mailer/email_changed_notification.html.erb

@@ -0,0 +1,19 @@
+<meta itemprop="name" content="Password changed reminder" style="font-family: Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+<style>/* Email styles need to be inline */</style>
+<table width="100%" cellpadding="0" cellspacing="0" style="font-family: Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+  <tr style="font-family: Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+    <td class="content-block" style="font-family: Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top">
+      Hello <%= @user.try(:display_name) || @user.email %>
+    </td>
+  </tr>
+  <tr style="font-family: Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+    <td class="content-block" style="font-family: Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top">
+      TESTEEEEEE <%=@user.email%>.
+    </td>
+  </tr>
+  <tr style="font-family: Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+    <td class="content-block" style="font-family: Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top">
+     If you have any questions, please contact a (Name of relevant CASA) CASA administrator for assistance.
+    </td>
+  </tr>
+</table>

app/views/users/edit.html.erb

@@ -4,6 +4,15 @@
       <div class="title mb-30">
         <h1>Edit Profile</h1>
       </div>
+      <div>
+        <p><strong><%= @user.email%>: confirmed</strong> </p>
+      </div>
+      <div>
+        <h5> Old emails: </h5>
+        <% @user.old_emails.each do | user | %> 
+              <p> <%=user%> </p >
+        <% end %>
+      </div>
     </div>
     <div class="col-lg-12">
       <div class="card-style mb-30">
@@ -96,22 +105,30 @@
                   <%= f.submit "Update Password", class: "btn btn-danger submit-password" %>
                 </div>
               <% end %>
-            </div>
+            </div>  
+
+
+
             <div id="collapseTwo" class="collapse" aria-labelledby="headingOne" data-bs-parent="#accordionExample">
               <br>
-              <%= form_with(model: @user, scope: :user, url: {action: "update_email"}, method: :patch) do |f| %>
-                <div class="input-style-1">
-                  <%= f.label :current_password, "Current Password" %><br>
-                  <%= f.password_field :current_password, autocomplete: "off", class: "form-control", id: "current_password_email", required: true %>
+                <%= turbo_frame_tag "form" do %>
+                  <%= form_with(model: @user, scope: :user, url: {action: "update_email"}, method: :patch, data: {turbo_frame: true}) do |f| %>
+                    <div class="input-style-1">
+                      <%= f.label :current_password, "Current Password" %><br>
+                      <%= f.password_field :current_password, autocomplete: "off", class: "form-control", id: "current_password_email", required: true %>
+                    </div>
+                    <div class="input-style-1">
+                      <%= f.label :email, "New Email" %><br>
+                      <%= f.text_field :email, type: "email", class: "form-control email-new", autocomplete: "off", value: nil, required: true %>
+                    </div>
+                    <div class="actions mb-10">
+                      <%= f.submit "Update Email", class: "btn btn-danger submit-email" %>
+                    </div>
+                  <% end %>
+                <% end %>
+                <div id="email-confirmed-message">
                 </div>
-                <div class="input-style-1">
-                  <%= f.label :email, "New Email" %><br>
-                  <%= f.text_field :email, type: "email", class: "form-control email-new", autocomplete: "off", value: nil, required: true %>
-                </div>
-                <div class="actions mb-10">
-                  <%= f.submit "Update Email", class: "btn btn-danger submit-email" %>
-                </div>
-              <% end %>
+
               </div>
             </div>
           </div>

config/environments/development.rb

@@ -12,7 +12,14 @@
   config.eager_load = false
 
   # Show full error reports.
-  config.consider_all_requests_local = true
+ config.action_mailer.perform_deliveries = true
+config.action_mailer.raise_delivery_errors = true
+config.action_mailer.delivery_method = :letter_opener
+
+config.action_mailer.default_url_options = {
+  host: 'localhost',
+  port: 3000
+}
 
   # Enable server timing
   config.server_timing = true

db/migrate/20251225174959_recreate_versions_for_paper_trail.rb

@@ -0,0 +1,17 @@
+class RecreateVersionsForPaperTrail < ActiveRecord::Migration[7.2]
+  TEXT_BYTES = 1_073_741_823
+
+  def change
+    create_table :versions do |t|
+      t.string :item_type, null: false
+      t.bigint :item_id, null: false
+      t.string :event, null: false
+      t.string :whodunnit
+      t.text :object, limit: TEXT_BYTES
+      t.text :object_changes
+      t.datetime :created_at
+    end
+
+    add_index :versions, %i[item_type item_id]
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.2].define(version: 2025_07_02_142004) do
+ActiveRecord::Schema[7.2].define(version: 2025_12_25_174959) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
@@ -669,6 +669,17 @@
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
   end
 
+  create_table "versions", force: :cascade do |t|
+    t.string "item_type", null: false
+    t.bigint "item_id", null: false
+    t.string "event", null: false
+    t.string "whodunnit"
+    t.text "object"
+    t.text "object_changes"
+    t.datetime "created_at"
+    t.index ["item_type", "item_id"], name: "index_versions_on_item_type_and_item_id"
+  end
+
   add_foreign_key "active_storage_attachments", "active_storage_blobs", column: "blob_id"
   add_foreign_key "active_storage_variant_records", "active_storage_blobs", column: "blob_id"
   add_foreign_key "additional_expenses", "case_contacts"