Improved alias addition form

Now users can specify display names, and we also properly add an error
when they don't specify a display name when they should

Author: dutow

app/assets/stylesheets/components/form.css

@@ -18,3 +18,61 @@ input {
 input[type=submit], input[type=button] {
   background-color: var(--color-bg-button);
 }
+
+/* Flash messages */
+.flash {
+  padding: var(--spacing-3) var(--spacing-4);
+  margin-bottom: var(--spacing-4);
+  border-radius: var(--border-radius-md);
+  font-size: var(--font-size-base);
+  line-height: var(--line-height-normal);
+  display: flex;
+  align-items: center;
+  gap: var(--spacing-2);
+
+  &::before {
+    font-family: "Font Awesome 6 Free";
+    font-weight: 900;
+    font-size: var(--font-size-md);
+  }
+}
+
+.flash.alert {
+  background-color: var(--color-danger-soft);
+  color: var(--color-danger);
+  border: var(--border-width) solid var(--color-danger);
+
+  &::before {
+    content: "\f071"; /* fa-triangle-exclamation */
+  }
+}
+
+.flash.notice {
+  background-color: var(--color-success-soft);
+  color: var(--color-success);
+  border: var(--border-width) solid var(--color-success);
+
+  &::before {
+    content: "\f00c"; /* fa-check */
+  }
+}
+
+.flash.warning {
+  background-color: var(--color-warning-bg);
+  color: var(--color-warning-text);
+  border: var(--border-width) solid var(--color-warning);
+
+  &::before {
+    content: "\f06a"; /* fa-circle-exclamation */
+  }
+}
+
+.flash.info {
+  background-color: var(--color-info-soft);
+  color: var(--color-info);
+  border: var(--border-width) solid var(--color-info);
+
+  &::before {
+    content: "\f05a"; /* fa-circle-info */
+  }
+}

app/controllers/settings/emails_controller.rb

@@ -4,10 +4,33 @@ module Settings
   class EmailsController < Settings::BaseController
     def create
       email = EmailNormalizer.normalize(params[:email])
+      name = params[:name].presence
+
       if Alias.by_email(email).where.not(user_id: [nil, current_user.id]).exists?
         return redirect_to settings_account_path, alert: 'Email is linked to another account. Delete that account first to release it.'
       end
-      token, raw = UserToken.issue!(purpose: 'add_alias', user: current_user, email: email, ttl: 1.hour)
+
+      existing_in_db = Alias.by_email(email)
+      user_has_verified = current_user.aliases.by_email(email).where.not(verified_at: nil).exists?
+
+      # Case 1: No aliases exist in DB for this email - require a name
+      if !existing_in_db.exists? && name.blank?
+        return redirect_to settings_account_path, alert: 'Please provide a display name for this new email address.'
+      end
+
+      # Case 2: User already has verified alias with this email - require a name to create a new alias
+      if user_has_verified
+        if name.blank?
+          return redirect_to settings_account_path, alert: 'This email is already verified. Please provide a display name to add a new alias.'
+        end
+        person = current_user.person
+        Alias.create!(person: person, user: current_user, name: name, email: email, verified_at: Time.current)
+        return redirect_to settings_account_path, notice: 'Alias added.'
+      end
+
+      # Case 3: Email exists in DB but not associated with user - send verification
+      metadata = { name: name }.to_json if name.present?
+      token, raw = UserToken.issue!(purpose: 'add_alias', user: current_user, email: email, ttl: 1.hour, metadata: metadata)
       UserMailer.verification_email(token, raw).deliver_later
       redirect_to settings_account_path, notice: 'Verification email sent.'
     end

app/controllers/verifications_controller.rb

@@ -88,14 +88,23 @@ def handle_add_alias(token)
       return redirect_to settings_account_path, alert: 'Email is linked to another account. Delete that account first to release it.'
     end
 
+    metadata = JSON.parse(token.metadata || '{}') rescue {}
+    name = metadata['name'].presence
+
     aliases = Alias.by_email(email)
     if aliases.exists?
+      # Associate all existing aliases with this email
       aliases.find_each do |al|
         person.attach_alias!(al, user: user)
         al.update_columns(verified_at: Time.current)
       end
+      # If a name was provided and no existing alias has that name, create a new alias
+      if name.present? && !aliases.where(name: name).exists?
+        Alias.create!(person: person, user: user, name: name, email: email, verified_at: Time.current)
+      end
     else
-      al = Alias.create!(person: person, user: user, name: email, email: email, verified_at: Time.current)
+      # No existing aliases - create new one with provided name
+      al = Alias.create!(person: person, user: user, name: name, email: email, verified_at: Time.current)
       person.update!(default_alias_id: al.id) if person.default_alias_id.nil?
     end
 

app/views/settings/accounts/show.html.slim

@@ -29,14 +29,18 @@
       p No connected accounts yet.
 
   .settings-section
-    h2 Email addresses
+    h2 Add alias
     = form_with url: settings_emails_path, method: :post, local: true, class: "email-form", data: { turbo: false } do |f|
       .form-group
-        = f.label :email, "Add email"
+        = f.label :name, "Display name"
+        = f.text_field :name, placeholder: "Your Name"
+      .form-group
+        = f.label :email, "Email address"
         = f.email_field :email, required: true, placeholder: "user@example.com"
-      = f.submit "Send verification", class: "button-primary"
+      = f.submit "Add email", class: "button-primary"
 
     - if @aliases.any?
+      h2 Aliases
       table.email-table
         thead
           tr

spec/requests/emails_management_spec.rb

@@ -26,7 +26,7 @@ def attach_verified_alias(user, email:, primary: true)
     sign_in(email: 'me@example.com')
 
     perform_enqueued_jobs do
-      post settings_emails_path, params: { email: 'new-address@example.com' }
+      post settings_emails_path, params: { email: 'new-address@example.com', name: 'My New Name' }
       expect(response).to redirect_to(settings_account_path)
     end
 
@@ -38,7 +38,9 @@ def attach_verified_alias(user, email:, primary: true)
     get verification_path(token: raw)
     expect(response).to redirect_to(settings_account_path)
 
-    expect(Alias.by_email('new-address@example.com').where(user_id: user.id)).to exist
+    new_alias = Alias.by_email('new-address@example.com').where(user_id: user.id).first
+    expect(new_alias).to be_present
+    expect(new_alias.name).to eq('My New Name')
 
     post session_path, params: { email: 'new-address@example.com', password: 'secret' }
     expect(response).to redirect_to(root_path)
@@ -104,6 +106,101 @@ def attach_verified_alias(user, email:, primary: true)
     token&.destroy
   end
 
+  it 'requires name when adding a completely new email' do
+    user = create(:user, password: 'secret', password_confirmation: 'secret')
+    attach_verified_alias(user, email: 'me@example.com')
+
+    sign_in(email: 'me@example.com')
+
+    expect {
+      post settings_emails_path, params: { email: 'brand-new@example.com' }
+    }.not_to change { UserToken.count }
+
+    expect(response).to redirect_to(settings_account_path)
+    expect(flash[:alert]).to match(/provide a display name/)
+  end
+
+  it 'requires name when email is already verified by user' do
+    user = create(:user, password: 'secret', password_confirmation: 'secret')
+    attach_verified_alias(user, email: 'me@example.com')
+
+    sign_in(email: 'me@example.com')
+
+    expect {
+      post settings_emails_path, params: { email: 'me@example.com' }
+    }.not_to change { UserToken.count }
+
+    expect(response).to redirect_to(settings_account_path)
+    expect(flash[:alert]).to match(/already verified/)
+  end
+
+  it 'creates alias directly without verification when email is already verified by user' do
+    user = create(:user, password: 'secret', password_confirmation: 'secret')
+    attach_verified_alias(user, email: 'me@example.com')
+
+    sign_in(email: 'me@example.com')
+
+    expect {
+      post settings_emails_path, params: { email: 'me@example.com', name: 'Alternative Name' }
+    }.to change { Alias.by_email('me@example.com').count }.by(1)
+
+    expect(UserToken.count).to eq(0) # No verification token created
+
+    expect(response).to redirect_to(settings_account_path)
+    expect(flash[:notice]).to eq('Alias added.')
+
+    new_alias = Alias.by_email('me@example.com').find_by(name: 'Alternative Name')
+    expect(new_alias).to be_present
+    expect(new_alias.user_id).to eq(user.id)
+    expect(new_alias.verified_at).to be_present
+  end
+
+  it 'creates additional alias with new name when associating existing aliases' do
+    user = create(:user, password: 'secret', password_confirmation: 'secret')
+    attach_verified_alias(user, email: 'me@example.com')
+
+    # Legacy alias for another email
+    create(:alias, email: 'legacy@example.com', name: 'Old Name')
+
+    sign_in(email: 'me@example.com')
+
+    perform_enqueued_jobs do
+      post settings_emails_path, params: { email: 'legacy@example.com', name: 'New Name' }
+      expect(response).to redirect_to(settings_account_path)
+    end
+
+    raw = extract_raw_token_from_mailer
+    get verification_path(token: raw)
+    expect(response).to redirect_to(settings_account_path)
+
+    aliases = Alias.by_email('legacy@example.com').where(user_id: user.id)
+    expect(aliases.count).to eq(2)
+    expect(aliases.pluck(:name)).to contain_exactly('Old Name', 'New Name')
+  end
+
+  it 'does not create duplicate alias when name matches existing' do
+    user = create(:user, password: 'secret', password_confirmation: 'secret')
+    attach_verified_alias(user, email: 'me@example.com')
+
+    # Legacy alias for another email
+    create(:alias, email: 'legacy2@example.com', name: 'Existing Name')
+
+    sign_in(email: 'me@example.com')
+
+    perform_enqueued_jobs do
+      post settings_emails_path, params: { email: 'legacy2@example.com', name: 'Existing Name' }
+      expect(response).to redirect_to(settings_account_path)
+    end
+
+    raw = extract_raw_token_from_mailer
+    get verification_path(token: raw)
+    expect(response).to redirect_to(settings_account_path)
+
+    aliases = Alias.by_email('legacy2@example.com').where(user_id: user.id)
+    expect(aliases.count).to eq(1)
+    expect(aliases.first.name).to eq('Existing Name')
+  end
+
   def extract_raw_token_from_mailer
     mail = ActionMailer::Base.deliveries.last
     expect(mail).to be_present