Update verified email

[themxp]

and also I added logic to check for duplicate email, so, users will not be able to add existing emails

look like I lost my local change, I will re-work for this feature, sorry btw
#616

[vercel]

@mxp96 is attempting to deploy a commit to the Southclaws Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

📝 Walkthrough

Walkthrough

Backend email removal service enhanced with account querier and authentication repository dependencies to validate last verified email and OAuth presence before deletion. Frontend email settings component updated to provide undo capability for email deletion operations.

Changes

Cohort / File(s)	Summary
Backend Service Enhancement app/services/account/account_email/account_email.go	Manager constructor extended to accept account querier and authentication repository dependencies. Remove logic enhanced with pre-deletion validation: fetches account details, checks authentication methods, verifies last verified email conditions and OAuth presence, performs permission checks, then proceeds with removal and publishes account update event. New imports added: fmsg, ftag, lo.
Frontend UI Update web/src/components/settings/EmailSettings/EmailCard.tsx	Email deletion wrapped with undo capability via withUndo from @/lib/thread/undo. Removes previous promiseToast configuration. Updates mutation cleanup handler from async method to async property function.

Sequence Diagram

sequenceDiagram
    participant User
    participant UI as EmailCard UI
    participant Service as Email Manager
    participant AccountQ as Account Querier
    participant AuthRepo as Auth Repository
    participant Bus as Event Bus

    User->>UI: Request delete email
    UI->>Service: Remove email (with validation)
    Service->>AccountQ: Fetch account details
    AccountQ-->>Service: Account data
    Service->>AuthRepo: Get all auth methods
    AuthRepo-->>Service: Auth methods
    Service->>Service: Check: Last verified email?
    alt Has OAuth method
        Service->>Service: Cannot delete last verified
        Service-->>UI: Permission denied
        UI->>UI: Show undo option
    else No OAuth method
        Service->>Service: Proceed with removal
        Service->>Service: Delete email
        Service->>Bus: Publish account update
        Bus-->>UI: Update confirmed
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Areas requiring extra attention:

• Validation logic in the enhanced Remove method, particularly the OAuth and last-verified-email checks
• Dependencies initialization in the constructor and their proper injection
• Event publishing mechanism and account update event structure
• Undo implementation correctness and state management in the React component

Poem

🐰 Hop hop, emails now safer still,
With undo powers and validation's thrill!
Verify before the delete bell rings,
Last verified treasures get guardian wings! ✨

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Description check	⚠️ Warning	The PR description mentions adding duplicate email check logic, but the actual changes focus on email removal validation with OAuth checks and undo functionality. The description does not accurately reflect the changeset.	Update the description to accurately reflect the changes: enhanced email removal validation, OAuth presence checks, and undo capability for deletions. Remove mention of duplicate email checking if not implemented.
Title check	❓ Inconclusive	The title 'Update verified email' is vague and does not accurately reflect the main changes, which involve adding validation and undo functionality to email removal.	Consider a more specific title such as 'Add validation and undo capability for email removal' to better describe the actual changeset.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 990c11d and aec9a2c.

⛔ Files ignored due to path filters (2)

• .yarn/releases/yarn-4.10.3.cjs is excluded by !**/.yarn/**
• package.json is excluded by !**/*.json

📒 Files selected for processing (2)

• app/services/account/account_email/account_email.go (3 hunks)
• web/src/components/settings/EmailSettings/EmailCard.tsx (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

app/services/**/*.go

📄 CodeRabbit inference engine (CLAUDE.md)

Go app/services must NEVER import from transports (may import resources and other services)

Files:

• app/services/account/account_email/account_email.go

🧠 Learnings (1)

📚 Learning: 2025-09-04T20:11:11.162Z

Learnt from: CR
Repo: Southclaws/storyden PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-04T20:11:11.162Z
Learning: Applies to app/transports/**/*.go : Go app/transports may import from services and resources (no reverse dependencies)

Applied to files:

• app/services/account/account_email/account_email.go

🧬 Code graph analysis (2)

web/src/components/settings/EmailSettings/EmailCard.tsx (1)

web/src/lib/thread/undo.ts (1)

• withUndo (11-42)

app/services/account/account_email/account_email.go (4)

app/resources/account/authentication/repo.go (1)

• Repository (10-35)

app/resources/account/account_querier/account_querier.go (2)

• Querier (23-26)
• New (28-30)

app/resources/account/authentication/authentication_enum_gen.go (3)

• ServiceOAuthDiscord (91-91)
• ServiceOAuthGitHub (90-90)
• ServiceOAuthGoogle (89-89)

app/resources/account/email.go (1)

• EmailAddress (9-13)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Show the toast as “pending” until accountEmailRemove completes.

withUndo now fires “Email address deleted” immediately, but the actual accountEmailRemove(email.id) call only runs after the undo window closes. When the new backend validation (e.g., “can’t delete last verified email without OAuth”) kicks in, we’ll spend five seconds telling the user the delete succeeded before bubbling the failure. Please either delay the success toast until accountEmailRemove resolves, or change this toast copy to a neutral “Deletion scheduled – undo?” and trigger the real success message once the API call finishes, so the UX stays truthful to the outcome.

🤖 Prompt for AI Agents

In web/src/components/settings/EmailSettings/EmailCard.tsx around lines 31-39,
the current withUndo call immediately shows a success “Email address deleted”
toast even though accountEmailRemove(email.id) runs only after the undo window;
change the UX so the toast is neutral/pending and only show a final success or
failure after accountEmailRemove completes. Concretely: change the initial
message to something like “Deletion scheduled — undo?” (neutral/pending), keep
the undo window behavior, then inside the action await
accountEmailRemove(email.id) and after it resolves fire a success toast (or on
error fire a failure toast); ensure onUndo still cancels without showing success
and reuse or pass the same toastId when updating/replacing the pending toast so
the user sees the final outcome in place.

[Southclaws]

Since OAuth providers are 1. dynamic (they may be enabled/disabled) and 2. a growing list over time (we'll add more) it's best not to mention specific auth methods in the error, instead use more generic language like:

You cannot delete your only verified email. Please add another verified email address first.

[Southclaws]

I don't think this logic should rely on OAuth providers specifically, just emails added to the account. Unless there's something I've missed with the intention here.