Corrected URL encoding in the email template and updated unit tests and documentation

Author: chriscarrollsmith

docs/customization.qmd

@@ -138,6 +138,16 @@ Best practices dictate implementing thorough client-side validation via JavaScri
 
 Server-side validation remains essential as a security measure against malicious requests that bypass client-side validation, but it should rarely be encountered during normal user interaction. See `templates/authentication/register.html` for a client-side form validation example involving both JavaScript and HTML regex `pattern` matching.
 
+#### Email templating
+
+Password reset and other transactional emails are also handled through Jinja2 templates, located in the `templates/emails` directory. The email templates follow the same inheritance pattern as web templates, with `base_email.html` providing the common layout and styling.
+
+Here's how the default password reset email template looks:
+
+![Default Password Reset Email Template](static/reset_email.png)
+
+The email templates use inline CSS styles to ensure consistent rendering across email clients. Like web templates, they can receive context variables from the Python code (such as `reset_url` in the password reset template).
+
 ### Writing type annotated code
 
 Pydantic is used for data validation and serialization. It ensures that the data received in requests meets the expected format and constraints. Pydantic models are used to define the structure of request and response data, making it easy to validate and parse JSON payloads.

docs/static/documentation.txt

@@ -790,6 +790,16 @@ Best practices dictate implementing thorough client-side validation via JavaScri
 
 Server-side validation remains essential as a security measure against malicious requests that bypass client-side validation, but it should rarely be encountered during normal user interaction. See `templates/authentication/register.html` for a client-side form validation example involving both JavaScript and HTML regex `pattern` matching.
 
+#### Email templating
+
+Password reset and other transactional emails are also handled through Jinja2 templates, located in the `templates/emails` directory. The email templates follow the same inheritance pattern as web templates, with `base_email.html` providing the common layout and styling.
+
+Here's how the default password reset email template looks:
+
+![Default Password Reset Email Template](static/reset_email.png)
+
+The email templates use inline CSS styles to ensure consistent rendering across email clients. Like web templates, they can receive context variables from the Python code (such as `reset_url` in the password reset template).
+
 ### Writing type annotated code
 
 Pydantic is used for data validation and serialization. It ensures that the data received in requests meets the expected format and constraints. Pydantic models are used to define the structure of request and response data, making it easy to validate and parse JSON payloads.

docs/static/reset_email.png

@@ -6,6 +6,7 @@
 from unittest.mock import patch
 import resend
 from urllib.parse import urlparse, parse_qs
+from html import unescape
 
 from main import app
 from utils.models import User, PasswordResetToken
@@ -321,12 +322,13 @@ def test_password_reset_email_url(unauth_client: TestClient, session: Session, t
     mock_resend_send.assert_called_once()
     call_args = mock_resend_send.call_args[0][0]
     html_content = call_args["html"]
+    print(html_content)
 
     # Extract URL from HTML
     import re
-    url_match = re.search(r'href=[\'"]([^\'"]*)[\'"]', html_content)
+    url_match = re.search(r'<a[^>]*href=[\'"]([^\'"]*)[\'"]', html_content)
     assert url_match is not None
-    reset_url = url_match.group(1)
+    reset_url = unescape(url_match.group(1))
 
     # Parse and verify the URL
     parsed = urlparse(reset_url)