From ca765f5645ffc2094b74308c48dd389ed745c33d Mon Sep 17 00:00:00 2001
From: gabrieljablonski <contact@gabrieljablonski.com>
Date: Fri, 3 Apr 2026 13:43:49 -0300
Subject: [PATCH] fix(mailer): update enterprise Devise template and fix HTML
 escaping in email translations

- Add i18n to enterprise confirmation_instructions.html.erb (SAML/SSO support)
- Add SSO-specific translation keys (en + pt_BR)
- Use raw output (<%==) in Devise ERB templates to prevent apostrophe HTML-encoding
---
 .../mailer/confirmation_instructions.html.erb | 10 +++----
 .../devise/mailer/password_change.html.erb    |  4 +--
 .../reset_password_instructions.html.erb      | 10 +++----
 .../mailer/unlock_instructions.html.erb       |  6 ++---
 config/locales/en.yml                         |  4 +++
 config/locales/pt_BR.yml                      |  4 +++
 .../mailer/confirmation_instructions.html.erb | 27 ++++++++++---------
 7 files changed, 37 insertions(+), 28 deletions(-)

diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb
index b7210f3bc..c58d6be42 100644
--- a/app/views/devise/mailer/confirmation_instructions.html.erb
+++ b/app/views/devise/mailer/confirmation_instructions.html.erb
@@ -1,21 +1,21 @@
-<p><%= t('mailer.common.hi', name: @resource.name) %>,</p>
+<p><%== t('mailer.common.hi', name: @resource.name) %>,</p>
 
 <% account_user = @resource&.account_users&.first %>
 <% brand_name = global_config['BRAND_NAME'] || 'Chatwoot' %>
 
 <% if account_user&.inviter.present? && @resource.unconfirmed_email.blank? %>
-  <p><%= t('mailer.devise.confirmation_instructions.invited', inviter_name: account_user.inviter.name, account_name: account_user.account.name, brand_name: brand_name) %></p>
+  <p><%== t('mailer.devise.confirmation_instructions.invited', inviter_name: account_user.inviter.name, account_name: account_user.account.name, brand_name: brand_name) %></p>
 <% end %>
 
 <% if @resource.confirmed? %>
-  <p><%= t('mailer.devise.confirmation_instructions.login_message', brand_name: brand_name) %></p>
+  <p><%== t('mailer.devise.confirmation_instructions.login_message', brand_name: brand_name) %></p>
 <% else %>
   <% if account_user&.inviter.blank? %>
   <p>
-    <%= t('mailer.devise.confirmation_instructions.welcome', brand_name: brand_name) %>
+    <%== t('mailer.devise.confirmation_instructions.welcome', brand_name: brand_name) %>
   </p>
   <% end %>
-  <p><%= t('mailer.devise.confirmation_instructions.activate') %></p>
+  <p><%== t('mailer.devise.confirmation_instructions.activate') %></p>
 <% end %>
 
 
diff --git a/app/views/devise/mailer/password_change.html.erb b/app/views/devise/mailer/password_change.html.erb
index 79b2b0fa3..c00d198b0 100644
--- a/app/views/devise/mailer/password_change.html.erb
+++ b/app/views/devise/mailer/password_change.html.erb
@@ -1,3 +1,3 @@
-<p><%= t('mailer.devise.password_change.greeting', name: @resource.name) %></p>
+<p><%== t('mailer.devise.password_change.greeting', name: @resource.name) %></p>
 
-<p><%= t('mailer.devise.password_change.body') %></p>
+<p><%== t('mailer.devise.password_change.body') %></p>
diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb
index 67a20fea7..35a187364 100644
--- a/app/views/devise/mailer/reset_password_instructions.html.erb
+++ b/app/views/devise/mailer/reset_password_instructions.html.erb
@@ -1,10 +1,10 @@
-<p><%= t('mailer.devise.reset_password_instructions.greeting', name: @resource.name) %></p>
+<p><%== t('mailer.devise.reset_password_instructions.greeting', name: @resource.name) %></p>
 
-<p><%= t('mailer.devise.reset_password_instructions.body') %></p>
+<p><%== t('mailer.devise.reset_password_instructions.body') %></p>
 
 <p><%= link_to t('mailer.devise.reset_password_instructions.action'), frontend_url('auth/password/edit', reset_password_token: @token) %></p>
 
-<p style="color: #999999; font-size: 12px;"><%= t('mailer.devise.reset_password_instructions.copy_paste') %> <%= frontend_url('auth/password/edit', reset_password_token: @token) %></p>
+<p style="color: #999999; font-size: 12px;"><%== t('mailer.devise.reset_password_instructions.copy_paste') %> <%= frontend_url('auth/password/edit', reset_password_token: @token) %></p>
 
-<p><%= t('mailer.devise.reset_password_instructions.ignore') %></p>
-<p><%= t('mailer.devise.reset_password_instructions.no_change') %></p>
+<p><%== t('mailer.devise.reset_password_instructions.ignore') %></p>
+<p><%== t('mailer.devise.reset_password_instructions.no_change') %></p>
diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb
index 55d7ef259..8c21349f6 100644
--- a/app/views/devise/mailer/unlock_instructions.html.erb
+++ b/app/views/devise/mailer/unlock_instructions.html.erb
@@ -1,7 +1,7 @@
-<p><%= t('mailer.devise.unlock_instructions.greeting', name: @resource.name) %></p>
+<p><%== t('mailer.devise.unlock_instructions.greeting', name: @resource.name) %></p>
 
-<p><%= t('mailer.devise.unlock_instructions.body') %></p>
+<p><%== t('mailer.devise.unlock_instructions.body') %></p>
 
-<p><%= t('mailer.devise.unlock_instructions.action_prompt') %></p>
+<p><%== t('mailer.devise.unlock_instructions.action_prompt') %></p>
 
 <p><%= link_to t('mailer.devise.unlock_instructions.unlock_account'), unlock_url(@resource, unlock_token: @token) %></p>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 33ba949cd..37bcb929b 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -706,6 +706,10 @@ en:
         activate: "Please take a moment and click the link below and activate your account."
         confirm_account: "Confirm my account"
         login_account: "Login to my account"
+        invited_sso: "%{inviter_name}, with %{account_name}, has invited you to access %{brand_name} via Single Sign-On (SSO)."
+        sso_no_password: "Your organization uses SSO for secure authentication. You will not need a password to access your account."
+        sso_login: "You can now access your account by logging in through your organization's SSO portal."
+        sso_access: "You can access your account by logging in through your organization's SSO portal."
       reset_password_instructions:
         greeting: "Hello %{name}!"
         body: "Someone has requested a link to change your password. You can do this through the link below."
diff --git a/config/locales/pt_BR.yml b/config/locales/pt_BR.yml
index 9fa61a1b8..50cff0fa2 100644
--- a/config/locales/pt_BR.yml
+++ b/config/locales/pt_BR.yml
@@ -687,6 +687,10 @@ pt_BR:
         activate: "Reserve um momento e clique no link abaixo para ativar sua conta."
         confirm_account: "Confirmar minha conta"
         login_account: "Acessar minha conta"
+        invited_sso: "%{inviter_name}, de %{account_name}, convidou você para acessar o %{brand_name} via Single Sign-On (SSO)."
+        sso_no_password: "Sua organização utiliza SSO para autenticação segura. Você não precisará de uma senha para acessar sua conta."
+        sso_login: "Agora você pode acessar sua conta fazendo login pelo portal SSO da sua organização."
+        sso_access: "Você pode acessar sua conta fazendo login pelo portal SSO da sua organização."
       reset_password_instructions:
         greeting: "Olá %{name}!"
         body: "Alguém solicitou um link para alterar sua senha. Você pode fazer isso através do link abaixo."
diff --git a/enterprise/app/views/devise/mailer/confirmation_instructions.html.erb b/enterprise/app/views/devise/mailer/confirmation_instructions.html.erb
index 91837f980..90d860e31 100644
--- a/enterprise/app/views/devise/mailer/confirmation_instructions.html.erb
+++ b/enterprise/app/views/devise/mailer/confirmation_instructions.html.erb
@@ -1,45 +1,46 @@
-<p>Hi <%= @resource.name %>,</p>
+<p><%== t('mailer.common.hi', name: @resource.name) %>,</p>
 
 <% account_user = @resource&.account_users&.first %>
 <% is_saml_account = account_user&.account&.saml_enabled? %>
+<% brand_name = global_config['BRAND_NAME'] || 'Chatwoot' %>
 
 <% if account_user&.inviter.present? && @resource.unconfirmed_email.blank? %>
   <% if is_saml_account %>
-    <p><%= account_user.inviter.name %>, with <%= account_user.account.name %>, has invited you to access <%= global_config['BRAND_NAME'] || 'Chatwoot' %> via Single Sign-On (SSO).</p>
-    <p>Your organization uses SSO for secure authentication. You will not need a password to access your account.</p>
+    <p><%== t('mailer.devise.confirmation_instructions.invited_sso', inviter_name: account_user.inviter.name, account_name: account_user.account.name, brand_name: brand_name) %></p>
+    <p><%== t('mailer.devise.confirmation_instructions.sso_no_password') %></p>
   <% else %>
-    <p><%= account_user.inviter.name %>, with <%= account_user.account.name %>, has invited you to try out <%= global_config['BRAND_NAME'] || 'Chatwoot' %>.</p>
+    <p><%== t('mailer.devise.confirmation_instructions.invited', inviter_name: account_user.inviter.name, account_name: account_user.account.name, brand_name: brand_name) %></p>
   <% end %>
 <% end %>
 
 <% if @resource.confirmed? %>
-  <p>You can login to your <%= global_config['BRAND_NAME'] || 'Chatwoot' %> account through the link below:</p>
+  <p><%== t('mailer.devise.confirmation_instructions.login_message', brand_name: brand_name) %></p>
 <% else %>
   <% if account_user&.inviter.blank? %>
   <p>
-    Welcome to <%= global_config['BRAND_NAME'] || 'Chatwoot' %>! We have a suite of powerful tools ready for you to explore. Before that we quickly need to verify your email address to know it's really you.
+    <%== t('mailer.devise.confirmation_instructions.welcome', brand_name: brand_name) %>
   </p>
   <% end %>
   <% unless is_saml_account %>
-  <p>Please take a moment and click the link below and activate your account.</p>
+  <p><%== t('mailer.devise.confirmation_instructions.activate') %></p>
   <% end %>
 <% end %>
 
 
 <% if @resource.unconfirmed_email.present? %>
-  <p><%= link_to 'Confirm my account', frontend_url('auth/confirmation', confirmation_token: @token) %></p>
+  <p><%= link_to t('mailer.devise.confirmation_instructions.confirm_account'), frontend_url('auth/confirmation', confirmation_token: @token) %></p>
 <% elsif @resource.confirmed? %>
   <% if is_saml_account %>
-    <p>You can now access your account by logging in through your organization's SSO portal.</p>
+    <p><%== t('mailer.devise.confirmation_instructions.sso_login') %></p>
   <% else %>
-    <p><%= link_to 'Login to my account', frontend_url('auth/sign_in') %></p>
+    <p><%= link_to t('mailer.devise.confirmation_instructions.login_account'), frontend_url('auth/sign_in') %></p>
   <% end %>
 <% elsif account_user&.inviter.present? %>
   <% if is_saml_account %>
-    <p>You can access your account by logging in through your organization's SSO portal.</p>
+    <p><%== t('mailer.devise.confirmation_instructions.sso_access') %></p>
   <% else %>
-    <p><%= link_to 'Confirm my account', frontend_url('auth/password/edit', reset_password_token: @resource.send(:set_reset_password_token)) %></p>
+    <p><%= link_to t('mailer.devise.confirmation_instructions.confirm_account'), frontend_url('auth/password/edit', reset_password_token: @resource.send(:set_reset_password_token)) %></p>
   <% end %>
 <% else %>
-  <p><%= link_to 'Confirm my account', frontend_url('auth/confirmation', confirmation_token: @token) %></p>
+  <p><%= link_to t('mailer.devise.confirmation_instructions.confirm_account'), frontend_url('auth/confirmation', confirmation_token: @token) %></p>
 <% end %>