Bulletdev
diff --git a/‎app/mailers/application_mailer.rb‎
Lines changed: 7 additions & 0 deletions b/‎app/mailers/application_mailer.rb‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎app/mailers/player_mailer.rb‎
Lines changed: 23 additions & 0 deletions b/‎app/mailers/player_mailer.rb‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎app/mailers/user_mailer.rb‎
Lines changed: 23 additions & 20 deletions b/‎app/mailers/user_mailer.rb‎
Lines changed: 23 additions & 20 deletions
diff --git a/‎app/models/concerns/constants.rb‎
Lines changed: 9 additions & 0 deletions b/‎app/models/concerns/constants.rb‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎app/models/password_reset_token.rb‎
Lines changed: 13 additions & 2 deletions b/‎app/models/password_reset_token.rb‎
Lines changed: 13 additions & 2 deletions
diff --git a/‎app/models/user.rb‎
Lines changed: 1 addition & 0 deletions b/‎app/models/user.rb‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎app/modules/authentication/controllers/auth_controller.rb‎
Lines changed: 83 additions & 37 deletions b/‎app/modules/authentication/controllers/auth_controller.rb‎
Lines changed: 83 additions & 37 deletions
diff --git a/‎app/modules/players/models/player.rb‎
Lines changed: 3 additions & 3 deletions b/‎app/modules/players/models/player.rb‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎app/views/contact_mailer/new_message.html.erb‎
Lines changed: 23 additions & 11 deletions b/‎app/views/contact_mailer/new_message.html.erb‎
Lines changed: 23 additions & 11 deletions
@@ -3,4 +3,11 @@
 class ApplicationMailer < ActionMailer::Base
   default from: ENV.fetch('MAILER_FROM_EMAIL', 'noreply@prostaff.gg')
   layout 'mailer'
+
+  private
+
+  def frontend_url_for(record)
+    source = record.source_app.presence || 'prostaff'
+    Constants::SOURCE_APP_URLS.fetch(source, ENV.fetch('PROSTAFF_URL', 'https://prostaff.gg'))
+  end
 end
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+class PlayerMailer < ApplicationMailer
+  def password_reset(player, reset_token, frontend_url_override = nil)
+    @player = player
+    base = frontend_url_override || frontend_url_for(player)
+    parsed_uri = URI.parse(base)
+    unless parsed_uri.is_a?(URI::HTTP)
+      raise ArgumentError, "Frontend URL must use http or https (got: #{parsed_uri.scheme.inspect})"
+    end
+
+    @reset_url = "#{base}/reset-password?token=#{reset_token.token}"
+    @expires_in = ((reset_token.expires_at - Time.current) / 60).to_i
+
+    mail(to: @player.player_email, subject: 'Redefinicao de senha - ArenaBR')
+  end
+
+  def password_reset_confirmation(player)
+    @player = player
+    @frontend_url = frontend_url_for(player)
+    mail(to: @player.player_email, subject: 'Senha redefinida com sucesso - ArenaBR')
+  end
+end
@@ -1,39 +1,42 @@
 # frozen_string_literal: true
 
 class UserMailer < ApplicationMailer
-  def password_reset(user, reset_token)
+  def password_reset(user, reset_token, frontend_url_override = nil)
     @user = user
-    @reset_token = reset_token
-    frontend_url = ENV.fetch('FRONTEND_URL', 'http://localhost:3000')
-    parsed_uri = URI.parse(frontend_url)
+    base = frontend_url_override || frontend_url_for(user)
+    parsed_uri = URI.parse(base)
     unless parsed_uri.is_a?(URI::HTTP)
-      raise ArgumentError, "FRONTEND_URL must use http or https scheme (got: #{parsed_uri.scheme.inspect})"
+      raise ArgumentError, "Frontend URL must use http or https (got: #{parsed_uri.scheme.inspect})"
     end
 
-    @reset_url = "#{frontend_url}/reset-password?token=#{reset_token.token}"
-    @expires_in = ((reset_token.expires_at - Time.current) / 60).to_i # minutes
+    @reset_url = "#{base}/reset-password?token=#{reset_token.token}"
+    @expires_in = ((reset_token.expires_at - Time.current) / 60).to_i
 
-    mail(
-      to: @user.email,
-      subject: 'Password Reset Request - ProStaff'
-    )
+    mail(to: @user.email, subject: 'Redefinicao de senha - ProStaff')
   end
 
   def password_reset_confirmation(user)
     @user = user
-
-    mail(
-      to: @user.email,
-      subject: 'Password Successfully Reset - ProStaff'
-    )
+    @frontend_url = frontend_url_for(user)
+    mail(to: @user.email, subject: 'Senha redefinida com sucesso - ProStaff')
   end
 
   def welcome(user)
     @user = user
+    @frontend_url = frontend_url_for(user)
+    mail(to: @user.email, subject: "Bem-vindo ao ProStaff, #{user.full_name}!")
+  end
+
+  def trial_expired(user)
+    @user = user
+    @organization = user.organization
+    mail(to: @user.email, subject: 'Seu periodo de teste ProStaff encerrou')
+  end
 
-    mail(
-      to: @user.email,
-      subject: 'Welcome to ProStaff!'
-    )
+  def trial_expiring_soon(user, days_remaining)
+    @user = user
+    @organization = user.organization
+    @days_remaining = days_remaining
+    mail(to: @user.email, subject: "Seu teste ProStaff expira em #{days_remaining} dia(s)")
   end
 end
@@ -25,6 +25,15 @@ module Organization
     }.freeze
   end
 
+  # Source application — identifies which frontend originated the record
+  SOURCE_APPS = %w[prostaff scrims arena_br].freeze
+
+  SOURCE_APP_URLS = {
+    'prostaff' => ENV.fetch('PROSTAFF_URL', 'https://prostaff.gg'),
+    'scrims'   => ENV.fetch('SCRIMS_URL', 'https://scrims.lol'),
+    'arena_br' => ENV.fetch('ARENA_BR_URL', 'https://arena-br.vercel.app')
+  }.freeze
+
   # User roles
   module User
     ROLES = %w[owner admin coach analyst viewer].freeze
 
@@ -1,11 +1,14 @@
 # frozen_string_literal: true
 
-# Secure, single-use expiring token for user password reset flows.
+# Secure, single-use expiring token for password reset flows.
+# Supports both User (staff) and Player (ArenaBR) via polymorphic owner.
 class PasswordResetToken < ApplicationRecord
-  belongs_to :user
+  belongs_to :user, optional: true
+  belongs_to :player, optional: true
 
   validates :token, presence: true, uniqueness: true
   validates :expires_at, presence: true
+  validate :owner_present
 
   scope :valid, -> { where('expires_at > ? AND used_at IS NULL', Time.current) }
   scope :expired, -> { where('expires_at <= ?', Time.current) }
@@ -14,6 +17,10 @@ class PasswordResetToken < ApplicationRecord
   before_validation :generate_token, on: :create
   before_validation :set_expiration, on: :create
 
+  def owner
+    user || player
+  end
+
   def mark_as_used!
     update!(used_at: Time.current)
   end
@@ -40,6 +47,10 @@ def self.cleanup_old_tokens
 
   private
 
+  def owner_present
+    errors.add(:base, 'must belong to a user or a player') if user_id.nil? && player_id.nil?
+  end
+
   def generate_token
     self.token ||= self.class.generate_secure_token
   end
 
@@ -25,6 +25,7 @@ class User < ApplicationRecord
   validates :email, presence: true, uniqueness: true, format: { with: URI::MailTo::EMAIL_REGEXP }
   validates :full_name, presence: true, length: { maximum: 255 }
   validates :role, presence: true, inclusion: { in: Constants::User::ROLES }
+  validates :source_app, inclusion: { in: Constants::SOURCE_APPS }
   validates :timezone, length: { maximum: 100 }
   validates :language, length: { maximum: 10 }
   validates :discord_user_id,
 
@@ -321,25 +321,13 @@ def forgot_password
           )
         end
 
-        user = User.find_by(email: email)
+        user = User.unscoped.find_by(email: email)
+        player = Player.find_by(player_email: email) unless user
 
         if user
-          reset_token = user.password_reset_tokens.create!(
-            ip_address: request.remote_ip,
-            user_agent: request.user_agent
-          )
-
-          deliver_email(UserMailer.password_reset(user, reset_token))
-
-          AuditLog.create!(
-            organization: user.organization,
-            user: user,
-            action: 'password_reset_requested',
-            entity_type: 'User',
-            entity_id: user.id,
-            ip_address: request.remote_ip,
-            user_agent: request.user_agent
-          )
+          handle_user_password_reset(user)
+        elsif player
+          handle_player_password_reset(player)
         end
 
         render_success(
@@ -382,24 +370,11 @@ def reset_password
 
         reset_token = PasswordResetToken.valid.find_by(token: token)
 
-        if reset_token
-          user = reset_token.user
-          user.update!(password: new_password)
-
-          reset_token.mark_as_used!
-
-          deliver_email(UserMailer.password_reset_confirmation(user))
-
-          AuditLog.create!(
-            organization: user.organization,
-            user: user,
-            action: 'password_reset_completed',
-            entity_type: 'User',
-            entity_id: user.id,
-            ip_address: request.remote_ip,
-            user_agent: request.user_agent
-          )
-
+        if reset_token&.user
+          complete_user_password_reset(reset_token, new_password)
+          render_success({}, message: 'Password reset successful')
+        elsif reset_token&.player
+          complete_player_password_reset(reset_token, new_password)
           render_success({}, message: 'Password reset successful')
         else
           render_error(
@@ -442,7 +417,8 @@ def create_organization!
       def create_user!(organization)
         User.create!(user_params.merge(
                        organization: organization,
-                       role: 'owner' # First user is always the owner
+                       role: 'owner',
+                       source_app: source_app_from_origin
                      ))
       end
 
@@ -534,7 +510,8 @@ def build_free_agent_player(player_email, summoner_name, password, discord)
           discord_user_id: discord.presence,
           player_access_enabled: true,
           status: 'active',
-          role: 'top'
+          role: 'top',
+          source_app: 'arena_br'
           # organization_id intentionally omitted (nil) — free agent
         )
       end
@@ -557,6 +534,75 @@ def serialize_new_free_agent(player)
         }
       end
 
+      def handle_user_password_reset(user)
+        reset_token = user.password_reset_tokens.create!(
+          ip_address: request.remote_ip,
+          user_agent: request.user_agent
+        )
+        frontend_url = frontend_url_from_origin || frontend_base_for(user)
+        deliver_email(UserMailer.password_reset(user, reset_token, frontend_url))
+        AuditLog.create!(
+          organization: user.organization,
+          user: user,
+          action: 'password_reset_requested',
+          entity_type: 'User',
+          entity_id: user.id,
+          ip_address: request.remote_ip,
+          user_agent: request.user_agent
+        )
+      end
+
+      def handle_player_password_reset(player)
+        reset_token = player.password_reset_tokens.create!(
+          ip_address: request.remote_ip,
+          user_agent: request.user_agent
+        )
+        frontend_url = frontend_url_from_origin || frontend_base_for(player)
+        deliver_email(PlayerMailer.password_reset(player, reset_token, frontend_url))
+      end
+
+      def complete_user_password_reset(reset_token, new_password)
+        user = reset_token.user
+        user.update!(password: new_password)
+        reset_token.mark_as_used!
+        deliver_email(UserMailer.password_reset_confirmation(user))
+        AuditLog.create!(
+          organization: user.organization,
+          user: user,
+          action: 'password_reset_completed',
+          entity_type: 'User',
+          entity_id: user.id,
+          ip_address: request.remote_ip,
+          user_agent: request.user_agent
+        )
+      end
+
+      def complete_player_password_reset(reset_token, new_password)
+        player = reset_token.player
+        player.update!(player_password: new_password)
+        reset_token.mark_as_used!
+        deliver_email(PlayerMailer.password_reset_confirmation(player))
+      end
+
+      def source_app_from_origin
+        origin = request.headers['Origin']&.strip&.chomp('/')
+        return 'prostaff' unless origin.present?
+
+        Constants::SOURCE_APP_URLS.find { |_src, url| url.chomp('/') == origin }&.first || 'prostaff'
+      end
+
+      def frontend_url_from_origin
+        origin = request.headers['Origin']&.strip&.chomp('/')
+        return nil unless origin.present?
+
+        Constants::SOURCE_APP_URLS.values.find { |url| url.chomp('/') == origin }
+      end
+
+      def frontend_base_for(record)
+        source = record.source_app.presence || 'prostaff'
+        Constants::SOURCE_APP_URLS.fetch(source, ENV.fetch('PROSTAFF_URL', 'https://prostaff.gg'))
+      end
+
       def authenticate_user!
         email = params[:email]&.downcase&.strip
         password = params[:password]
 
@@ -30,27 +30,27 @@
 # @example Finding active players by role
 #   mid_laners = Player.active.by_role("mid")
 #
-class Player < ApplicationRecord
-  # Concerns
+class Player < ApplicationRecord # rubocop:disable Metrics/ClassLength
   include Constants
   include OrganizationScoped
   include SoftDeletable
   include Searchable
 
   # Associations
-  # optional: true — self-registered free agents (ArenaBR) can exist without an org
   belongs_to :organization, optional: true
   belongs_to :scouted_from, class_name: 'ScoutingTarget', optional: true
   has_many :player_match_stats, dependent: :destroy
   has_many :matches, through: :player_match_stats
   has_many :champion_pools, dependent: :destroy
   has_many :team_goals, dependent: :destroy
   has_many :vod_timestamps, foreign_key: 'target_player_id', dependent: :nullify
+  has_many :password_reset_tokens, dependent: :destroy
 
   # Password authentication for individual player access
   has_secure_password :player_password, validations: false
 
   # Validations
+  validates :source_app, inclusion: { in: Constants::SOURCE_APPS }
   validates :summoner_name, presence: true, length: { maximum: 100 }
   validates :real_name, length: { maximum: 255 }
   validates :role, presence: true, inclusion: { in: Constants::Player::ROLES }
 
@@ -1,15 +1,27 @@
-<h2>New Contact Form Submission</h2>
+<h2 style="margin:0 0 16px 0;font-family:Arial,Helvetica,sans-serif;font-size:22px;color:#1a1a2e;">Nova mensagem de contato</h2>
 
-<p><strong>From:</strong> <%= @name %> &lt;<%= @email %>&gt;</p>
-<p><strong>Subject:</strong> <%= @subject %></p>
+<table cellpadding="0" cellspacing="0" border="0" width="100%" style="margin:0 0 24px 0;background-color:#f9f9f9;border:1px solid #e4e4e4;">
+  <tr>
+    <td style="padding:8px 16px;font-family:Arial,Helvetica,sans-serif;font-size:13px;color:#555555;border-bottom:1px solid #e4e4e4;">
+      <strong style="color:#333333;">De:</strong>&nbsp; <%= @name %> &lt;<%= @email %>&gt;
+    </td>
+  </tr>
+  <tr>
+    <td style="padding:8px 16px;font-family:Arial,Helvetica,sans-serif;font-size:13px;color:#555555;">
+      <strong style="color:#333333;">Assunto:</strong>&nbsp; <%= @subject %>
+    </td>
+  </tr>
+</table>
 
-<hr>
+<table cellpadding="0" cellspacing="0" border="0" width="100%" style="margin:0 0 24px 0;">
+  <tr>
+    <td style="padding:16px;background-color:#f9f9f9;border:1px solid #e4e4e4;font-family:Arial,Helvetica,sans-serif;font-size:14px;color:#333333;line-height:1.7;">
+      <%= simple_format(@message) %>
+    </td>
+  </tr>
+</table>
 
-<p><%= simple_format(@message) %></p>
-
-<hr>
-
-<p style="color: #888; font-size: 12px;">
-  This message was sent via the contact form at prostaff.gg/contact.<br>
-  Reply directly to this email to respond to <%= @name %>.
+<p style="margin:0;font-family:Arial,Helvetica,sans-serif;font-size:12px;color:#888888;">
+  Mensagem enviada via formulario de contato em prostaff.gg/contact.<br>
+  Responda diretamente a este email para responder a <%= @name %>.
 </p>