Fix user login timeout error from bugsnag

[compwron]

fixing issue seen in prod - see discord logs of errors from bugsnag - https://discord.com/channels/1145803216638984284/1145803694835773501/1438204066416164975

Controller: users/passwords#create
Affected user not logged in
App URL: https://casavolunteertracking.org/users/password
Time: Wed Nov 12 2025 10:25 (Central Standard Time)
Environment: production
Message: Net::ReadTimeout with #<TCPSocket:(closed)>
Error URL: https://api.bugsnag.com/projects/5f370b68136a4b0010d15364/events/6914b50d0153e684fb4b0000
Stack:
  File: app/controllers/users/passwords_controller.rb:49

[Copilot]

Pull Request Overview

This PR fixes a production bug where password reset emails timing out with Net::ReadTimeout were causing crashes. The solution implements graceful timeout handling in the password reset flow, adds SMTP timeout configurations, and improves test coverage while fixing spelling errors.

Key changes:

• Added timeout error handling for email sending with fallback token generation for SMS
• Configured 5-second SMTP timeouts in production to prevent indefinite hangs
• Refactored tests to use ActionMailer::Base.deliveries instead of expect_any_instance_of and added comprehensive timeout scenario coverage

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
app/controllers/users/passwords_controller.rb	Added rescue block for Net::ReadTimeout and Net::OpenTimeout in send_password_reset_mail with logging, Bugsnag notification, and fallback token generation; fixed @resource initialization in invalid_phone_number_error
config/environments/production.rb	Added 5-second open_timeout and read_timeout to SMTP settings to prevent indefinite blocking
spec/requests/users/passwords_spec.rb	Fixed "twillio" → "twilio" spelling throughout; refactored email tests from expect_any_instance_of to ActionMailer::Base.deliveries; added comprehensive test coverage for timeout scenarios, phone validation, and password reset edge cases

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This test has a stubbing conflict. The before block at line 146 already stubs send_reset_password_instructions on the user object, but this test adds another expectation with receive on line 169. This second stub will override the first one, preventing send_reset_password_instructions from raising the Net::ReadTimeout exception that this test is supposed to verify handling for.

Consider moving the generate_password_reset_token expectation into the before block and chaining it:

allow(user).to receive(:send_reset_password_instructions).and_raise(Net::ReadTimeout)
allow(user).to receive(:generate_password_reset_token).and_call_original

Or use a separate test setup that doesn't conflict with the shared before block.