chore: enable rate limiting by default in helm chart (#5879)

Co-authored-by: Piyush Gupta <piyushguptaa2z123@gmail.com>

.cursor/rules/build-and-deployment.mdc

@@ -0,0 +1,61 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+# Build & Deployment Best Practices
+
+## Build Process
+
+### Running Builds
+- Use `pnpm build` from project root for full build
+- Monitor for React hooks warnings and fix them immediately
+- Ensure all TypeScript errors are resolved before deployment
+
+### Common Build Issues & Fixes
+
+#### React Hooks Warnings
+- Capture ref values in variables within useEffect cleanup
+- Avoid accessing `.current` directly in cleanup functions
+- Pattern for fixing ref cleanup warnings:
+```typescript
+useEffect(() => {
+  const currentRef = myRef.current;
+  return () => {
+    if (currentRef) {
+      currentRef.cleanup();
+    }
+  };
+}, []);
+```
+
+#### Test Failures During Build
+- Ensure all test mocks include required constants like `SESSION_MAX_AGE`
+- Mock Next.js navigation hooks properly: `useParams`, `useRouter`, `useSearchParams`
+- Remove unused imports and constants from test files
+- Use literal values instead of imported constants when the constant isn't actually needed
+
+### Test Execution
+- Run `pnpm test` to execute all tests
+- Use `pnpm test -- --run filename.test.tsx` for specific test files
+- Fix test failures before merging code
+- Ensure 100% test coverage for new components
+
+### Performance Monitoring
+- Monitor build times and optimize if necessary
+- Watch for memory usage during builds
+- Use proper caching strategies for faster rebuilds
+
+### Deployment Checklist
+1. All tests passing
+2. Build completes without warnings
+3. TypeScript compilation successful
+4. No linter errors
+5. Database migrations applied (if any)
+6. Environment variables configured
+
+### EKS Deployment Considerations
+- Ensure latest code is deployed to all pods
+- Monitor AWS RDS Performance Insights for database issues
+- Verify environment-specific configurations
+- Check pod health and resource usage

.cursor/rules/database-performance.mdc

@@ -0,0 +1,41 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+# Database Performance & Prisma Best Practices
+
+## Critical Performance Rules
+
+### Response Count Queries
+- **NEVER** use `skip`/`offset` with `prisma.response.count()` - this causes expensive subqueries with OFFSET
+- Always use only `where` clauses for count operations: `prisma.response.count({ where: { ... } })`
+- For pagination, separate count queries from data queries
+- Reference: [apps/web/lib/response/service.ts](mdc:apps/web/lib/response/service.ts) line 654-686
+
+### Prisma Query Optimization
+- Use proper indexes defined in [packages/database/schema.prisma](mdc:packages/database/schema.prisma)
+- Leverage existing indexes: `@@index([surveyId, createdAt])`, `@@index([createdAt])`
+- Use cursor-based pagination for large datasets instead of offset-based
+- Cache frequently accessed data using React Cache and custom cache tags
+
+### Date Range Filtering
+- When filtering by `createdAt`, always use indexed queries
+- Combine with `surveyId` for optimal performance: `{ surveyId, createdAt: { gte: start, lt: end } }`
+- Avoid complex WHERE clauses that can't utilize indexes
+
+### Count vs Data Separation
+- Always separate count queries from data fetching queries
+- Use `Promise.all()` to run count and data queries in parallel
+- Example pattern from [apps/web/modules/api/v2/management/responses/lib/response.ts](mdc:apps/web/modules/api/v2/management/responses/lib/response.ts):
+```typescript
+const [responses, totalCount] = await Promise.all([
+  prisma.response.findMany(query),
+  prisma.response.count({ where: whereClause }),
+]);
+```
+
+### Monitoring & Debugging
+- Monitor AWS RDS Performance Insights for problematic queries
+- Look for queries with OFFSET in count operations - these indicate performance issues
+- Use proper error handling with `DatabaseError` for Prisma exceptions

.cursor/rules/formbricks-architecture.mdc

@@ -0,0 +1,334 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+# Formbricks Architecture & Patterns
+
+## Monorepo Structure
+
+### Apps Directory
+- `apps/web/` - Main Next.js web application
+- `packages/` - Shared packages and utilities
+
+### Key Directories in Web App
+```
+apps/web/
+├── app/                    # Next.js 13+ app directory
+│   ├── (app)/             # Main application routes
+│   ├── (auth)/            # Authentication routes
+│   ├── api/               # API routes
+│   └── share/             # Public sharing routes
+├── components/            # Shared components
+├── lib/                   # Utility functions and services
+└── modules/               # Feature-specific modules
+```
+
+## Routing Patterns
+
+### App Router Structure
+The application uses Next.js 13+ app router with route groups:
+
+```
+(app)/environments/[environmentId]/
+├── surveys/[surveyId]/
+│   ├── (analysis)/        # Analysis views
+│   │   ├── responses/     # Response management
+│   │   ├── summary/       # Survey summary
+│   │   └── hooks/         # Analysis-specific hooks
+│   ├── edit/              # Survey editing
+│   └── settings/          # Survey settings
+```
+
+### Dynamic Routes
+- `[environmentId]` - Environment-specific routes
+- `[surveyId]` - Survey-specific routes
+- `[sharingKey]` - Public sharing routes
+
+## Service Layer Pattern
+
+### Service Organization
+Services are organized by domain in `apps/web/lib/`:
+
+```typescript
+// Example: Response service
+// apps/web/lib/response/service.ts
+export const getResponseCountAction = async ({
+  surveyId,
+  filterCriteria,
+}: {
+  surveyId: string;
+  filterCriteria: any;
+}) => {
+  // Service implementation
+};
+```
+
+### Action Pattern
+Server actions follow a consistent pattern:
+
+```typescript
+// Action wrapper for service calls
+export const getResponseCountAction = async (params) => {
+  try {
+    const result = await responseService.getCount(params);
+    return { data: result };
+  } catch (error) {
+    return { error: error.message };
+  }
+};
+```
+
+## Context Patterns
+
+### Provider Structure
+Context providers follow a consistent pattern:
+
+```typescript
+// Provider component
+export const ResponseFilterProvider = ({ children }: { children: React.ReactNode }) => {
+  const [selectedFilter, setSelectedFilter] = useState(defaultFilter);
+  
+  const value = {
+    selectedFilter,
+    setSelectedFilter,
+    // ... other state and methods
+  };
+
+  return (
+    <ResponseFilterContext.Provider value={value}>
+      {children}
+    </ResponseFilterContext.Provider>
+  );
+};
+
+// Hook for consuming context
+export const useResponseFilter = () => {
+  const context = useContext(ResponseFilterContext);
+  if (!context) {
+    throw new Error('useResponseFilter must be used within ResponseFilterProvider');
+  }
+  return context;
+};
+```
+
+### Context Composition
+Multiple contexts are often composed together:
+
+```typescript
+// Layout component with multiple providers
+export default function AnalysisLayout({ children }: { children: React.ReactNode }) {
+  return (
+    <ResponseFilterProvider>
+      <ResponseCountProvider>
+        {children}
+      </ResponseCountProvider>
+    </ResponseFilterProvider>
+  );
+}
+```
+
+## Component Patterns
+
+### Page Components
+Page components are located in the app directory and follow this pattern:
+
+```typescript
+// apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/page.tsx
+export default function ResponsesPage() {
+  return (
+    <div>
+      <ResponsesTable />
+      <ResponsesPagination />
+    </div>
+  );
+}
+```
+
+### Component Organization
+- **Pages** - Route components in app directory
+- **Components** - Reusable UI components
+- **Modules** - Feature-specific components and logic
+
+### Shared Components
+Common components are in `apps/web/components/`:
+- UI components (buttons, inputs, modals)
+- Layout components (headers, sidebars)
+- Data display components (tables, charts)
+
+## Hook Patterns
+
+### Custom Hook Structure
+Custom hooks follow consistent patterns:
+
+```typescript
+export const useResponseCount = ({ 
+  survey, 
+  initialCount 
+}: {
+  survey: TSurvey;
+  initialCount?: number;
+}) => {
+  const [responseCount, setResponseCount] = useState(initialCount ?? 0);
+  const [isLoading, setIsLoading] = useState(false);
+  
+  // Hook logic...
+  
+  return {
+    responseCount,
+    isLoading,
+    refetch,
+  };
+};
+```
+
+### Hook Dependencies
+- Use context hooks for shared state
+- Implement proper cleanup with AbortController
+- Optimize dependency arrays to prevent unnecessary re-renders
+
+## Data Fetching Patterns
+
+### Server Actions
+The app uses Next.js server actions for data fetching:
+
+```typescript
+// Server action
+export async function getResponsesAction(params: GetResponsesParams) {
+  const responses = await getResponses(params);
+  return { data: responses };
+}
+
+// Client usage
+const { data } = await getResponsesAction(params);
+```
+
+### Error Handling
+Consistent error handling across the application:
+
+```typescript
+try {
+  const result = await apiCall();
+  return { data: result };
+} catch (error) {
+  console.error("Operation failed:", error);
+  return { error: error.message };
+}
+```
+
+## Type Safety
+
+### Type Organization
+Types are organized in packages:
+- `@formbricks/types` - Shared type definitions
+- Local types in component/hook files
+
+### Common Types
+```typescript
+import { TSurvey } from "@formbricks/types/surveys/types";
+import { TResponse } from "@formbricks/types/responses";
+import { TEnvironment } from "@formbricks/types/environment";
+```
+
+## State Management
+
+### Local State
+- Use `useState` for component-specific state
+- Use `useReducer` for complex state logic
+- Use refs for mutable values that don't trigger re-renders
+
+### Global State
+- React Context for feature-specific shared state
+- URL state for filters and pagination
+- Server state through server actions
+
+## Performance Considerations
+
+### Code Splitting
+- Dynamic imports for heavy components
+- Route-based code splitting with app router
+- Lazy loading for non-critical features
+
+### Caching Strategy
+- Server-side caching for database queries
+- Client-side caching with React Query (where applicable)
+- Static generation for public pages
+
+## Testing Strategy
+
+### Test Organization
+```
+component/
+├── Component.tsx
+├── Component.test.tsx
+└── hooks/
+    ├── useHook.ts
+    └── useHook.test.tsx
+```
+
+### Test Patterns
+- Unit tests for utilities and services
+- Integration tests for components with context
+- Hook tests with proper mocking
+
+## Build & Deployment
+
+### Build Process
+- TypeScript compilation
+- Next.js build optimization
+- Asset optimization and bundling
+
+### Environment Configuration
+- Environment-specific configurations
+- Feature flags for gradual rollouts
+- Database connection management
+
+## Security Patterns
+
+### Authentication
+- Session-based authentication
+- Environment-based access control
+- API route protection
+
+### Data Validation
+- Input validation on both client and server
+- Type-safe API contracts
+- Sanitization of user inputs
+
+## Monitoring & Observability
+
+### Error Tracking
+- Client-side error boundaries
+- Server-side error logging
+- Performance monitoring
+
+### Analytics
+- User interaction tracking
+- Performance metrics
+- Database query monitoring
+
+## Best Practices Summary
+
+### Code Organization
+- ✅ Follow the established directory structure
+- ✅ Use consistent naming conventions
+- ✅ Separate concerns (UI, logic, data)
+- ✅ Keep components focused and small
+
+### Performance
+- ✅ Implement proper loading states
+- ✅ Use AbortController for async operations
+- ✅ Optimize database queries
+- ✅ Implement proper caching strategies
+
+### Type Safety
+- ✅ Use TypeScript throughout
+- ✅ Define proper interfaces for props
+- ✅ Use type guards for runtime validation
+- ✅ Leverage shared type packages
+
+### Testing
+- ✅ Write tests for critical functionality
+- ✅ Mock external dependencies properly
+- ✅ Test error scenarios and edge cases
+- ✅ Maintain good test coverage

.cursor/rules/performance-optimization.mdc

@@ -0,0 +1,5 @@
+---
+description:
+globs:
+alwaysApply: false
+---

.cursor/rules/react-context-patterns.mdc

@@ -0,0 +1,52 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+# React Context & Provider Patterns
+
+## Context Provider Best Practices
+
+### Provider Implementation
+- Use TypeScript interfaces for provider props with optional `initialCount` for testing
+- Implement proper cleanup in `useEffect` to avoid React hooks warnings
+- Reference: [apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/ResponseCountProvider.tsx](mdc:apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/ResponseCountProvider.tsx)
+
+### Cleanup Pattern for Refs
+```typescript
+useEffect(() => {
+  const currentPendingRequests = pendingRequests.current;
+  const currentAbortController = abortController.current;
+  
+  return () => {
+    if (currentAbortController) {
+      currentAbortController.abort();
+    }
+    currentPendingRequests.clear();
+  };
+}, []);
+```
+
+### Testing Context Providers
+- Always wrap components using context in the provider during tests
+- Use `initialCount` prop for predictable test scenarios
+- Mock context dependencies like `useParams`, `useResponseFilter`
+- Example from [apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SurveyAnalysisCTA.test.tsx](mdc:apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SurveyAnalysisCTA.test.tsx):
+
+```typescript
+render(
+  <ResponseCountProvider survey={dummySurvey} initialCount={5}>
+    <ComponentUnderTest />
+  </ResponseCountProvider>
+);
+```
+
+### Required Mocks for Context Testing
+- Mock `next/navigation` with `useParams` returning environment and survey IDs
+- Mock response filter context and actions
+- Mock API actions that the provider depends on
+
+### Context Hook Usage
+- Create custom hooks like `useResponseCountContext()` for consuming context
+- Provide meaningful error messages when context is used outside provider
+- Use context for shared state that multiple components need to access

.cursor/rules/react-context-providers.mdc

@@ -0,0 +1,5 @@
+---
+description:
+globs:
+alwaysApply: false
+---

.cursor/rules/testing-patterns.mdc

@@ -0,0 +1,282 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+# Testing Patterns & Best Practices
+
+## Test File Naming & Environment
+
+### File Extensions
+- Use `.test.tsx` for React component/hook tests (runs in jsdom environment)
+- Use `.test.ts` for utility/service tests (runs in Node environment)
+- The vitest config uses `environmentMatchGlobs` to automatically set jsdom for `.tsx` files
+
+### Test Structure
+```typescript
+// Import the mocked functions first
+import { useHook } from "@/path/to/hook";
+import { serviceFunction } from "@/path/to/service";
+import { renderHook, waitFor } from "@testing-library/react";
+import { beforeEach, describe, expect, test, vi } from "vitest";
+
+// Mock dependencies
+vi.mock("@/path/to/hook", () => ({
+  useHook: vi.fn(),
+}));
+
+describe("ComponentName", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    // Setup default mocks
+  });
+
+  test("descriptive test name", async () => {
+    // Test implementation
+  });
+});
+```
+
+## React Hook Testing
+
+### Context Mocking
+When testing hooks that use React Context:
+```typescript
+vi.mocked(useResponseFilter).mockReturnValue({
+  selectedFilter: {
+    filter: [],
+    onlyComplete: false,
+  },
+  setSelectedFilter: vi.fn(),
+  selectedOptions: {
+    questionOptions: [],
+    questionFilterOptions: [],
+  },
+  setSelectedOptions: vi.fn(),
+  dateRange: { from: new Date(), to: new Date() },
+  setDateRange: vi.fn(),
+  resetState: vi.fn(),
+});
+```
+
+### Testing Async Hooks
+- Always use `waitFor` for async operations
+- Test both loading and completed states
+- Verify API calls with correct parameters
+
+```typescript
+test("fetches data on mount", async () => {
+  const { result } = renderHook(() => useHook());
+  
+  expect(result.current.isLoading).toBe(true);
+  
+  await waitFor(() => {
+    expect(result.current.isLoading).toBe(false);
+  });
+  
+  expect(result.current.data).toBe(expectedData);
+  expect(vi.mocked(apiCall)).toHaveBeenCalledWith(expectedParams);
+});
+```
+
+### Testing Hook Dependencies
+To test useEffect dependencies, ensure mocks return different values:
+```typescript
+// First render
+mockGetFormattedFilters.mockReturnValue(mockFilters);
+
+// Change dependency and trigger re-render
+const newMockFilters = { ...mockFilters, finished: true };
+mockGetFormattedFilters.mockReturnValue(newMockFilters);
+rerender();
+```
+
+## Performance Testing
+
+### Race Condition Testing
+Test AbortController implementation:
+```typescript
+test("cancels previous request when new request is made", async () => {
+  let resolveFirst: (value: any) => void;
+  let resolveSecond: (value: any) => void;
+
+  const firstPromise = new Promise((resolve) => {
+    resolveFirst = resolve;
+  });
+  const secondPromise = new Promise((resolve) => {
+    resolveSecond = resolve;
+  });
+
+  vi.mocked(apiCall)
+    .mockReturnValueOnce(firstPromise as any)
+    .mockReturnValueOnce(secondPromise as any);
+
+  const { result } = renderHook(() => useHook());
+  
+  // Trigger second request
+  result.current.refetch();
+  
+  // Resolve in order - first should be cancelled
+  resolveFirst!({ data: 100 });
+  resolveSecond!({ data: 200 });
+
+  await waitFor(() => {
+    expect(result.current.isLoading).toBe(false);
+  });
+
+  // Should have result from second request
+  expect(result.current.data).toBe(200);
+});
+```
+
+### Cleanup Testing
+```typescript
+test("cleans up on unmount", () => {
+  const abortSpy = vi.spyOn(AbortController.prototype, "abort");
+  
+  const { unmount } = renderHook(() => useHook());
+  unmount();
+  
+  expect(abortSpy).toHaveBeenCalled();
+  abortSpy.mockRestore();
+});
+```
+
+## Error Handling Testing
+
+### API Error Testing
+```typescript
+test("handles API errors gracefully", async () => {
+  const consoleSpy = vi.spyOn(console, "error").mockImplementation(() => {});
+  vi.mocked(apiCall).mockRejectedValue(new Error("API Error"));
+
+  const { result } = renderHook(() => useHook());
+
+  await waitFor(() => {
+    expect(result.current.isLoading).toBe(false);
+  });
+
+  expect(consoleSpy).toHaveBeenCalledWith("Error message:", expect.any(Error));
+  expect(result.current.data).toBe(fallbackValue);
+  
+  consoleSpy.mockRestore();
+});
+```
+
+### Cancelled Request Testing
+```typescript
+test("does not update state for cancelled requests", async () => {
+  const consoleSpy = vi.spyOn(console, "error").mockImplementation(() => {});
+
+  let rejectFirst: (error: any) => void;
+  const firstPromise = new Promise((_, reject) => {
+    rejectFirst = reject;
+  });
+
+  vi.mocked(apiCall)
+    .mockReturnValueOnce(firstPromise as any)
+    .mockResolvedValueOnce({ data: 42 });
+
+  const { result } = renderHook(() => useHook());
+  result.current.refetch();
+
+  const abortError = new Error("Request cancelled");
+  rejectFirst!(abortError);
+
+  await waitFor(() => {
+    expect(result.current.isLoading).toBe(false);
+  });
+
+  // Should not log error for cancelled request
+  expect(consoleSpy).not.toHaveBeenCalled();
+  consoleSpy.mockRestore();
+});
+```
+
+## Type Safety in Tests
+
+### Mock Type Assertions
+Use type assertions for edge cases:
+```typescript
+vi.mocked(apiCall).mockResolvedValue({
+  data: null as any, // For testing null handling
+});
+
+vi.mocked(apiCall).mockResolvedValue({
+  data: undefined as any, // For testing undefined handling
+});
+```
+
+### Proper Mock Typing
+Ensure mocks match the actual interface:
+```typescript
+const mockSurvey: TSurvey = {
+  id: "survey-123",
+  name: "Test Survey",
+  // ... other required properties
+} as unknown as TSurvey; // Use when partial mocking is needed
+```
+
+## Common Test Patterns
+
+### Testing State Changes
+```typescript
+test("updates state correctly", async () => {
+  const { result } = renderHook(() => useHook());
+  
+  // Initial state
+  expect(result.current.value).toBe(initialValue);
+  
+  // Trigger change
+  result.current.updateValue(newValue);
+  
+  // Verify change
+  expect(result.current.value).toBe(newValue);
+});
+```
+
+### Testing Multiple Scenarios
+```typescript
+test("handles different modes", async () => {
+  // Test regular mode
+  vi.mocked(useParams).mockReturnValue({ surveyId: "123" });
+  const { rerender } = renderHook(() => useHook());
+  
+  await waitFor(() => {
+    expect(vi.mocked(regularApi)).toHaveBeenCalled();
+  });
+  
+  // Test sharing mode
+  vi.mocked(useParams).mockReturnValue({ 
+    surveyId: "123", 
+    sharingKey: "share-123" 
+  });
+  rerender();
+  
+  await waitFor(() => {
+    expect(vi.mocked(sharingApi)).toHaveBeenCalled();
+  });
+});
+```
+
+## Test Organization
+
+### Comprehensive Test Coverage
+For hooks, ensure you test:
+- ✅ Initialization (with/without initial values)
+- ✅ Data fetching (success/error cases)
+- ✅ State updates and refetching
+- ✅ Dependency changes triggering effects
+- ✅ Manual actions (refetch, reset)
+- ✅ Race condition prevention
+- ✅ Cleanup on unmount
+- ✅ Mode switching (if applicable)
+- ✅ Edge cases (null/undefined data)
+
+### Test Naming
+Use descriptive test names that explain the scenario:
+- ✅ "initializes with initial count"
+- ✅ "fetches response count on mount for regular survey"
+- ✅ "cancels previous request when new request is made"
+- ❌ "test hook"
+- ❌ "it works"

.env.example

@@ -212,4 +212,7 @@ UNKEY_ROOT_KEY=
 # SENTRY_AUTH_TOKEN=
 
 # Configure the minimum role for user management from UI(owner, manager, disabled)
-# USER_MANAGEMENT_MINIMUM_ROLE="manager"
+# USER_MANAGEMENT_MINIMUM_ROLE="manager"
+
+# Configure the maximum age for the session in seconds. Default is 86400 (24 hours)
+# SESSION_MAX_AGE=86400

apps/web/app/(app)/(onboarding)/environments/[environmentId]/layout.test.tsx

@@ -85,6 +85,7 @@ vi.mock("@/lib/constants", () => ({
   OIDC_AUTH_URL: "https://mock-oidc-auth-url.com",
   OIDC_ISSUER: "https://mock-oidc-issuer.com",
   OIDC_SIGNING_ALGORITHM: "RS256",
+  SESSION_MAX_AGE: 1000,
 }));
 
 vi.mock("next/navigation", () => ({

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/layout.test.tsx

@@ -88,6 +88,7 @@ vi.mock("@/lib/constants", () => ({
   OIDC_AUTH_URL: "https://mock-oidc-auth-url.com",
   OIDC_ISSUER: "https://mock-oidc-issuer.com",
   OIDC_SIGNING_ALGORITHM: "RS256",
+  SESSION_MAX_AGE: 1000,
 }));
 
 vi.mock("@/lib/environment/service");

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.test.tsx

@@ -97,6 +97,7 @@ vi.mock("@/lib/constants", () => ({
   OIDC_AUTH_URL: "https://mock-oidc-auth-url.com",
   OIDC_ISSUER: "https://mock-oidc-issuer.com",
   OIDC_SIGNING_ALGORITHM: "RS256",
+  SESSION_MAX_AGE: 1000,
 }));
 
 vi.mock("@/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar", () => ({

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/layout.test.tsx

@@ -34,6 +34,7 @@ vi.mock("@/lib/constants", () => ({
   OIDC_SIGNING_ALGORITHM: "test-oidc-signing-algorithm",
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
+  SESSION_MAX_AGE: 1000,
 }));
 
 vi.mock("next-auth", () => ({

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/layout.test.tsx

@@ -33,6 +33,7 @@ vi.mock("@/lib/constants", () => ({
   OIDC_SIGNING_ALGORITHM: "test-oidc-signing-algorithm",
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
+  SESSION_MAX_AGE: 1000,
 }));
 
 // Mock dependencies

apps/web/app/(app)/environments/[environmentId]/(contacts)/contacts/[contactId]/page.test.tsx

@@ -25,6 +25,7 @@ vi.mock("@/lib/constants", () => ({
   SMTP_HOST: "mock-smtp-host",
   SMTP_PORT: "mock-smtp-port",
   IS_POSTHOG_CONFIGURED: true,
+  SESSION_MAX_AGE: 1000,
 }));
 
 describe("Contact Page Re-export", () => {

apps/web/app/(app)/environments/[environmentId]/integrations/airtable/page.test.tsx

@@ -48,6 +48,7 @@ vi.mock("@/lib/constants", () => ({
   OIDC_CLIENT_SECRET: "test-oidc-client-secret",
   OIDC_SIGNING_ALGORITHM: "test-oidc-signing-algorithm",
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
 }));
 
 vi.mock("@/lib/integration/service");

apps/web/app/(app)/environments/[environmentId]/integrations/notion/components/NotionWrapper.test.tsx

@@ -31,6 +31,7 @@ vi.mock("@/lib/constants", () => ({
   SENTRY_DSN: "mock-sentry-dsn",
   GOOGLE_SHEETS_CLIENT_SECRET: "test-client-secret",
   GOOGLE_SHEETS_REDIRECT_URL: "test-redirect-url",
+  SESSION_MAX_AGE: 1000,
 }));
 
 // Mock child components

apps/web/app/(app)/environments/[environmentId]/project/(setup)/app-connection/page.test.tsx

@@ -24,6 +24,7 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
 }));
 
 describe("AppConnectionPage Re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/general/page.test.tsx

@@ -24,6 +24,7 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
 }));
 
 describe("GeneralSettingsPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/languages/page.test.tsx

@@ -24,6 +24,7 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
 }));
 
 describe("LanguagesPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/look/page.test.tsx

@@ -24,6 +24,7 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
 }));
 
 describe("ProjectLookSettingsPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/tags/page.test.tsx

@@ -24,6 +24,7 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
 }));
 
 describe("TagsPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/teams/page.test.tsx

@@ -24,6 +24,7 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
 }));
 
 describe("ProjectTeams re-export", () => {

apps/web/app/(app)/environments/[environmentId]/settings/(account)/layout.test.tsx

@@ -40,6 +40,7 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
 }));
 
 const mockGetOrganizationByEnvironmentId = vi.mocked(getOrganizationByEnvironmentId);

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/actions.ts

@@ -1,17 +1,87 @@
 "use server";
 
+import {
+  getIsEmailUnique,
+  verifyUserPassword,
+} from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user";
+import { EMAIL_VERIFICATION_DISABLED } from "@/lib/constants";
 import { deleteFile } from "@/lib/storage/service";
 import { getFileNameWithIdFromUrl } from "@/lib/storage/utils";
 import { updateUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
+import { rateLimit } from "@/lib/utils/rate-limit";
+import { updateBrevoCustomer } from "@/modules/auth/lib/brevo";
+import { sendVerificationNewEmail } from "@/modules/email";
 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
-import { ZUserUpdateInput } from "@formbricks/types/user";
+import {
+  AuthenticationError,
+  AuthorizationError,
+  OperationNotAllowedError,
+  TooManyRequestsError,
+} from "@formbricks/types/errors";
+import { TUserUpdateInput, ZUserPassword, ZUserUpdateInput } from "@formbricks/types/user";
+
+const limiter = rateLimit({
+  interval: 60 * 60, // 1 hour
+  allowedPerInterval: 3, // max 3 calls for email verification per hour
+});
 
 export const updateUserAction = authenticatedActionClient
-  .schema(ZUserUpdateInput.pick({ name: true, locale: true }))
+  .schema(
+    ZUserUpdateInput.pick({ name: true, email: true, locale: true }).extend({
+      password: ZUserPassword.optional(),
+    })
+  )
   .action(async ({ parsedInput, ctx }) => {
-    return await updateUser(ctx.user.id, parsedInput);
+    const inputEmail = parsedInput.email?.trim().toLowerCase();
+
+    let payload: TUserUpdateInput = {
+      ...(parsedInput.name && { name: parsedInput.name }),
+      ...(parsedInput.locale && { locale: parsedInput.locale }),
+    };
+
+    // Only process email update if a new email is provided and it's different from current email
+    if (inputEmail && ctx.user.email !== inputEmail) {
+      // Check rate limit
+      try {
+        await limiter(ctx.user.id);
+      } catch {
+        throw new TooManyRequestsError("Too many requests");
+      }
+      if (ctx.user.identityProvider !== "email") {
+        throw new OperationNotAllowedError("Email update is not allowed for non-credential users.");
+      }
+
+      if (!parsedInput.password) {
+        throw new AuthenticationError("Password is required to update email.");
+      }
+
+      const isCorrectPassword = await verifyUserPassword(ctx.user.id, parsedInput.password);
+      if (!isCorrectPassword) {
+        throw new AuthorizationError("Incorrect credentials");
+      }
+
+      // Check if the new email is unique, no user exists with the new email
+      const isEmailUnique = await getIsEmailUnique(inputEmail);
+
+      // If the new email is unique, proceed with the email update
+      if (isEmailUnique) {
+        if (EMAIL_VERIFICATION_DISABLED) {
+          payload.email = inputEmail;
+          await updateBrevoCustomer({ id: ctx.user.id, email: inputEmail });
+        } else {
+          await sendVerificationNewEmail(ctx.user.id, inputEmail);
+        }
+      }
+    }
+
+    // Only proceed with updateUser if we have actual changes to make
+    if (Object.keys(payload).length > 0) {
+      await updateUser(ctx.user.id, payload);
+    }
+
+    return true;
   });
 
 const ZUpdateAvatarAction = z.object({

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/components/EditProfileDetailsForm.test.tsx

@@ -50,11 +50,10 @@ describe("EditProfileDetailsForm", () => {
   test("renders with initial user data and updates successfully", async () => {
     vi.mocked(updateUserAction).mockResolvedValue({ ...mockUser, name: "New Name" } as any);
 
-    render(<EditProfileDetailsForm user={mockUser} />);
+    render(<EditProfileDetailsForm user={mockUser} emailVerificationDisabled={true} />);
 
     const nameInput = screen.getByPlaceholderText("common.full_name");
     expect(nameInput).toHaveValue(mockUser.name);
-    expect(screen.getByDisplayValue(mockUser.email)).toBeDisabled();
     // Check initial language (English)
     expect(screen.getByText("English (US)")).toBeInTheDocument();
 
@@ -72,7 +71,11 @@ describe("EditProfileDetailsForm", () => {
     await userEvent.click(updateButton);
 
     await waitFor(() => {
-      expect(updateUserAction).toHaveBeenCalledWith({ name: "New Name", locale: "de-DE" });
+      expect(updateUserAction).toHaveBeenCalledWith({
+        name: "New Name",
+        locale: "de-DE",
+        email: mockUser.email,
+      });
     });
     await waitFor(() => {
       expect(toast.success).toHaveBeenCalledWith(
@@ -88,7 +91,7 @@ describe("EditProfileDetailsForm", () => {
     const errorMessage = "Update failed";
     vi.mocked(updateUserAction).mockRejectedValue(new Error(errorMessage));
 
-    render(<EditProfileDetailsForm user={mockUser} />);
+    render(<EditProfileDetailsForm user={mockUser} emailVerificationDisabled={false} />);
 
     const nameInput = screen.getByPlaceholderText("common.full_name");
     await userEvent.clear(nameInput);
@@ -106,7 +109,7 @@ describe("EditProfileDetailsForm", () => {
   });
 
   test("update button is disabled initially and enables on change", async () => {
-    render(<EditProfileDetailsForm user={mockUser} />);
+    render(<EditProfileDetailsForm user={mockUser} emailVerificationDisabled={false} />);
     const updateButton = screen.getByText("common.update");
     expect(updateButton).toBeDisabled();
 

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/components/EditProfileDetailsForm.tsx

@@ -1,6 +1,8 @@
 "use client";
 
+import { PasswordConfirmationModal } from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/components/password-confirmation-modal";
 import { appLanguages } from "@/lib/i18n/utils";
+import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { Button } from "@/modules/ui/components/button";
 import {
   DropdownMenu,
@@ -8,129 +10,211 @@ import {
   DropdownMenuItem,
   DropdownMenuTrigger,
 } from "@/modules/ui/components/dropdown-menu";
-import {
-  FormControl,
-  FormError,
-  FormField,
-  FormItem,
-  FormLabel,
-  FormProvider,
-} from "@/modules/ui/components/form";
+import { FormControl, FormError, FormField, FormItem, FormLabel } from "@/modules/ui/components/form";
 import { Input } from "@/modules/ui/components/input";
-import { Label } from "@/modules/ui/components/label";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { useTranslate } from "@tolgee/react";
 import { ChevronDownIcon } from "lucide-react";
-import { SubmitHandler, useForm } from "react-hook-form";
+import { signOut } from "next-auth/react";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { FormProvider, SubmitHandler, useForm } from "react-hook-form";
 import toast from "react-hot-toast";
 import { z } from "zod";
-import { TUser, ZUser } from "@formbricks/types/user";
+import { TUser, TUserUpdateInput, ZUser, ZUserEmail } from "@formbricks/types/user";
 import { updateUserAction } from "../actions";
 
-const ZEditProfileNameFormSchema = ZUser.pick({ name: true, locale: true });
+// Schema & types
+const ZEditProfileNameFormSchema = ZUser.pick({ name: true, locale: true, email: true }).extend({
+  email: ZUserEmail.transform((val) => val?.trim().toLowerCase()),
+});
 type TEditProfileNameForm = z.infer<typeof ZEditProfileNameFormSchema>;
 
-export const EditProfileDetailsForm = ({ user }: { user: TUser }) => {
+export const EditProfileDetailsForm = ({
+  user,
+  emailVerificationDisabled,
+}: {
+  user: TUser;
+  emailVerificationDisabled: boolean;
+}) => {
+  const { t } = useTranslate();
+  const router = useRouter();
+
   const form = useForm<TEditProfileNameForm>({
-    defaultValues: { name: user.name, locale: user.locale || "en" },
+    defaultValues: {
+      name: user.name,
+      locale: user.locale,
+      email: user.email,
+    },
     mode: "onChange",
     resolver: zodResolver(ZEditProfileNameFormSchema),
   });
 
   const { isSubmitting, isDirty } = form.formState;
-  const { t } = useTranslate();
+  const [showModal, setShowModal] = useState(false);
+
+  const handleConfirmPassword = async (password: string) => {
+    const values = form.getValues();
+    const dirtyFields = form.formState.dirtyFields;
+
+    const emailChanged = "email" in dirtyFields;
+    const nameChanged = "name" in dirtyFields;
+    const localeChanged = "locale" in dirtyFields;
+
+    const name = values.name.trim();
+    const email = values.email.trim().toLowerCase();
+    const locale = values.locale;
+
+    const data: TUserUpdateInput = {};
+
+    if (emailChanged) {
+      data.email = email;
+      data.password = password;
+    }
+    if (nameChanged) {
+      data.name = name;
+    }
+    if (localeChanged) {
+      data.locale = locale;
+    }
+
+    const updatedUserResult = await updateUserAction(data);
+
+    if (updatedUserResult?.data) {
+      if (!emailVerificationDisabled) {
+        toast.success(t("auth.verification-requested.new_email_verification_success"));
+      } else {
+        toast.success(t("environments.settings.profile.email_change_initiated"));
+        await signOut({ redirect: false });
+        router.push(`/email-change-without-verification-success`);
+        return;
+      }
+    } else {
+      const errorMessage = getFormattedErrorMessage(updatedUserResult);
+      toast.error(errorMessage);
+      return;
+    }
+
+    window.location.reload();
+    setShowModal(false);
+  };
 
   const onSubmit: SubmitHandler<TEditProfileNameForm> = async (data) => {
-    try {
-      const name = data.name.trim();
-      const locale = data.locale;
-      await updateUserAction({ name, locale });
-      toast.success(t("environments.settings.profile.profile_updated_successfully"));
-      window.location.reload();
-      form.reset({ name, locale });
-    } catch (error) {
-      toast.error(`${t("common.error")}: ${error.message}`);
+    if (data.email !== user.email) {
+      setShowModal(true);
+    } else {
+      try {
+        await updateUserAction({
+          ...data,
+          name: data.name.trim(),
+        });
+        toast.success(t("environments.settings.profile.profile_updated_successfully"));
+        window.location.reload();
+        form.reset(data);
+      } catch (error: any) {
+        toast.error(`${t("common.error")}: ${error.message}`);
+      }
     }
   };
 
   return (
-    <FormProvider {...form}>
-      <form className="w-full max-w-sm items-center" onSubmit={form.handleSubmit(onSubmit)}>
-        <FormField
-          control={form.control}
-          name="name"
-          render={({ field }) => (
-            <FormItem>
-              <FormLabel>{t("common.full_name")}</FormLabel>
-              <FormControl>
-                <Input
-                  {...field}
-                  type="text"
-                  placeholder={t("common.full_name")}
-                  required
-                  isInvalid={!!form.formState.errors.name}
-                />
-              </FormControl>
-              <FormError />
-            </FormItem>
-          )}
-        />
+    <>
+      <FormProvider {...form}>
+        <form className="w-full max-w-sm" onSubmit={form.handleSubmit(onSubmit)}>
+          <FormField
+            control={form.control}
+            name="name"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>{t("common.full_name")}</FormLabel>
+                <FormControl>
+                  <Input
+                    {...field}
+                    type="text"
+                    required
+                    placeholder={t("common.full_name")}
+                    isInvalid={!!form.formState.errors.name}
+                  />
+                </FormControl>
+                <FormError />
+              </FormItem>
+            )}
+          />
 
-        {/* disabled email field */}
-        <div className="mt-4 space-y-2">
-          <Label htmlFor="email">{t("common.email")}</Label>
-          <Input type="email" id="email" defaultValue={user.email} disabled />
-        </div>
+          <FormField
+            control={form.control}
+            name="email"
+            render={({ field }) => (
+              <FormItem className="mt-4">
+                <FormLabel>{t("common.email")}</FormLabel>
+                <FormControl>
+                  <Input
+                    {...field}
+                    type="email"
+                    required
+                    isInvalid={!!form.formState.errors.email}
+                    disabled={user.identityProvider !== "email"}
+                  />
+                </FormControl>
+                <FormError />
+              </FormItem>
+            )}
+          />
 
-        <FormField
-          control={form.control}
-          name="locale"
-          render={({ field }) => (
-            <FormItem className="mt-4">
-              <FormLabel>{t("common.language")}</FormLabel>
-              <FormControl>
-                <DropdownMenu>
-                  <DropdownMenuTrigger asChild>
-                    <Button
-                      type="button"
-                      className="h-10 w-full border border-slate-300 px-3 text-left"
-                      variant="ghost">
-                      <div className="flex w-full items-center justify-between">
-                        {appLanguages.find((language) => language.code === field.value)?.label[field.value] ||
-                          "NA"}
-                        <ChevronDownIcon className="h-4 w-4 text-slate-500" />
-                      </div>
-                    </Button>
-                  </DropdownMenuTrigger>
-                  <DropdownMenuContent
-                    className="w-40 bg-slate-50 text-slate-700"
-                    align="start"
-                    side="bottom">
-                    {appLanguages.map((language) => (
-                      <DropdownMenuItem
-                        key={language.code}
-                        onClick={() => field.onChange(language.code)}
-                        className="min-h-8 cursor-pointer">
-                        {language.label[field.value]}
-                      </DropdownMenuItem>
-                    ))}
-                  </DropdownMenuContent>
-                </DropdownMenu>
-              </FormControl>
-              <FormError />
-            </FormItem>
-          )}
-        />
+          <FormField
+            control={form.control}
+            name="locale"
+            render={({ field }) => (
+              <FormItem className="mt-4">
+                <FormLabel>{t("common.language")}</FormLabel>
+                <FormControl>
+                  <DropdownMenu>
+                    <DropdownMenuTrigger asChild>
+                      <Button
+                        type="button"
+                        variant="ghost"
+                        className="h-10 w-full border border-slate-300 px-3 text-left">
+                        <div className="flex w-full items-center justify-between">
+                          {appLanguages.find((l) => l.code === field.value)?.label[field.value] ?? "NA"}
+                          <ChevronDownIcon className="h-4 w-4 text-slate-500" />
+                        </div>
+                      </Button>
+                    </DropdownMenuTrigger>
+                    <DropdownMenuContent className="w-40 bg-slate-50 text-slate-700" align="start">
+                      {appLanguages.map((lang) => (
+                        <DropdownMenuItem
+                          key={lang.code}
+                          onClick={() => field.onChange(lang.code)}
+                          className="min-h-8 cursor-pointer">
+                          {lang.label[field.value]}
+                        </DropdownMenuItem>
+                      ))}
+                    </DropdownMenuContent>
+                  </DropdownMenu>
+                </FormControl>
+                <FormError />
+              </FormItem>
+            )}
+          />
 
-        <Button
-          type="submit"
-          className="mt-4"
-          size="sm"
-          loading={isSubmitting}
-          disabled={isSubmitting || !isDirty}>
-          {t("common.update")}
-        </Button>
-      </form>
-    </FormProvider>
+          <Button
+            type="submit"
+            className="mt-4"
+            size="sm"
+            loading={isSubmitting}
+            disabled={isSubmitting || !isDirty}>
+            {t("common.update")}
+          </Button>
+        </form>
+      </FormProvider>
+
+      <PasswordConfirmationModal
+        open={showModal}
+        setOpen={setShowModal}
+        oldEmail={user.email}
+        newEmail={form.getValues("email") || user.email}
+        onConfirm={handleConfirmPassword}
+      />
+    </>
   );
 };

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/components/password-confirmation-modal.test.tsx

@@ -0,0 +1,132 @@
+import "@testing-library/jest-dom/vitest";
+import { cleanup, render, screen, waitFor } from "@testing-library/react";
+import userEvent from "@testing-library/user-event";
+import { afterEach, describe, expect, test, vi } from "vitest";
+import { PasswordConfirmationModal } from "./password-confirmation-modal";
+
+// Mock the Modal component
+vi.mock("@/modules/ui/components/modal", () => ({
+  Modal: ({ children, open, setOpen, title }: any) =>
+    open ? (
+      <div data-testid="modal">
+        <div data-testid="modal-title">{title}</div>
+        {children}
+        <button data-testid="modal-close" onClick={() => setOpen(false)}>
+          Close
+        </button>
+      </div>
+    ) : null,
+}));
+
+// Mock the PasswordInput component
+vi.mock("@/modules/ui/components/password-input", () => ({
+  PasswordInput: ({ onChange, value, placeholder }: any) => (
+    <input
+      type="password"
+      value={value || ""}
+      onChange={(e) => onChange(e.target.value)}
+      placeholder={placeholder}
+      data-testid="password-input"
+    />
+  ),
+}));
+
+// Mock the useTranslate hook
+vi.mock("@tolgee/react", () => ({
+  useTranslate: () => ({
+    t: (key: string) => key,
+  }),
+}));
+
+describe("PasswordConfirmationModal", () => {
+  const defaultProps = {
+    open: true,
+    setOpen: vi.fn(),
+    oldEmail: "old@example.com",
+    newEmail: "new@example.com",
+    onConfirm: vi.fn(),
+  };
+
+  afterEach(() => {
+    cleanup();
+    vi.clearAllMocks();
+  });
+
+  test("renders nothing when open is false", () => {
+    render(<PasswordConfirmationModal {...defaultProps} open={false} />);
+    expect(screen.queryByTestId("modal")).not.toBeInTheDocument();
+  });
+
+  test("renders modal content when open is true", () => {
+    render(<PasswordConfirmationModal {...defaultProps} />);
+    expect(screen.getByTestId("modal")).toBeInTheDocument();
+    expect(screen.getByTestId("modal-title")).toBeInTheDocument();
+  });
+
+  test("displays old and new email addresses", () => {
+    render(<PasswordConfirmationModal {...defaultProps} />);
+    expect(screen.getByText("old@example.com")).toBeInTheDocument();
+    expect(screen.getByText("new@example.com")).toBeInTheDocument();
+  });
+
+  test("shows password input field", () => {
+    render(<PasswordConfirmationModal {...defaultProps} />);
+    const passwordInput = screen.getByTestId("password-input");
+    expect(passwordInput).toBeInTheDocument();
+    expect(passwordInput).toHaveAttribute("placeholder", "*******");
+  });
+
+  test("disables confirm button when form is not dirty", () => {
+    render(<PasswordConfirmationModal {...defaultProps} />);
+    const confirmButton = screen.getByText("common.confirm");
+    expect(confirmButton).toBeDisabled();
+  });
+
+  test("disables confirm button when old and new emails are the same", () => {
+    render(
+      <PasswordConfirmationModal {...defaultProps} oldEmail="same@example.com" newEmail="same@example.com" />
+    );
+    const confirmButton = screen.getByText("common.confirm");
+    expect(confirmButton).toBeDisabled();
+  });
+
+  test("enables confirm button when password is entered and emails are different", async () => {
+    const user = userEvent.setup();
+    render(<PasswordConfirmationModal {...defaultProps} />);
+
+    const passwordInput = screen.getByTestId("password-input");
+    await user.type(passwordInput, "password123");
+
+    const confirmButton = screen.getByText("common.confirm");
+    expect(confirmButton).not.toBeDisabled();
+  });
+
+  test("shows error message when password is too short", async () => {
+    const user = userEvent.setup();
+    render(<PasswordConfirmationModal {...defaultProps} />);
+
+    const passwordInput = screen.getByTestId("password-input");
+    await user.type(passwordInput, "short");
+
+    const confirmButton = screen.getByText("common.confirm");
+    await user.click(confirmButton);
+
+    expect(screen.getByText("String must contain at least 8 character(s)")).toBeInTheDocument();
+  });
+
+  test("handles cancel button click and resets form", async () => {
+    const user = userEvent.setup();
+    render(<PasswordConfirmationModal {...defaultProps} />);
+
+    const passwordInput = screen.getByTestId("password-input");
+    await user.type(passwordInput, "password123");
+
+    const cancelButton = screen.getByText("common.cancel");
+    await user.click(cancelButton);
+
+    expect(defaultProps.setOpen).toHaveBeenCalledWith(false);
+    await waitFor(() => {
+      expect(passwordInput).toHaveValue("");
+    });
+  });
+});

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/components/password-confirmation-modal.tsx

@@ -0,0 +1,117 @@
+"use client";
+
+import { Button } from "@/modules/ui/components/button";
+import { FormControl, FormError, FormField, FormItem } from "@/modules/ui/components/form";
+import { Modal } from "@/modules/ui/components/modal";
+import { PasswordInput } from "@/modules/ui/components/password-input";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { useTranslate } from "@tolgee/react";
+import { FormProvider, SubmitHandler, useForm } from "react-hook-form";
+import { z } from "zod";
+import { ZUserPassword } from "@formbricks/types/user";
+
+interface PasswordConfirmationModalProps {
+  open: boolean;
+  setOpen: (open: boolean) => void;
+  oldEmail: string;
+  newEmail: string;
+  onConfirm: (password: string) => Promise<void>;
+}
+
+const PasswordConfirmationSchema = z.object({
+  password: ZUserPassword,
+});
+
+type FormValues = z.infer<typeof PasswordConfirmationSchema>;
+
+export const PasswordConfirmationModal = ({
+  open,
+  setOpen,
+  oldEmail,
+  newEmail,
+  onConfirm,
+}: PasswordConfirmationModalProps) => {
+  const { t } = useTranslate();
+
+  const form = useForm<FormValues>({
+    resolver: zodResolver(PasswordConfirmationSchema),
+  });
+  const { isSubmitting, isDirty } = form.formState;
+
+  const onSubmit: SubmitHandler<FormValues> = async (data) => {
+    try {
+      await onConfirm(data.password);
+      form.reset();
+    } catch (error) {
+      form.setError("password", {
+        message: error instanceof Error ? error.message : "Authentication failed",
+      });
+    }
+  };
+  const handleCancel = () => {
+    form.reset();
+    setOpen(false);
+  };
+
+  return (
+    <Modal open={open} setOpen={setOpen} title={t("auth.forgot-password.reset.confirm_password")}>
+      <FormProvider {...form}>
+        <form onSubmit={form.handleSubmit(onSubmit)} className="space-y-4">
+          <p className="text-muted-foreground text-sm">
+            {t("auth.email-change.confirm_password_description")}
+          </p>
+
+          <div className="flex flex-col gap-2 text-sm sm:flex-row sm:justify-between sm:gap-4">
+            <p>
+              <strong>{t("auth.email-change.old_email")}:</strong>
+              <br /> {oldEmail.toLowerCase()}
+            </p>
+            <p>
+              <strong>{t("auth.email-change.new_email")}:</strong>
+              <br /> {newEmail.toLowerCase()}
+            </p>
+          </div>
+
+          <FormField
+            control={form.control}
+            name="password"
+            render={({ field, fieldState: { error } }) => (
+              <FormItem className="w-full">
+                <FormControl>
+                  <div>
+                    <PasswordInput
+                      id="password"
+                      autoComplete="current-password"
+                      placeholder="*******"
+                      aria-placeholder="password"
+                      aria-label="password"
+                      aria-required="true"
+                      required
+                      className="focus:border-brand-dark focus:ring-brand-dark block w-full rounded-md border-slate-300 shadow-sm sm:text-sm"
+                      value={field.value}
+                      onChange={(password) => field.onChange(password)}
+                    />
+                    {error?.message && <FormError className="text-left">{error.message}</FormError>}
+                  </div>
+                </FormControl>
+              </FormItem>
+            )}
+          />
+
+          <div className="mt-4 space-x-2 text-right">
+            <Button type="button" variant="secondary" onClick={handleCancel}>
+              {t("common.cancel")}
+            </Button>
+            <Button
+              type="submit"
+              variant="default"
+              loading={isSubmitting}
+              disabled={isSubmitting || !isDirty || oldEmail.toLowerCase() === newEmail.toLowerCase()}>
+              {t("common.confirm")}
+            </Button>
+          </div>
+        </form>
+      </FormProvider>
+    </Modal>
+  );
+};

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user.test.ts

@@ -0,0 +1,146 @@
+import { verifyPassword as mockVerifyPasswordImported } from "@/modules/auth/lib/utils";
+import { beforeEach, describe, expect, test, vi } from "vitest";
+import { prisma } from "@formbricks/database";
+import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { getIsEmailUnique, verifyUserPassword } from "./user";
+
+// Mock dependencies
+vi.mock("@/lib/user/cache", () => ({
+  userCache: {
+    tag: {
+      byId: vi.fn((id) => `user-${id}-tag`),
+      byEmail: vi.fn((email) => `user-email-${email}-tag`),
+    },
+  },
+}));
+
+vi.mock("@/modules/auth/lib/utils", () => ({
+  verifyPassword: vi.fn(),
+}));
+
+vi.mock("@formbricks/database", () => ({
+  prisma: {
+    user: {
+      findUnique: vi.fn(),
+    },
+  },
+}));
+
+// reactCache (from "react") and unstable_cache (from "next/cache") are mocked in vitestSetup.ts
+// to be pass-through, so the inner logic of cached functions is tested.
+
+const mockPrismaUserFindUnique = vi.mocked(prisma.user.findUnique);
+const mockVerifyPasswordUtil = vi.mocked(mockVerifyPasswordImported);
+
+describe("User Library Tests", () => {
+  beforeEach(() => {
+    vi.resetAllMocks();
+  });
+
+  describe("verifyUserPassword", () => {
+    const userId = "test-user-id";
+    const password = "test-password";
+
+    test("should return true for correct password", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        password: "hashed-password",
+        identityProvider: "email",
+      } as any);
+      mockVerifyPasswordUtil.mockResolvedValue(true);
+
+      const result = await verifyUserPassword(userId, password);
+      expect(result).toBe(true);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).toHaveBeenCalledWith(password, "hashed-password");
+    });
+
+    test("should return false for incorrect password", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        password: "hashed-password",
+        identityProvider: "email",
+      } as any);
+      mockVerifyPasswordUtil.mockResolvedValue(false);
+
+      const result = await verifyUserPassword(userId, password);
+      expect(result).toBe(false);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).toHaveBeenCalledWith(password, "hashed-password");
+    });
+
+    test("should throw ResourceNotFoundError if user not found", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue(null);
+
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow(ResourceNotFoundError);
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow(`user with ID ${userId} not found`);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).not.toHaveBeenCalled();
+    });
+
+    test("should throw InvalidInputError if identityProvider is not email", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        password: "hashed-password",
+        identityProvider: "google", // Not 'email'
+      } as any);
+
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow(InvalidInputError);
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow("Password is not set for this user");
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).not.toHaveBeenCalled();
+    });
+
+    test("should throw InvalidInputError if password is not set for email provider", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        password: null, // Password not set
+        identityProvider: "email",
+      } as any);
+
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow(InvalidInputError);
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow("Password is not set for this user");
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).not.toHaveBeenCalled();
+    });
+  });
+
+  describe("getIsEmailUnique", () => {
+    const email = "test@example.com";
+
+    test("should return false if user exists", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        id: "some-user-id",
+      } as any);
+
+      const result = await getIsEmailUnique(email);
+      expect(result).toBe(false);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { email },
+        select: { id: true },
+      });
+    });
+
+    test("should return true if user does not exist", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue(null);
+
+      const result = await getIsEmailUnique(email);
+      expect(result).toBe(true);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { email },
+        select: { id: true },
+      });
+    });
+  });
+});

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user.ts

@@ -0,0 +1,70 @@
+import { cache } from "@/lib/cache";
+import { userCache } from "@/lib/user/cache";
+import { verifyPassword } from "@/modules/auth/lib/utils";
+import { User } from "@prisma/client";
+import { cache as reactCache } from "react";
+import { prisma } from "@formbricks/database";
+import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+
+export const getUserById = reactCache(
+  async (userId: string): Promise<Pick<User, "password" | "identityProvider">> =>
+    cache(
+      async () => {
+        const user = await prisma.user.findUnique({
+          where: {
+            id: userId,
+          },
+          select: {
+            password: true,
+            identityProvider: true,
+          },
+        });
+        if (!user) {
+          throw new ResourceNotFoundError("user", userId);
+        }
+        return user;
+      },
+      [`getUserById-${userId}`],
+      {
+        tags: [userCache.tag.byId(userId)],
+      }
+    )()
+);
+
+export const verifyUserPassword = async (userId: string, password: string): Promise<boolean> => {
+  const user = await getUserById(userId);
+
+  if (user.identityProvider !== "email" || !user.password) {
+    throw new InvalidInputError("Password is not set for this user");
+  }
+
+  const isCorrectPassword = await verifyPassword(password, user.password);
+
+  if (!isCorrectPassword) {
+    return false;
+  }
+
+  return true;
+};
+
+export const getIsEmailUnique = reactCache(
+  async (email: string): Promise<boolean> =>
+    cache(
+      async () => {
+        const user = await prisma.user.findUnique({
+          where: {
+            email: email.toLowerCase(),
+          },
+          select: {
+            id: true,
+          },
+        });
+
+        return !user;
+      },
+      [`getIsEmailUnique-${email}`],
+      {
+        tags: [userCache.tag.byEmail(email)],
+      }
+    )()
+);

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/page.test.tsx

@@ -13,6 +13,7 @@ import Page from "./page";
 // Mock services and utils
 vi.mock("@/lib/constants", () => ({
   IS_FORMBRICKS_CLOUD: true,
+  EMAIL_VERIFICATION_DISABLED: true,
 }));
 vi.mock("@/lib/organization/service", () => ({
   getOrganizationsWhereUserIsSingleOwner: vi.fn(),

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/page.tsx

@@ -1,6 +1,6 @@
 import { AccountSettingsNavbar } from "@/app/(app)/environments/[environmentId]/settings/(account)/components/AccountSettingsNavbar";
 import { AccountSecurity } from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/components/AccountSecurity";
-import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
+import { EMAIL_VERIFICATION_DISABLED, IS_FORMBRICKS_CLOUD } from "@/lib/constants";
 import { getOrganizationsWhereUserIsSingleOwner } from "@/lib/organization/service";
 import { getUser } from "@/lib/user/service";
 import { getIsMultiOrgEnabled, getIsTwoFactorAuthEnabled } from "@/modules/ee/license-check/lib/utils";
@@ -42,7 +42,7 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
           <SettingsCard
             title={t("environments.settings.profile.personal_information")}
             description={t("environments.settings.profile.update_personal_info")}>
-            <EditProfileDetailsForm user={user} />
+            <EditProfileDetailsForm emailVerificationDisabled={EMAIL_VERIFICATION_DISABLED} user={user} />
           </SettingsCard>
           <SettingsCard
             title={t("common.avatar")}

apps/web/app/(app)/environments/[environmentId]/settings/(organization)/teams/page.test.tsx

@@ -29,6 +29,7 @@ vi.mock("@/lib/constants", () => ({
   SMTP_PORT: 587,
   SMTP_USER: "mock-smtp-user",
   SMTP_PASSWORD: "mock-smtp-password",
+  SESSION_MAX_AGE: 1000,
 }));
 
 describe("TeamsPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions.ts

@@ -75,7 +75,6 @@ export const getSurveySummaryAction = authenticatedActionClient
         },
       ],
     });
-
     return getSurveySummary(parsedInput.surveyId, parsedInput.filterCriteria);
   });
 

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/SurveyAnalysisNavigation.test.tsx

@@ -5,7 +5,6 @@ import {
 } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions";
 import { SurveyAnalysisNavigation } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/SurveyAnalysisNavigation";
 import { getFormattedFilters } from "@/app/lib/surveys/surveys";
-import { useIntervalWhenFocused } from "@/lib/utils/hooks/useIntervalWhenFocused";
 import { SecondaryNavigation } from "@/modules/ui/components/secondary-navigation";
 import { act, cleanup, render, waitFor } from "@testing-library/react";
 import { useParams, usePathname, useSearchParams } from "next/navigation";
@@ -45,13 +44,13 @@ vi.mock("@/lib/constants", () => ({
   SMTP_PORT: 587,
   SMTP_USER: "mock-smtp-user",
   SMTP_PASSWORD: "mock-smtp-password",
+  SESSION_MAX_AGE: 1000,
 }));
 
 vi.mock("@/app/(app)/environments/[environmentId]/components/ResponseFilterContext");
 vi.mock("@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions");
 vi.mock("@/app/lib/surveys/surveys");
 vi.mock("@/app/share/[sharingKey]/actions");
-vi.mock("@/lib/utils/hooks/useIntervalWhenFocused");
 vi.mock("@/modules/ui/components/secondary-navigation", () => ({
   SecondaryNavigation: vi.fn(() => <div data-testid="secondary-navigation" />),
 }));
@@ -68,7 +67,6 @@ const mockUseResponseFilter = vi.mocked(useResponseFilter);
 const mockGetResponseCountAction = vi.mocked(getResponseCountAction);
 const mockRevalidateSurveyIdPath = vi.mocked(revalidateSurveyIdPath);
 const mockGetFormattedFilters = vi.mocked(getFormattedFilters);
-const mockUseIntervalWhenFocused = vi.mocked(useIntervalWhenFocused);
 const MockSecondaryNavigation = vi.mocked(SecondaryNavigation);
 
 const mockSurveyLanguages: TSurveyLanguage[] = [
@@ -119,7 +117,6 @@ const mockSurvey = {
 const defaultProps = {
   environmentId: "testEnvId",
   survey: mockSurvey,
-  initialTotalResponseCount: 10,
   activeId: "summary",
 };
 
@@ -166,23 +163,20 @@ describe("SurveyAnalysisNavigation", () => {
     );
   });
 
-  test("passes correct runWhen flag to useIntervalWhenFocused based on share embed modal", () => {
+  test("renders navigation correctly for sharing page", () => {
     mockUsePathname.mockReturnValue(
       `/environments/${defaultProps.environmentId}/surveys/${mockSurvey.id}/summary`
     );
-    mockUseParams.mockReturnValue({ environmentId: defaultProps.environmentId, surveyId: mockSurvey.id });
+    mockUseParams.mockReturnValue({ sharingKey: "test-sharing-key" });
     mockUseResponseFilter.mockReturnValue({ selectedFilter: "all", dateRange: {} } as any);
     mockGetFormattedFilters.mockReturnValue([] as any);
     mockGetResponseCountAction.mockResolvedValue({ data: 5 });
 
-    mockUseSearchParams.mockReturnValue({ get: vi.fn().mockReturnValue("true") } as any);
     render(<SurveyAnalysisNavigation {...defaultProps} />);
-    expect(mockUseIntervalWhenFocused).toHaveBeenCalledWith(expect.any(Function), 10000, false, false);
-    cleanup();
 
-    mockUseSearchParams.mockReturnValue({ get: vi.fn().mockReturnValue(null) } as any);
-    render(<SurveyAnalysisNavigation {...defaultProps} />);
-    expect(mockUseIntervalWhenFocused).toHaveBeenCalledWith(expect.any(Function), 10000, true, false);
+    expect(MockSecondaryNavigation).toHaveBeenCalled();
+    const lastCallArgs = MockSecondaryNavigation.mock.calls[MockSecondaryNavigation.mock.calls.length - 1][0];
+    expect(lastCallArgs.navigation[0].href).toContain("/share/test-sharing-key");
   });
 
   test("displays correct response count string in label for various scenarios", async () => {
@@ -195,8 +189,8 @@ describe("SurveyAnalysisNavigation", () => {
     mockGetFormattedFilters.mockReturnValue([] as any);
 
     // Scenario 1: total = 10, filtered = null (initial state)
-    render(<SurveyAnalysisNavigation {...defaultProps} initialTotalResponseCount={10} />);
-    expect(MockSecondaryNavigation.mock.calls[0][0].navigation[1].label).toBe("common.responses (10)");
+    render(<SurveyAnalysisNavigation {...defaultProps} />);
+    expect(MockSecondaryNavigation.mock.calls[0][0].navigation[1].label).toBe("common.responses");
     cleanup();
     vi.resetAllMocks(); // Reset mocks for next case
 
@@ -212,11 +206,11 @@ describe("SurveyAnalysisNavigation", () => {
       if (args && "filterCriteria" in args) return { data: 15, error: null, success: true };
       return { data: 15, error: null, success: true };
     });
-    render(<SurveyAnalysisNavigation {...defaultProps} initialTotalResponseCount={15} />);
+    render(<SurveyAnalysisNavigation {...defaultProps} />);
     await waitFor(() => {
       const lastCallArgs =
         MockSecondaryNavigation.mock.calls[MockSecondaryNavigation.mock.calls.length - 1][0];
-      expect(lastCallArgs.navigation[1].label).toBe("common.responses (15)");
+      expect(lastCallArgs.navigation[1].label).toBe("common.responses");
     });
     cleanup();
     vi.resetAllMocks();
@@ -233,11 +227,11 @@ describe("SurveyAnalysisNavigation", () => {
       if (args && "filterCriteria" in args) return { data: 15, error: null, success: true };
       return { data: 10, error: null, success: true };
     });
-    render(<SurveyAnalysisNavigation {...defaultProps} initialTotalResponseCount={10} />);
+    render(<SurveyAnalysisNavigation {...defaultProps} />);
     await waitFor(() => {
       const lastCallArgs =
         MockSecondaryNavigation.mock.calls[MockSecondaryNavigation.mock.calls.length - 1][0];
-      expect(lastCallArgs.navigation[1].label).toBe("common.responses (15)");
+      expect(lastCallArgs.navigation[1].label).toBe("common.responses");
     });
   });
 });

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/SurveyAnalysisNavigation.tsx

@@ -1,105 +1,30 @@
 "use client";
 
-import { useResponseFilter } from "@/app/(app)/environments/[environmentId]/components/ResponseFilterContext";
-import {
-  getResponseCountAction,
-  revalidateSurveyIdPath,
-} from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions";
-import { getFormattedFilters } from "@/app/lib/surveys/surveys";
-import { getResponseCountBySurveySharingKeyAction } from "@/app/share/[sharingKey]/actions";
-import { useIntervalWhenFocused } from "@/lib/utils/hooks/useIntervalWhenFocused";
+import { revalidateSurveyIdPath } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions";
 import { SecondaryNavigation } from "@/modules/ui/components/secondary-navigation";
 import { useTranslate } from "@tolgee/react";
 import { InboxIcon, PresentationIcon } from "lucide-react";
-import { useParams, usePathname, useSearchParams } from "next/navigation";
-import { useCallback, useEffect, useMemo, useRef, useState } from "react";
+import { useParams, usePathname } from "next/navigation";
 import { TSurvey } from "@formbricks/types/surveys/types";
 
 interface SurveyAnalysisNavigationProps {
   environmentId: string;
   survey: TSurvey;
-  initialTotalResponseCount: number | null;
   activeId: string;
 }
 
 export const SurveyAnalysisNavigation = ({
   environmentId,
   survey,
-  initialTotalResponseCount,
   activeId,
 }: SurveyAnalysisNavigationProps) => {
   const pathname = usePathname();
   const { t } = useTranslate();
   const params = useParams();
-  const [filteredResponseCount, setFilteredResponseCount] = useState<number | null>(null);
-  const [totalResponseCount, setTotalResponseCount] = useState<number | null>(initialTotalResponseCount);
   const sharingKey = params.sharingKey as string;
   const isSharingPage = !!sharingKey;
 
-  const searchParams = useSearchParams();
-  const isShareEmbedModalOpen = searchParams.get("share") === "true";
-
   const url = isSharingPage ? `/share/${sharingKey}` : `/environments/${environmentId}/surveys/${survey.id}`;
-  const { selectedFilter, dateRange } = useResponseFilter();
-
-  const filters = useMemo(
-    () => getFormattedFilters(survey, selectedFilter, dateRange),
-    [selectedFilter, dateRange, survey]
-  );
-
-  const latestFiltersRef = useRef(filters);
-  latestFiltersRef.current = filters;
-
-  const getResponseCount = () => {
-    if (isSharingPage) return getResponseCountBySurveySharingKeyAction({ sharingKey });
-    return getResponseCountAction({ surveyId: survey.id });
-  };
-
-  const fetchResponseCount = async () => {
-    const count = await getResponseCount();
-    const responseCount = count?.data ?? 0;
-    setTotalResponseCount(responseCount);
-  };
-
-  const getFilteredResponseCount = useCallback(() => {
-    if (isSharingPage)
-      return getResponseCountBySurveySharingKeyAction({
-        sharingKey,
-        filterCriteria: latestFiltersRef.current,
-      });
-    return getResponseCountAction({ surveyId: survey.id, filterCriteria: latestFiltersRef.current });
-  }, [isSharingPage, sharingKey, survey.id]);
-
-  const fetchFilteredResponseCount = useCallback(async () => {
-    const count = await getFilteredResponseCount();
-    const responseCount = count?.data ?? 0;
-    setFilteredResponseCount(responseCount);
-  }, [getFilteredResponseCount]);
-
-  useEffect(() => {
-    fetchFilteredResponseCount();
-  }, [filters, isSharingPage, sharingKey, survey.id, fetchFilteredResponseCount]);
-
-  useIntervalWhenFocused(
-    () => {
-      fetchResponseCount();
-      fetchFilteredResponseCount();
-    },
-    10000,
-    !isShareEmbedModalOpen,
-    false
-  );
-
-  const getResponseCountString = () => {
-    if (totalResponseCount === null) return "";
-    if (filteredResponseCount === null) return `(${totalResponseCount})`;
-
-    const totalCount = Math.max(totalResponseCount, filteredResponseCount);
-
-    if (totalCount === filteredResponseCount) return `(${totalCount})`;
-
-    return `(${filteredResponseCount} of ${totalCount})`;
-  };
 
   const navigation = [
     {
@@ -114,7 +39,7 @@ export const SurveyAnalysisNavigation = ({
     },
     {
       id: "responses",
-      label: `${t("common.responses")} ${getResponseCountString()}`,
+      label: t("common.responses"),
       icon: <InboxIcon className="h-5 w-5" />,
       href: `${url}/responses?referer=true`,
       current: pathname?.includes("/responses"),

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/components/ResponsePage.test.tsx

@@ -162,7 +162,6 @@ describe("ResponsePage", () => {
       expect(screen.getByTestId("results-share-button")).toBeInTheDocument();
       expect(screen.getByTestId("response-data-view")).toBeInTheDocument();
     });
-    expect(mockGetResponseCountAction).toHaveBeenCalled();
     expect(mockGetResponsesAction).toHaveBeenCalled();
   });
 
@@ -179,7 +178,6 @@ describe("ResponsePage", () => {
     await waitFor(() => {
       expect(screen.queryByTestId("results-share-button")).not.toBeInTheDocument();
     });
-    expect(mockGetResponseCountBySurveySharingKeyAction).toHaveBeenCalled();
     expect(mockGetResponsesBySurveySharingKeyAction).toHaveBeenCalled();
   });
 
@@ -297,8 +295,7 @@ describe("ResponsePage", () => {
     rerender(<ResponsePage {...defaultProps} />);
 
     await waitFor(() => {
-      // Should fetch count and responses again due to filter change
-      expect(mockGetResponseCountAction).toHaveBeenCalledTimes(2);
+      // Should fetch responses again due to filter change
       expect(mockGetResponsesAction).toHaveBeenCalledTimes(2);
       // Check if it fetches with offset 0 (first page)
       expect(mockGetResponsesAction).toHaveBeenLastCalledWith(

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/components/ResponsePage.tsx

@@ -1,18 +1,12 @@
 "use client";
 
 import { useResponseFilter } from "@/app/(app)/environments/[environmentId]/components/ResponseFilterContext";
-import {
-  getResponseCountAction,
-  getResponsesAction,
-} from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions";
+import { getResponsesAction } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions";
 import { ResponseDataView } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/components/ResponseDataView";
 import { CustomFilter } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/CustomFilter";
 import { ResultsShareButton } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/ResultsShareButton";
 import { getFormattedFilters } from "@/app/lib/surveys/surveys";
-import {
-  getResponseCountBySurveySharingKeyAction,
-  getResponsesBySurveySharingKeyAction,
-} from "@/app/share/[sharingKey]/actions";
+import { getResponsesBySurveySharingKeyAction } from "@/app/share/[sharingKey]/actions";
 import { replaceHeadlineRecall } from "@/lib/utils/recall";
 import { useParams, useSearchParams } from "next/navigation";
 import { useCallback, useEffect, useMemo, useState } from "react";
@@ -49,7 +43,6 @@ export const ResponsePage = ({
   const sharingKey = params.sharingKey as string;
   const isSharingPage = !!sharingKey;
 
-  const [responseCount, setResponseCount] = useState<number | null>(null);
   const [responses, setResponses] = useState<TResponse[]>([]);
   const [page, setPage] = useState<number>(1);
   const [hasMore, setHasMore] = useState<boolean>(true);
@@ -97,9 +90,6 @@ export const ResponsePage = ({
 
   const deleteResponses = (responseIds: string[]) => {
     setResponses(responses.filter((response) => !responseIds.includes(response.id)));
-    if (responseCount) {
-      setResponseCount(responseCount - responseIds.length);
-    }
   };
 
   const updateResponse = (responseId: string, updatedResponse: TResponse) => {
@@ -118,29 +108,6 @@ export const ResponsePage = ({
     }
   }, [searchParams, resetState]);
 
-  useEffect(() => {
-    const handleResponsesCount = async () => {
-      let responseCount = 0;
-
-      if (isSharingPage) {
-        const responseCountActionResponse = await getResponseCountBySurveySharingKeyAction({
-          sharingKey,
-          filterCriteria: filters,
-        });
-        responseCount = responseCountActionResponse?.data || 0;
-      } else {
-        const responseCountActionResponse = await getResponseCountAction({
-          surveyId,
-          filterCriteria: filters,
-        });
-        responseCount = responseCountActionResponse?.data || 0;
-      }
-
-      setResponseCount(responseCount);
-    };
-    handleResponsesCount();
-  }, [filters, isSharingPage, sharingKey, surveyId]);
-
   useEffect(() => {
     const fetchInitialResponses = async () => {
       try {

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/page.test.tsx

@@ -1,3 +1,4 @@
+import { ResponseFilterProvider } from "@/app/(app)/environments/[environmentId]/components/ResponseFilterContext";
 import { SurveyAnalysisNavigation } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/SurveyAnalysisNavigation";
 import { ResponsePage } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/components/ResponsePage";
 import Page from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/page";
@@ -61,6 +62,7 @@ vi.mock("@/lib/constants", () => ({
   SENTRY_DSN: "mock-sentry-dsn",
   WEBAPP_URL: "http://localhost:3000",
   RESPONSES_PER_PAGE: 10,
+  SESSION_MAX_AGE: 1000,
 }));
 
 vi.mock("@/lib/getSurveyUrl", () => ({
@@ -109,6 +111,14 @@ vi.mock("@/tolgee/server", () => ({
   getTranslate: async () => (key: string) => key,
 }));
 
+vi.mock("next/navigation", () => ({
+  useParams: () => ({
+    environmentId: "test-env-id",
+    surveyId: "test-survey-id",
+    sharingKey: null,
+  }),
+}));
+
 const mockEnvironmentId = "test-env-id";
 const mockSurveyId = "test-survey-id";
 const mockUserId = "test-user-id";
@@ -180,7 +190,7 @@ describe("ResponsesPage", () => {
   test("renders correctly with all data", async () => {
     const props = { params: mockParams };
     const jsx = await Page(props);
-    render(jsx);
+    render(<ResponseFilterProvider>{jsx}</ResponseFilterProvider>);
 
     await screen.findByTestId("page-content-wrapper");
     expect(screen.getByTestId("page-header")).toBeInTheDocument();
@@ -196,7 +206,6 @@ describe("ResponsesPage", () => {
         isReadOnly: false,
         user: mockUser,
         surveyDomain: mockSurveyDomain,
-        responseCount: 10,
       }),
       undefined
     );
@@ -206,7 +215,6 @@ describe("ResponsesPage", () => {
         environmentId: mockEnvironmentId,
         survey: mockSurvey,
         activeId: "responses",
-        initialTotalResponseCount: 10,
       }),
       undefined
     );

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/page.tsx

@@ -33,7 +33,8 @@ const Page = async (props) => {
 
   const tags = await getTagsByEnvironmentId(params.environmentId);
 
-  const totalResponseCount = await getResponseCountBySurveyId(params.surveyId);
+  // Get response count for the CTA component
+  const responseCount = await getResponseCountBySurveyId(params.surveyId);
 
   const locale = await findMatchingLocale();
   const surveyDomain = getSurveyDomain();
@@ -49,15 +50,10 @@ const Page = async (props) => {
             isReadOnly={isReadOnly}
             user={user}
             surveyDomain={surveyDomain}
-            responseCount={totalResponseCount}
+            responseCount={responseCount}
           />
         }>
-        <SurveyAnalysisNavigation
-          environmentId={environment.id}
-          survey={survey}
-          activeId="responses"
-          initialTotalResponseCount={totalResponseCount}
-        />
+        <SurveyAnalysisNavigation environmentId={environment.id} survey={survey} activeId="responses" />
       </PageHeader>
       <ResponsePage
         environment={environment}

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SummaryList.tsx

@@ -38,18 +38,10 @@ interface SummaryListProps {
   responseCount: number | null;
   environment: TEnvironment;
   survey: TSurvey;
-  totalResponseCount: number;
   locale: TUserLocale;
 }
 
-export const SummaryList = ({
-  summary,
-  environment,
-  responseCount,
-  survey,
-  totalResponseCount,
-  locale,
-}: SummaryListProps) => {
+export const SummaryList = ({ summary, environment, responseCount, survey, locale }: SummaryListProps) => {
   const { setSelectedFilter, selectedFilter } = useResponseFilter();
   const { t } = useTranslate();
   const setFilter = (
@@ -115,11 +107,7 @@ export const SummaryList = ({
           type="response"
           environment={environment}
           noWidgetRequired={survey.type === "link"}
-          emptyMessage={
-            totalResponseCount === 0
-              ? undefined
-              : t("environments.surveys.summary.no_response_matches_filter")
-          }
+          emptyMessage={t("environments.surveys.summary.no_responses_found")}
         />
       ) : (
         summary.map((questionSummary) => {

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SummaryPage.tsx

@@ -1,30 +1,23 @@
 "use client";
 
 import { useResponseFilter } from "@/app/(app)/environments/[environmentId]/components/ResponseFilterContext";
-import {
-  getResponseCountAction,
-  getSurveySummaryAction,
-} from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions";
+import { getSurveySummaryAction } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions";
 import ScrollToTop from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/ScrollToTop";
 import { SummaryDropOffs } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SummaryDropOffs";
 import { CustomFilter } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/CustomFilter";
 import { ResultsShareButton } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/ResultsShareButton";
 import { getFormattedFilters } from "@/app/lib/surveys/surveys";
-import {
-  getResponseCountBySurveySharingKeyAction,
-  getSummaryBySurveySharingKeyAction,
-} from "@/app/share/[sharingKey]/actions";
-import { useIntervalWhenFocused } from "@/lib/utils/hooks/useIntervalWhenFocused";
+import { getSummaryBySurveySharingKeyAction } from "@/app/share/[sharingKey]/actions";
 import { replaceHeadlineRecall } from "@/lib/utils/recall";
 import { useParams, useSearchParams } from "next/navigation";
-import { useCallback, useEffect, useMemo, useRef, useState } from "react";
+import { useEffect, useMemo, useState } from "react";
 import { TEnvironment } from "@formbricks/types/environment";
 import { TSurvey, TSurveySummary } from "@formbricks/types/surveys/types";
-import { TUser, TUserLocale } from "@formbricks/types/user";
+import { TUserLocale } from "@formbricks/types/user";
 import { SummaryList } from "./SummaryList";
 import { SummaryMetadata } from "./SummaryMetadata";
 
-const initialSurveySummary: TSurveySummary = {
+const defaultSurveySummary: TSurveySummary = {
   meta: {
     completedPercentage: 0,
     completedResponses: 0,
@@ -44,11 +37,9 @@ interface SummaryPageProps {
   survey: TSurvey;
   surveyId: string;
   webAppUrl: string;
-  user?: TUser;
-  totalResponseCount: number;
-  documentsPerPage?: number;
   locale: TUserLocale;
   isReadOnly: boolean;
+  initialSurveySummary?: TSurveySummary;
 }
 
 export const SummaryPage = ({
@@ -56,98 +47,69 @@ export const SummaryPage = ({
   survey,
   surveyId,
   webAppUrl,
-  totalResponseCount,
   locale,
   isReadOnly,
+  initialSurveySummary,
 }: SummaryPageProps) => {
   const params = useParams();
   const sharingKey = params.sharingKey as string;
   const isSharingPage = !!sharingKey;
 
   const searchParams = useSearchParams();
-  const isShareEmbedModalOpen = searchParams.get("share") === "true";
 
-  const [responseCount, setResponseCount] = useState<number | null>(null);
-  const [surveySummary, setSurveySummary] = useState<TSurveySummary>(initialSurveySummary);
+  const [surveySummary, setSurveySummary] = useState<TSurveySummary>(
+    initialSurveySummary || defaultSurveySummary
+  );
   const [showDropOffs, setShowDropOffs] = useState<boolean>(false);
-  const [isLoading, setIsLoading] = useState(true);
+  const [isLoading, setIsLoading] = useState(!initialSurveySummary);
 
   const { selectedFilter, dateRange, resetState } = useResponseFilter();
 
-  const filters = useMemo(
-    () => getFormattedFilters(survey, selectedFilter, dateRange),
-    [selectedFilter, dateRange, survey]
-  );
+  // Only fetch data when filters change or when there's no initial data
+  useEffect(() => {
+    // If we have initial data and no filters are applied, don't fetch
+    const hasNoFilters =
+      (!selectedFilter ||
+        Object.keys(selectedFilter).length === 0 ||
+        (selectedFilter.filter && selectedFilter.filter.length === 0)) &&
+      (!dateRange || (!dateRange.from && !dateRange.to));
 
-  // Use a ref to keep the latest state and props
-  const latestFiltersRef = useRef(filters);
-  latestFiltersRef.current = filters;
+    if (initialSurveySummary && hasNoFilters) {
+      setIsLoading(false);
+      return;
+    }
 
-  const getResponseCount = useCallback(() => {
-    if (isSharingPage)
-      return getResponseCountBySurveySharingKeyAction({
-        sharingKey,
-        filterCriteria: latestFiltersRef.current,
-      });
-    return getResponseCountAction({
-      surveyId,
-      filterCriteria: latestFiltersRef.current,
-    });
-  }, [isSharingPage, sharingKey, surveyId]);
-
-  const getSummary = useCallback(() => {
-    if (isSharingPage)
-      return getSummaryBySurveySharingKeyAction({
-        sharingKey,
-        filterCriteria: latestFiltersRef.current,
-      });
-
-    return getSurveySummaryAction({
-      surveyId,
-      filterCriteria: latestFiltersRef.current,
-    });
-  }, [isSharingPage, sharingKey, surveyId]);
-
-  const handleInitialData = useCallback(
-    async (isInitialLoad = false) => {
-      if (isInitialLoad) {
-        setIsLoading(true);
-      }
+    const fetchSummary = async () => {
+      setIsLoading(true);
 
       try {
-        const [updatedResponseCountData, updatedSurveySummary] = await Promise.all([
-          getResponseCount(),
-          getSummary(),
-        ]);
+        // Recalculate filters inside the effect to ensure we have the latest values
+        const currentFilters = getFormattedFilters(survey, selectedFilter, dateRange);
+        let updatedSurveySummary;
 
-        const responseCount = updatedResponseCountData?.data ?? 0;
-        const surveySummary = updatedSurveySummary?.data ?? initialSurveySummary;
+        if (isSharingPage) {
+          updatedSurveySummary = await getSummaryBySurveySharingKeyAction({
+            sharingKey,
+            filterCriteria: currentFilters,
+          });
+        } else {
+          updatedSurveySummary = await getSurveySummaryAction({
+            surveyId,
+            filterCriteria: currentFilters,
+          });
+        }
 
-        setResponseCount(responseCount);
+        const surveySummary = updatedSurveySummary?.data ?? defaultSurveySummary;
         setSurveySummary(surveySummary);
       } catch (error) {
         console.error(error);
       } finally {
-        if (isInitialLoad) {
-          setIsLoading(false);
-        }
+        setIsLoading(false);
       }
-    },
-    [getResponseCount, getSummary]
-  );
+    };
 
-  useEffect(() => {
-    handleInitialData(true);
-  }, [filters, isSharingPage, sharingKey, surveyId, handleInitialData]);
-
-  useIntervalWhenFocused(
-    () => {
-      handleInitialData(false);
-    },
-    10000,
-    !isShareEmbedModalOpen,
-    false
-  );
+    fetchSummary();
+  }, [selectedFilter, dateRange, survey.id, isSharingPage, sharingKey, surveyId, initialSurveySummary]);
 
   const surveyMemoized = useMemo(() => {
     return replaceHeadlineRecall(survey, "default");
@@ -177,10 +139,9 @@ export const SummaryPage = ({
       <ScrollToTop containerId="mainContent" />
       <SummaryList
         summary={surveySummary.summary}
-        responseCount={responseCount}
+        responseCount={surveySummary.meta.totalResponses}
         survey={surveyMemoized}
         environment={environment}
-        totalResponseCount={totalResponseCount}
         locale={locale}
       />
     </>

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SurveyAnalysisCTA.test.tsx

@@ -30,6 +30,7 @@ vi.mock("@/lib/constants", () => ({
   SMTP_HOST: "mock-smtp-host",
   SMTP_PORT: "mock-smtp-port",
   IS_POSTHOG_CONFIGURED: true,
+  SESSION_MAX_AGE: 1000,
 }));
 
 // Create a spy for refreshSingleUseId so we can override it in tests
@@ -50,6 +51,7 @@ vi.mock("next/navigation", () => ({
   useRouter: () => ({ push: mockPush }),
   useSearchParams: () => mockSearchParams,
   usePathname: () => "/current",
+  useParams: () => ({ environmentId: "env123", surveyId: "survey123" }),
 }));
 
 // Mock copySurveyLink to return a predictable string
@@ -68,6 +70,23 @@ vi.mock("@/lib/utils/helper", () => ({
   getFormattedErrorMessage: vi.fn((response) => response?.error || "Unknown error"),
 }));
 
+// Mock ResponseCountProvider dependencies
+vi.mock("@/app/(app)/environments/[environmentId]/components/ResponseFilterContext", () => ({
+  useResponseFilter: vi.fn(() => ({ selectedFilter: "all", dateRange: {} })),
+}));
+
+vi.mock("@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions", () => ({
+  getResponseCountAction: vi.fn(() => Promise.resolve({ data: 5 })),
+}));
+
+vi.mock("@/app/lib/surveys/surveys", () => ({
+  getFormattedFilters: vi.fn(() => []),
+}));
+
+vi.mock("@/app/share/[sharingKey]/actions", () => ({
+  getResponseCountBySurveySharingKeyAction: vi.fn(() => Promise.resolve({ data: 5 })),
+}));
+
 vi.spyOn(toast, "success");
 vi.spyOn(toast, "error");
 

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SurveyAnalysisCTA.tsx

@@ -171,7 +171,7 @@ export const SurveyAnalysisCTA = ({
       icon: SquarePenIcon,
       tooltip: t("common.edit"),
       onClick: () => {
-        responseCount && responseCount > 0
+        responseCount > 0
           ? setIsCautionDialogOpen(true)
           : router.push(`/environments/${environment.id}/surveys/${survey.id}/edit`);
       },

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/surveySummary.test.ts

@@ -758,7 +758,6 @@ describe("getSurveySummary", () => {
     expect(summary.dropOff).toBeDefined();
     expect(summary.summary).toBeDefined();
     expect(getSurvey).toHaveBeenCalledWith(mockSurveyId);
-    expect(getResponseCountBySurveyId).toHaveBeenCalledWith(mockSurveyId, undefined);
     expect(prisma.response.findMany).toHaveBeenCalled(); // Check if getResponsesForSummary was effectively called
     expect(getDisplayCountBySurveyId).toHaveBeenCalled();
   });
@@ -770,7 +769,6 @@ describe("getSurveySummary", () => {
 
   test("handles filterCriteria", async () => {
     const filterCriteria: TResponseFilterCriteria = { finished: true };
-    vi.mocked(getResponseCountBySurveyId).mockResolvedValue(2); // Assume 2 finished responses
     const finishedResponses = mockResponses
       .filter((r) => r.finished)
       .map((r) => ({ ...r, contactId: null, personAttributes: {} }));
@@ -778,7 +776,6 @@ describe("getSurveySummary", () => {
 
     await getSurveySummary(mockSurveyId, filterCriteria);
 
-    expect(getResponseCountBySurveyId).toHaveBeenCalledWith(mockSurveyId, filterCriteria);
     expect(prisma.response.findMany).toHaveBeenCalledWith(
       expect.objectContaining({
         where: expect.objectContaining({ surveyId: mockSurveyId }), // buildWhereClause is mocked

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/surveySummary.ts

@@ -5,7 +5,6 @@ import { displayCache } from "@/lib/display/cache";
 import { getDisplayCountBySurveyId } from "@/lib/display/service";
 import { getLocalizedValue } from "@/lib/i18n/utils";
 import { responseCache } from "@/lib/response/cache";
-import { getResponseCountBySurveyId } from "@/lib/response/service";
 import { buildWhereClause } from "@/lib/response/utils";
 import { surveyCache } from "@/lib/survey/cache";
 import { getSurvey } from "@/lib/survey/service";
@@ -13,6 +12,7 @@ import { evaluateLogic, performActions } from "@/lib/surveyLogic/utils";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
 import { cache as reactCache } from "react";
+import { z } from "zod";
 import { prisma } from "@formbricks/database";
 import { ZId, ZOptionalNumber } from "@formbricks/types/common";
 import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
@@ -917,22 +917,24 @@ export const getSurveySummary = reactCache(
           }
 
           const batchSize = 5000;
-          const responseCount = await getResponseCountBySurveyId(surveyId, filterCriteria);
-
           const hasFilter = Object.keys(filterCriteria ?? {}).length > 0;
 
-          const pages = Math.ceil(responseCount / batchSize);
+          // Use cursor-based pagination instead of count + offset to avoid expensive queries
+          const responses: TSurveySummaryResponse[] = [];
+          let cursor: string | undefined = undefined;
+          let hasMore = true;
 
-          // Create an array of batch fetch promises
-          const batchPromises = Array.from({ length: pages }, (_, i) =>
-            getResponsesForSummary(surveyId, batchSize, i * batchSize, filterCriteria)
-          );
+          while (hasMore) {
+            const batch = await getResponsesForSummary(surveyId, batchSize, 0, filterCriteria, cursor);
+            responses.push(...batch);
 
-          // Fetch all batches in parallel
-          const batchResults = await Promise.all(batchPromises);
-
-          // Combine all batch results
-          const responses = batchResults.flat();
+            if (batch.length < batchSize) {
+              hasMore = false;
+            } else {
+              // Use the last response's ID as cursor for next batch
+              cursor = batch[batch.length - 1].id;
+            }
+          }
 
           const responseIds = hasFilter ? responses.map((response) => response.id) : [];
 
@@ -972,7 +974,8 @@ export const getResponsesForSummary = reactCache(
     surveyId: string,
     limit: number,
     offset: number,
-    filterCriteria?: TResponseFilterCriteria
+    filterCriteria?: TResponseFilterCriteria,
+    cursor?: string
   ): Promise<TSurveySummaryResponse[]> =>
     cache(
       async () => {
@@ -980,18 +983,28 @@ export const getResponsesForSummary = reactCache(
           [surveyId, ZId],
           [limit, ZOptionalNumber],
           [offset, ZOptionalNumber],
-          [filterCriteria, ZResponseFilterCriteria.optional()]
+          [filterCriteria, ZResponseFilterCriteria.optional()],
+          [cursor, z.string().cuid2().optional()]
         );
 
         const queryLimit = limit ?? RESPONSES_PER_PAGE;
         const survey = await getSurvey(surveyId);
         if (!survey) return [];
         try {
+          const whereClause: Prisma.ResponseWhereInput = {
+            surveyId,
+            ...buildWhereClause(survey, filterCriteria),
+          };
+
+          // Add cursor condition for cursor-based pagination
+          if (cursor) {
+            whereClause.id = {
+              lt: cursor, // Get responses with ID less than cursor (for desc order)
+            };
+          }
+
           const responses = await prisma.response.findMany({
-            where: {
-              surveyId,
-              ...buildWhereClause(survey, filterCriteria),
-            },
+            where: whereClause,
             select: {
               id: true,
               data: true,
@@ -1013,6 +1026,9 @@ export const getResponsesForSummary = reactCache(
               {
                 createdAt: "desc",
               },
+              {
+                id: "desc", // Secondary sort by ID for consistent pagination
+              },
             ],
             take: queryLimit,
             skip: offset,
@@ -1043,7 +1059,9 @@ export const getResponsesForSummary = reactCache(
           throw error;
         }
       },
-      [`getResponsesForSummary-${surveyId}-${limit}-${offset}-${JSON.stringify(filterCriteria)}`],
+      [
+        `getResponsesForSummary-${surveyId}-${limit}-${offset}-${JSON.stringify(filterCriteria)}-${cursor || ""}`,
+      ],
       {
         tags: [responseCache.tag.bySurveyId(surveyId)],
       }

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/page.test.tsx

@@ -1,7 +1,9 @@
+import { ResponseFilterProvider } from "@/app/(app)/environments/[environmentId]/components/ResponseFilterContext";
 import { SurveyAnalysisNavigation } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/SurveyAnalysisNavigation";
 import { SummaryPage } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SummaryPage";
+import { getSurveySummary } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/surveySummary";
 import SurveyPage from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/page";
-import { DEFAULT_LOCALE, DOCUMENTS_PER_PAGE, WEBAPP_URL } from "@/lib/constants";
+import { DEFAULT_LOCALE, WEBAPP_URL } from "@/lib/constants";
 import { getSurveyDomain } from "@/lib/getSurveyUrl";
 import { getResponseCountBySurveyId } from "@/lib/response/service";
 import { getSurvey } from "@/lib/survey/service";
@@ -38,7 +40,7 @@ vi.mock("@/lib/constants", () => ({
   SENTRY_DSN: "mock-sentry-dsn",
   WEBAPP_URL: "http://localhost:3000",
   RESPONSES_PER_PAGE: 10,
-  DOCUMENTS_PER_PAGE: 10,
+  SESSION_MAX_AGE: 1000,
 }));
 
 vi.mock(
@@ -78,6 +80,13 @@ vi.mock("@/lib/user/service", () => ({
   getUser: vi.fn(),
 }));
 
+vi.mock(
+  "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/surveySummary",
+  () => ({
+    getSurveySummary: vi.fn(),
+  })
+);
+
 vi.mock("@/modules/environments/lib/utils", () => ({
   getEnvironmentAuth: vi.fn(),
 }));
@@ -100,6 +109,11 @@ vi.mock("@/tolgee/server", () => ({
 
 vi.mock("next/navigation", () => ({
   notFound: vi.fn(),
+  useParams: () => ({
+    environmentId: "test-environment-id",
+    surveyId: "test-survey-id",
+    sharingKey: null,
+  }),
 }));
 
 const mockEnvironmentId = "test-environment-id";
@@ -172,6 +186,21 @@ const mockSession = {
   expires: new Date(Date.now() + 3600 * 1000).toISOString(), // 1 hour from now
 } as any;
 
+const mockSurveySummary = {
+  meta: {
+    completedPercentage: 75,
+    completedResponses: 15,
+    displayCount: 20,
+    dropOffPercentage: 25,
+    dropOffCount: 5,
+    startsPercentage: 80,
+    totalResponses: 20,
+    ttcAverage: 120,
+  },
+  dropOff: [],
+  summary: [],
+};
+
 describe("SurveyPage", () => {
   beforeEach(() => {
     vi.mocked(getEnvironmentAuth).mockResolvedValue({
@@ -183,6 +212,7 @@ describe("SurveyPage", () => {
     vi.mocked(getUser).mockResolvedValue(mockUser);
     vi.mocked(getResponseCountBySurveyId).mockResolvedValue(10);
     vi.mocked(getSurveyDomain).mockReturnValue("test.domain.com");
+    vi.mocked(getSurveySummary).mockResolvedValue(mockSurveySummary);
     vi.mocked(notFound).mockClear();
   });
 
@@ -193,7 +223,8 @@ describe("SurveyPage", () => {
 
   test("renders correctly with valid data", async () => {
     const params = Promise.resolve({ environmentId: mockEnvironmentId, surveyId: mockSurveyId });
-    render(await SurveyPage({ params }));
+    const jsx = await SurveyPage({ params });
+    render(<ResponseFilterProvider>{jsx}</ResponseFilterProvider>);
 
     expect(screen.getByTestId("page-content-wrapper")).toBeInTheDocument();
     expect(screen.getByTestId("page-header")).toBeInTheDocument();
@@ -204,7 +235,6 @@ describe("SurveyPage", () => {
     expect(vi.mocked(getEnvironmentAuth)).toHaveBeenCalledWith(mockEnvironmentId);
     expect(vi.mocked(getSurvey)).toHaveBeenCalledWith(mockSurveyId);
     expect(vi.mocked(getUser)).toHaveBeenCalledWith(mockUserId);
-    expect(vi.mocked(getResponseCountBySurveyId)).toHaveBeenCalledWith(mockSurveyId);
     expect(vi.mocked(getSurveyDomain)).toHaveBeenCalled();
 
     expect(vi.mocked(SurveyAnalysisNavigation).mock.calls[0][0]).toEqual(
@@ -212,7 +242,6 @@ describe("SurveyPage", () => {
         environmentId: mockEnvironmentId,
         survey: mockSurvey,
         activeId: "summary",
-        initialTotalResponseCount: 10,
       })
     );
 
@@ -222,18 +251,17 @@ describe("SurveyPage", () => {
         survey: mockSurvey,
         surveyId: mockSurveyId,
         webAppUrl: WEBAPP_URL,
-        user: mockUser,
-        totalResponseCount: 10,
-        documentsPerPage: DOCUMENTS_PER_PAGE,
         isReadOnly: false,
         locale: mockUser.locale ?? DEFAULT_LOCALE,
+        initialSurveySummary: mockSurveySummary,
       })
     );
   });
 
   test("calls notFound if surveyId is not present in params", async () => {
     const params = Promise.resolve({ environmentId: mockEnvironmentId, surveyId: undefined }) as any;
-    render(await SurveyPage({ params }));
+    const jsx = await SurveyPage({ params });
+    render(<ResponseFilterProvider>{jsx}</ResponseFilterProvider>);
     expect(vi.mocked(notFound)).toHaveBeenCalled();
   });
 
@@ -243,7 +271,7 @@ describe("SurveyPage", () => {
     try {
       // We need to await the component itself because it's an async component
       const SurveyPageComponent = await SurveyPage({ params });
-      render(SurveyPageComponent);
+      render(<ResponseFilterProvider>{SurveyPageComponent}</ResponseFilterProvider>);
     } catch (e: any) {
       expect(e.message).toBe("common.survey_not_found");
     }
@@ -256,7 +284,7 @@ describe("SurveyPage", () => {
     const params = Promise.resolve({ environmentId: mockEnvironmentId, surveyId: mockSurveyId });
     try {
       const SurveyPageComponent = await SurveyPage({ params });
-      render(SurveyPageComponent);
+      render(<ResponseFilterProvider>{SurveyPageComponent}</ResponseFilterProvider>);
     } catch (e: any) {
       expect(e.message).toBe("common.user_not_found");
     }

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/page.tsx

@@ -1,9 +1,9 @@
 import { SurveyAnalysisNavigation } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/SurveyAnalysisNavigation";
 import { SummaryPage } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SummaryPage";
 import { SurveyAnalysisCTA } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SurveyAnalysisCTA";
-import { DEFAULT_LOCALE, DOCUMENTS_PER_PAGE, WEBAPP_URL } from "@/lib/constants";
+import { getSurveySummary } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/surveySummary";
+import { DEFAULT_LOCALE, WEBAPP_URL } from "@/lib/constants";
 import { getSurveyDomain } from "@/lib/getSurveyUrl";
-import { getResponseCountBySurveyId } from "@/lib/response/service";
 import { getSurvey } from "@/lib/survey/service";
 import { getUser } from "@/lib/user/service";
 import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
@@ -37,10 +37,8 @@ const SurveyPage = async (props: { params: Promise<{ environmentId: string; surv
     throw new Error(t("common.user_not_found"));
   }
 
-  const totalResponseCount = await getResponseCountBySurveyId(params.surveyId);
-
-  // I took this out cause it's cloud only right?
-  // const { active: isEnterpriseEdition } = await getEnterpriseLicense();
+  // Fetch initial survey summary data on the server to prevent duplicate API calls during hydration
+  const initialSurveySummary = await getSurveySummary(surveyId);
 
   const surveyDomain = getSurveyDomain();
 
@@ -55,26 +53,19 @@ const SurveyPage = async (props: { params: Promise<{ environmentId: string; surv
             isReadOnly={isReadOnly}
             user={user}
             surveyDomain={surveyDomain}
-            responseCount={totalResponseCount}
+            responseCount={initialSurveySummary?.meta.totalResponses ?? 0}
           />
         }>
-        <SurveyAnalysisNavigation
-          environmentId={environment.id}
-          survey={survey}
-          activeId="summary"
-          initialTotalResponseCount={totalResponseCount}
-        />
+        <SurveyAnalysisNavigation environmentId={environment.id} survey={survey} activeId="summary" />
       </PageHeader>
       <SummaryPage
         environment={environment}
         survey={survey}
         surveyId={params.surveyId}
         webAppUrl={WEBAPP_URL}
-        user={user}
-        totalResponseCount={totalResponseCount}
-        documentsPerPage={DOCUMENTS_PER_PAGE}
         isReadOnly={isReadOnly}
         locale={user.locale ?? DEFAULT_LOCALE}
+        initialSurveySummary={initialSurveySummary}
       />
 
       <SettingsId title={t("common.survey_id")} id={surveyId}></SettingsId>

apps/web/app/(app)/layout.test.tsx

@@ -38,6 +38,7 @@ vi.mock("@/lib/constants", () => ({
   POSTHOG_API_KEY: "test-posthog-api-key",
   FORMBRICKS_ENVIRONMENT_ID: "mock-formbricks-environment-id",
   IS_FORMBRICKS_ENABLED: true,
+  SESSION_MAX_AGE: 1000,
 }));
 
 vi.mock("@/app/intercom/IntercomClientWrapper", () => ({

apps/web/app/(auth)/email-change-without-verification-success/page.test.tsx

@@ -0,0 +1,20 @@
+import { cleanup, render } from "@testing-library/react";
+import { afterEach, describe, expect, test, vi } from "vitest";
+import EmailChangeWithoutVerificationSuccessPage from "./page";
+
+vi.mock("@/modules/auth/email-change-without-verification-success/page", () => ({
+  EmailChangeWithoutVerificationSuccessPage: ({ children }) => (
+    <div data-testid="email-change-success-page">{children}</div>
+  ),
+}));
+
+describe("EmailChangeWithoutVerificationSuccessPage", () => {
+  afterEach(() => {
+    cleanup();
+  });
+
+  test("renders EmailChangeWithoutVerificationSuccessPage", () => {
+    const { getByTestId } = render(<EmailChangeWithoutVerificationSuccessPage />);
+    expect(getByTestId("email-change-success-page")).toBeInTheDocument();
+  });
+});

apps/web/app/(auth)/email-change-without-verification-success/page.tsx

@@ -0,0 +1,3 @@
+import { EmailChangeWithoutVerificationSuccessPage } from "@/modules/auth/email-change-without-verification-success/page";
+
+export default EmailChangeWithoutVerificationSuccessPage;

apps/web/app/(auth)/verify-email-change/page.tsx

@@ -0,0 +1,3 @@
+import { VerifyEmailChangePage } from "@/modules/auth/verify-email-change/page";
+
+export default VerifyEmailChangePage;

apps/web/app/api/v2/client/[environmentId]/responses/lib/utils.ts

@@ -26,7 +26,7 @@ export const checkSurveyValidity = async (
     );
   }
 
-  if (survey.singleUse?.enabled) {
+  if (survey.type === "link" && survey.singleUse?.enabled) {
     if (!responseInput.singleUseId) {
       return responses.badRequestResponse("Missing single use id", {
         surveyId: survey.id,

apps/web/app/share/[sharingKey]/(analysis)/responses/page.tsx

@@ -3,7 +3,6 @@ import { ResponsePage } from "@/app/(app)/environments/[environmentId]/surveys/[
 import { RESPONSES_PER_PAGE, WEBAPP_URL } from "@/lib/constants";
 import { getEnvironment } from "@/lib/environment/service";
 import { getProjectByEnvironmentId } from "@/lib/project/service";
-import { getResponseCountBySurveyId } from "@/lib/response/service";
 import { getSurvey, getSurveyIdByResultShareKey } from "@/lib/survey/service";
 import { getTagsByEnvironmentId } from "@/lib/tag/service";
 import { findMatchingLocale } from "@/lib/utils/locale";
@@ -46,19 +45,13 @@ const Page = async (props: ResponsesPageProps) => {
     throw new Error(t("common.project_not_found"));
   }
 
-  const totalResponseCount = await getResponseCountBySurveyId(surveyId);
   const locale = await findMatchingLocale();
 
   return (
     <div className="flex w-full justify-center">
       <PageContentWrapper className="w-full">
         <PageHeader pageTitle={survey.name}>
-          <SurveyAnalysisNavigation
-            survey={survey}
-            environmentId={environment.id}
-            activeId="responses"
-            initialTotalResponseCount={totalResponseCount}
-          />
+          <SurveyAnalysisNavigation survey={survey} environmentId={environment.id} activeId="responses" />
         </PageHeader>
         <ResponsePage
           environment={environment}

apps/web/app/share/[sharingKey]/(analysis)/summary/page.tsx

@@ -1,9 +1,9 @@
 import { SurveyAnalysisNavigation } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/SurveyAnalysisNavigation";
 import { SummaryPage } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SummaryPage";
+import { getSurveySummary } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/surveySummary";
 import { DEFAULT_LOCALE, WEBAPP_URL } from "@/lib/constants";
 import { getEnvironment } from "@/lib/environment/service";
 import { getProjectByEnvironmentId } from "@/lib/project/service";
-import { getResponseCountBySurveyId } from "@/lib/response/service";
 import { getSurvey, getSurveyIdByResultShareKey } from "@/lib/survey/service";
 import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
 import { PageHeader } from "@/modules/ui/components/page-header";
@@ -47,27 +47,23 @@ const Page = async (props: SummaryPageProps) => {
     throw new Error(t("common.project_not_found"));
   }
 
-  const totalResponseCount = await getResponseCountBySurveyId(surveyId);
+  // Fetch initial survey summary data on the server to prevent duplicate API calls during hydration
+  const initialSurveySummary = await getSurveySummary(surveyId);
 
   return (
     <div className="flex w-full justify-center">
       <PageContentWrapper className="w-full">
         <PageHeader pageTitle={survey.name}>
-          <SurveyAnalysisNavigation
-            survey={survey}
-            environmentId={environment.id}
-            activeId="summary"
-            initialTotalResponseCount={totalResponseCount}
-          />
+          <SurveyAnalysisNavigation survey={survey} environmentId={environment.id} activeId="summary" />
         </PageHeader>
         <SummaryPage
           environment={environment}
           survey={survey}
           surveyId={survey.id}
           webAppUrl={WEBAPP_URL}
-          totalResponseCount={totalResponseCount}
           isReadOnly={true}
           locale={DEFAULT_LOCALE}
+          initialSurveySummary={initialSurveySummary}
         />
       </PageContentWrapper>
     </div>

apps/web/app/share/[sharingKey]/actions.ts

@@ -43,7 +43,7 @@ export const getSummaryBySurveySharingKeyAction = actionClient
     const surveyId = await getSurveyIdByResultShareKey(parsedInput.sharingKey);
     if (!surveyId) throw new AuthorizationError("Not authorized");
 
-    return await getSurveySummary(surveyId, parsedInput.filterCriteria);
+    return getSurveySummary(surveyId, parsedInput.filterCriteria);
   });
 
 const ZGetResponseCountBySurveySharingKeyAction = z.object({
@@ -57,7 +57,7 @@ export const getResponseCountBySurveySharingKeyAction = actionClient
     const surveyId = await getSurveyIdByResultShareKey(parsedInput.sharingKey);
     if (!surveyId) throw new AuthorizationError("Not authorized");
 
-    return await getResponseCountBySurveyId(surveyId, parsedInput.filterCriteria);
+    return getResponseCountBySurveyId(surveyId, parsedInput.filterCriteria);
   });
 
 const ZGetSurveyFilterDataBySurveySharingKeyAction = z.object({

apps/web/lib/constants.ts

@@ -95,8 +95,6 @@ export const ITEMS_PER_PAGE = 30;
 export const SURVEYS_PER_PAGE = 12;
 export const RESPONSES_PER_PAGE = 25;
 export const TEXT_RESPONSES_PER_PAGE = 5;
-export const INSIGHTS_PER_PAGE = 10;
-export const DOCUMENTS_PER_PAGE = 10;
 export const MAX_RESPONSES_FOR_INSIGHT_GENERATION = 500;
 export const MAX_OTHER_OPTION_LENGTH = 250;
 
@@ -283,3 +281,5 @@ export const SENTRY_DSN = env.SENTRY_DSN;
 export const PROMETHEUS_ENABLED = env.PROMETHEUS_ENABLED === "1";
 
 export const USER_MANAGEMENT_MINIMUM_ROLE = env.USER_MANAGEMENT_MINIMUM_ROLE ?? "manager";
+
+export const SESSION_MAX_AGE = Number(env.SESSION_MAX_AGE) || 86400;

apps/web/lib/env.ts

@@ -105,6 +105,7 @@ export const env = createEnv({
     PROMETHEUS_EXPORTER_PORT: z.string().optional(),
     PROMETHEUS_ENABLED: z.enum(["1", "0"]).optional(),
     USER_MANAGEMENT_MINIMUM_ROLE: z.enum(["owner", "manager", "disabled"]).optional(),
+    SESSION_MAX_AGE: z.string().transform((val) => parseInt(val)).optional(),
   },
 
   /*
@@ -200,5 +201,6 @@ export const env = createEnv({
     PROMETHEUS_ENABLED: process.env.PROMETHEUS_ENABLED,
     PROMETHEUS_EXPORTER_PORT: process.env.PROMETHEUS_EXPORTER_PORT,
     USER_MANAGEMENT_MINIMUM_ROLE: process.env.USER_MANAGEMENT_MINIMUM_ROLE,
+    SESSION_MAX_AGE: process.env.SESSION_MAX_AGE,
   },
 });

apps/web/lib/jwt.test.ts

@@ -2,11 +2,13 @@ import { env } from "@/lib/env";
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import {
+  createEmailChangeToken,
   createEmailToken,
   createInviteToken,
   createToken,
   createTokenForLinkSurvey,
   getEmailFromEmailToken,
+  verifyEmailChangeToken,
   verifyInviteToken,
   verifyToken,
   verifyTokenForLinkSurvey,
@@ -46,16 +48,6 @@ describe("JWT Functions", () => {
       expect(token).toBeDefined();
       expect(typeof token).toBe("string");
     });
-
-    test("should throw error if ENCRYPTION_KEY is not set", () => {
-      const originalKey = env.ENCRYPTION_KEY;
-      try {
-        (env as any).ENCRYPTION_KEY = undefined;
-        expect(() => createToken(mockUser.id, mockUser.email)).toThrow("ENCRYPTION_KEY is not set");
-      } finally {
-        (env as any).ENCRYPTION_KEY = originalKey;
-      }
-    });
   });
 
   describe("createTokenForLinkSurvey", () => {
@@ -65,18 +57,6 @@ describe("JWT Functions", () => {
       expect(token).toBeDefined();
       expect(typeof token).toBe("string");
     });
-
-    test("should throw error if ENCRYPTION_KEY is not set", () => {
-      const originalKey = env.ENCRYPTION_KEY;
-      try {
-        (env as any).ENCRYPTION_KEY = undefined;
-        expect(() => createTokenForLinkSurvey("test-survey-id", mockUser.email)).toThrow(
-          "ENCRYPTION_KEY is not set"
-        );
-      } finally {
-        (env as any).ENCRYPTION_KEY = originalKey;
-      }
-    });
   });
 
   describe("createEmailToken", () => {
@@ -86,16 +66,6 @@ describe("JWT Functions", () => {
       expect(typeof token).toBe("string");
     });
 
-    test("should throw error if ENCRYPTION_KEY is not set", () => {
-      const originalKey = env.ENCRYPTION_KEY;
-      try {
-        (env as any).ENCRYPTION_KEY = undefined;
-        expect(() => createEmailToken(mockUser.email)).toThrow("ENCRYPTION_KEY is not set");
-      } finally {
-        (env as any).ENCRYPTION_KEY = originalKey;
-      }
-    });
-
     test("should throw error if NEXTAUTH_SECRET is not set", () => {
       const originalSecret = env.NEXTAUTH_SECRET;
       try {
@@ -113,16 +83,6 @@ describe("JWT Functions", () => {
       const extractedEmail = getEmailFromEmailToken(token);
       expect(extractedEmail).toBe(mockUser.email);
     });
-
-    test("should throw error if ENCRYPTION_KEY is not set", () => {
-      const originalKey = env.ENCRYPTION_KEY;
-      try {
-        (env as any).ENCRYPTION_KEY = undefined;
-        expect(() => getEmailFromEmailToken("invalid-token")).toThrow("ENCRYPTION_KEY is not set");
-      } finally {
-        (env as any).ENCRYPTION_KEY = originalKey;
-      }
-    });
   });
 
   describe("createInviteToken", () => {
@@ -132,18 +92,6 @@ describe("JWT Functions", () => {
       expect(token).toBeDefined();
       expect(typeof token).toBe("string");
     });
-
-    test("should throw error if ENCRYPTION_KEY is not set", () => {
-      const originalKey = env.ENCRYPTION_KEY;
-      try {
-        (env as any).ENCRYPTION_KEY = undefined;
-        expect(() => createInviteToken("test-invite-id", mockUser.email)).toThrow(
-          "ENCRYPTION_KEY is not set"
-        );
-      } finally {
-        (env as any).ENCRYPTION_KEY = originalKey;
-      }
-    });
   });
 
   describe("verifyTokenForLinkSurvey", () => {
@@ -192,4 +140,32 @@ describe("JWT Functions", () => {
       expect(() => verifyInviteToken("invalid-token")).toThrow("Invalid or expired invite token");
     });
   });
+
+  describe("verifyEmailChangeToken", () => {
+    test("should verify and decrypt valid email change token", async () => {
+      const userId = "test-user-id";
+      const email = "test@example.com";
+      const token = createEmailChangeToken(userId, email);
+      const result = await verifyEmailChangeToken(token);
+      expect(result).toEqual({ id: userId, email });
+    });
+
+    test("should throw error if token is invalid or missing fields", async () => {
+      // Create a token with missing fields
+      const jwt = await import("jsonwebtoken");
+      const token = jwt.sign({ foo: "bar" }, env.NEXTAUTH_SECRET as string);
+      await expect(verifyEmailChangeToken(token)).rejects.toThrow(
+        "Token is invalid or missing required fields"
+      );
+    });
+
+    test("should return original id/email if decryption fails", async () => {
+      // Create a token with non-encrypted id/email
+      const jwt = await import("jsonwebtoken");
+      const payload = { id: "plain-id", email: "plain@example.com" };
+      const token = jwt.sign(payload, env.NEXTAUTH_SECRET as string);
+      const result = await verifyEmailChangeToken(token);
+      expect(result).toEqual(payload);
+    });
+  });
 });

apps/web/lib/jwt.ts

@@ -5,27 +5,60 @@ import { prisma } from "@formbricks/database";
 import { logger } from "@formbricks/logger";
 
 export const createToken = (userId: string, userEmail: string, options = {}): string => {
-  if (!env.ENCRYPTION_KEY) {
-    throw new Error("ENCRYPTION_KEY is not set");
-  }
-
   const encryptedUserId = symmetricEncrypt(userId, env.ENCRYPTION_KEY);
   return jwt.sign({ id: encryptedUserId }, env.NEXTAUTH_SECRET + userEmail, options);
 };
 export const createTokenForLinkSurvey = (surveyId: string, userEmail: string): string => {
-  if (!env.ENCRYPTION_KEY) {
-    throw new Error("ENCRYPTION_KEY is not set");
-  }
-
   const encryptedEmail = symmetricEncrypt(userEmail, env.ENCRYPTION_KEY);
   return jwt.sign({ email: encryptedEmail }, env.NEXTAUTH_SECRET + surveyId);
 };
 
-export const createEmailToken = (email: string): string => {
-  if (!env.ENCRYPTION_KEY) {
-    throw new Error("ENCRYPTION_KEY is not set");
+export const verifyEmailChangeToken = async (token: string): Promise<{ id: string; email: string }> => {
+  if (!env.NEXTAUTH_SECRET) {
+    throw new Error("NEXTAUTH_SECRET is not set");
   }
 
+  const payload = jwt.verify(token, env.NEXTAUTH_SECRET) as { id: string; email: string };
+
+  if (!payload?.id || !payload?.email) {
+    throw new Error("Token is invalid or missing required fields");
+  }
+
+  let decryptedId: string;
+  let decryptedEmail: string;
+
+  try {
+    decryptedId = symmetricDecrypt(payload.id, env.ENCRYPTION_KEY);
+  } catch {
+    decryptedId = payload.id;
+  }
+
+  try {
+    decryptedEmail = symmetricDecrypt(payload.email, env.ENCRYPTION_KEY);
+  } catch {
+    decryptedEmail = payload.email;
+  }
+
+  return {
+    id: decryptedId,
+    email: decryptedEmail,
+  };
+};
+
+export const createEmailChangeToken = (userId: string, email: string): string => {
+  const encryptedUserId = symmetricEncrypt(userId, env.ENCRYPTION_KEY);
+  const encryptedEmail = symmetricEncrypt(email, env.ENCRYPTION_KEY);
+
+  const payload = {
+    id: encryptedUserId,
+    email: encryptedEmail,
+  };
+
+  return jwt.sign(payload, env.NEXTAUTH_SECRET as string, {
+    expiresIn: "1d",
+  });
+};
+export const createEmailToken = (email: string): string => {
   if (!env.NEXTAUTH_SECRET) {
     throw new Error("NEXTAUTH_SECRET is not set");
   }
@@ -35,10 +68,6 @@ export const createEmailToken = (email: string): string => {
 };
 
 export const getEmailFromEmailToken = (token: string): string => {
-  if (!env.ENCRYPTION_KEY) {
-    throw new Error("ENCRYPTION_KEY is not set");
-  }
-
   if (!env.NEXTAUTH_SECRET) {
     throw new Error("NEXTAUTH_SECRET is not set");
   }
@@ -55,10 +84,6 @@ export const getEmailFromEmailToken = (token: string): string => {
 };
 
 export const createInviteToken = (inviteId: string, email: string, options = {}): string => {
-  if (!env.ENCRYPTION_KEY) {
-    throw new Error("ENCRYPTION_KEY is not set");
-  }
-
   if (!env.NEXTAUTH_SECRET) {
     throw new Error("NEXTAUTH_SECRET is not set");
   }
@@ -87,9 +112,6 @@ export const verifyTokenForLinkSurvey = (token: string, surveyId: string): strin
 };
 
 export const verifyToken = async (token: string): Promise<JwtPayload> => {
-  if (!env.ENCRYPTION_KEY) {
-    throw new Error("ENCRYPTION_KEY is not set");
-  }
   // First decode to get the ID
   const decoded = jwt.decode(token);
   const payload: JwtPayload = decoded as JwtPayload;
@@ -127,10 +149,6 @@ export const verifyToken = async (token: string): Promise<JwtPayload> => {
 
 export const verifyInviteToken = (token: string): { inviteId: string; email: string } => {
   try {
-    if (!env.ENCRYPTION_KEY) {
-      throw new Error("ENCRYPTION_KEY is not set");
-    }
-
     const decoded = jwt.decode(token);
     const payload: JwtPayload = decoded as JwtPayload;
 

apps/web/lib/response/service.ts

@@ -2,6 +2,7 @@ import "server-only";
 import { cache } from "@/lib/cache";
 import { Prisma } from "@prisma/client";
 import { cache as reactCache } from "react";
+import { z } from "zod";
 import { prisma } from "@formbricks/database";
 import { logger } from "@formbricks/logger";
 import { ZId, ZOptionalNumber, ZString } from "@formbricks/types/common";
@@ -98,7 +99,7 @@ export const getResponseContact = (
   if (!responsePrisma.contact) return null;
 
   return {
-    id: responsePrisma.contact.id as string,
+    id: responsePrisma.contact.id,
     userId: responsePrisma.contact.attributes.find((attribute) => attribute.attributeKey.key === "userId")
       ?.value as string,
   };
@@ -291,7 +292,8 @@ export const getResponses = reactCache(
     surveyId: string,
     limit?: number,
     offset?: number,
-    filterCriteria?: TResponseFilterCriteria
+    filterCriteria?: TResponseFilterCriteria,
+    cursor?: string
   ): Promise<TResponse[]> =>
     cache(
       async () => {
@@ -299,26 +301,39 @@ export const getResponses = reactCache(
           [surveyId, ZId],
           [limit, ZOptionalNumber],
           [offset, ZOptionalNumber],
-          [filterCriteria, ZResponseFilterCriteria.optional()]
+          [filterCriteria, ZResponseFilterCriteria.optional()],
+          [cursor, z.string().cuid2().optional()]
         );
 
         limit = limit ?? RESPONSES_PER_PAGE;
         const survey = await getSurvey(surveyId);
         if (!survey) return [];
         try {
+          const whereClause: Prisma.ResponseWhereInput = {
+            surveyId,
+            ...buildWhereClause(survey, filterCriteria),
+          };
+
+          // Add cursor condition for cursor-based pagination
+          if (cursor) {
+            whereClause.id = {
+              lt: cursor, // Get responses with ID less than cursor (for desc order)
+            };
+          }
+
           const responses = await prisma.response.findMany({
-            where: {
-              surveyId,
-              ...buildWhereClause(survey, filterCriteria),
-            },
+            where: whereClause,
             select: responseSelection,
             orderBy: [
               {
                 createdAt: "desc",
               },
+              {
+                id: "desc", // Secondary sort by ID for consistent pagination
+              },
             ],
-            take: limit ? limit : undefined,
-            skip: offset ? offset : undefined,
+            take: limit,
+            skip: offset,
           });
 
           const transformedResponses: TResponse[] = await Promise.all(
@@ -340,7 +355,7 @@ export const getResponses = reactCache(
           throw error;
         }
       },
-      [`getResponses-${surveyId}-${limit}-${offset}-${JSON.stringify(filterCriteria)}`],
+      [`getResponses-${surveyId}-${limit}-${offset}-${JSON.stringify(filterCriteria)}-${cursor}`],
       {
         tags: [responseCache.tag.bySurveyId(surveyId)],
       }
@@ -360,19 +375,27 @@ export const getResponseDownloadUrl = async (
       throw new ResourceNotFoundError("Survey", surveyId);
     }
 
-    const environmentId = survey.environmentId as string;
+    const environmentId = survey.environmentId;
 
     const accessType = "private";
     const batchSize = 3000;
-    const responseCount = await getResponseCountBySurveyId(surveyId, filterCriteria);
-    const pages = Math.ceil(responseCount / batchSize);
 
-    const responsesArray = await Promise.all(
-      Array.from({ length: pages }, (_, i) => {
-        return getResponses(surveyId, batchSize, i * batchSize, filterCriteria);
-      })
-    );
-    const responses = responsesArray.flat();
+    // Use cursor-based pagination instead of count + offset to avoid expensive queries
+    const responses: TResponse[] = [];
+    let cursor: string | undefined = undefined;
+    let hasMore = true;
+
+    while (hasMore) {
+      const batch = await getResponses(surveyId, batchSize, 0, filterCriteria, cursor);
+      responses.push(...batch);
+
+      if (batch.length < batchSize) {
+        hasMore = false;
+      } else {
+        // Use the last response's ID as cursor for next batch
+        cursor = batch[batch.length - 1].id;
+      }
+    }
 
     const { metaDataFields, questions, hiddenFields, variables, userAttributes } = extractSurveyDetails(
       survey,
@@ -442,8 +465,8 @@ export const getResponsesByEnvironmentId = reactCache(
                 createdAt: "desc",
               },
             ],
-            take: limit ? limit : undefined,
-            skip: offset ? offset : undefined,
+            take: limit,
+            skip: offset,
           });
 
           const transformedResponses: TResponse[] = await Promise.all(
@@ -478,8 +501,6 @@ export const updateResponse = async (
 ): Promise<TResponse> => {
   validateInputs([responseId, ZId], [responseInput, ZResponseUpdateInput]);
   try {
-    // const currentResponse = await getResponse(responseId);
-
     // use direct prisma call to avoid cache issues
     const currentResponse = await prisma.response.findUnique({
       where: {

apps/web/lib/response/tests/response.test.ts

@@ -238,14 +238,14 @@ describe("Tests for getResponseDownloadUrl service", () => {
       expect(fileExtension).not.toEqual("xlsx");
     });
 
-    test("Throws DatabaseError on PrismaClientKnownRequestError, when the getResponseCountBySurveyId fails", async () => {
+    test("Throws DatabaseError on PrismaClientKnownRequestError, when the getResponses fails", async () => {
       const mockErrorMessage = "Mock error message";
       const errToThrow = new Prisma.PrismaClientKnownRequestError(mockErrorMessage, {
         code: PrismaErrorType.UniqueConstraintViolation,
         clientVersion: "0.0.1",
       });
       prisma.survey.findUnique.mockResolvedValue(mockSurveyOutput);
-      prisma.response.count.mockRejectedValue(errToThrow);
+      prisma.response.findMany.mockRejectedValue(errToThrow);
 
       await expect(getResponseDownloadUrl(mockSurveyId, "csv")).rejects.toThrow(DatabaseError);
     });

apps/web/lib/utils/action-client.ts

@@ -10,6 +10,7 @@ import {
   InvalidInputError,
   OperationNotAllowedError,
   ResourceNotFoundError,
+  TooManyRequestsError,
   UnknownError,
 } from "@formbricks/types/errors";
 
@@ -23,7 +24,8 @@ export const actionClient = createSafeActionClient({
       e instanceof InvalidInputError ||
       e instanceof UnknownError ||
       e instanceof AuthenticationError ||
-      e instanceof OperationNotAllowedError
+      e instanceof OperationNotAllowedError ||
+      e instanceof TooManyRequestsError
     ) {
       return e.message;
     }

apps/web/lib/utils/hooks/useIntervalWhenFocused.ts

@@ -1,52 +0,0 @@
-import { useCallback, useEffect, useRef } from "react";
-
-export const useIntervalWhenFocused = (
-  callback: () => void,
-  intervalDuration: number,
-  isActive: boolean,
-  shouldExecuteImmediately = true
-) => {
-  const intervalRef = useRef<NodeJS.Timeout | null>(null);
-
-  const handleFocus = useCallback(() => {
-    if (isActive) {
-      if (shouldExecuteImmediately) {
-        // Execute the callback immediately when the tab comes into focus
-        callback();
-      }
-
-      // Set the interval to execute the callback every `intervalDuration` milliseconds
-      intervalRef.current = setInterval(() => {
-        callback();
-      }, intervalDuration);
-    }
-  }, [isActive, intervalDuration, callback, shouldExecuteImmediately]);
-
-  const handleBlur = () => {
-    // Clear the interval when the tab loses focus
-    if (intervalRef.current) {
-      clearInterval(intervalRef.current);
-      intervalRef.current = null;
-    }
-  };
-
-  useEffect(() => {
-    // Attach focus and blur event listeners
-    window.addEventListener("focus", handleFocus);
-    window.addEventListener("blur", handleBlur);
-
-    // Handle initial focus
-    handleFocus();
-
-    // Cleanup interval and event listeners when the component unmounts or dependencies change
-    return () => {
-      if (intervalRef.current) {
-        clearInterval(intervalRef.current);
-      }
-      window.removeEventListener("focus", handleFocus);
-      window.removeEventListener("blur", handleBlur);
-    };
-  }, [isActive, intervalDuration, handleFocus]);
-};
-
-export default useIntervalWhenFocused;

apps/web/locales/de-DE.json

@@ -7,6 +7,17 @@
     "continue_with_oidc": "Weiter mit {oidcDisplayName}",
     "continue_with_openid": "Login mit OpenID",
     "continue_with_saml": "Login mit SAML SSO",
+    "email-change": {
+      "confirm_password_description": "Bitte bestätige dein Passwort, bevor du deine E-Mail-Adresse änderst",
+      "email_change_success": "E-Mail erfolgreich geändert",
+      "email_change_success_description": "Du hast deine E-Mail-Adresse erfolgreich geändert. Bitte logge dich mit deiner neuen E-Mail-Adresse ein.",
+      "email_verification_failed": "E-Mail-Bestätigung fehlgeschlagen",
+      "email_verification_loading": "E-Mail-Bestätigung läuft...",
+      "email_verification_loading_description": "Wir aktualisieren Ihre E-Mail-Adresse in unserem System. Dies kann einige Sekunden dauern.",
+      "invalid_or_expired_token": "E-Mail-Änderung fehlgeschlagen. Dein Token ist ungültig oder abgelaufen.",
+      "new_email": "Neue E-Mail",
+      "old_email": "Alte E-Mail"
+    },
     "forgot-password": {
       "back_to_login": "Zurück zum Login",
       "email-sent": {
@@ -78,11 +89,12 @@
     "verification-requested": {
       "invalid_email_address": "Ungültige E-Mail-Adresse",
       "invalid_token": "Ungültiges Token ☹️",
+      "new_email_verification_success": "Wenn die Adresse gültig ist, wurde eine Bestätigungs-E-Mail gesendet.",
       "no_email_provided": "Keine E-Mail bereitgestellt",
       "please_click_the_link_in_the_email_to_activate_your_account": "Bitte klicke auf den Link in der E-Mail, um dein Konto zu aktivieren.",
       "please_confirm_your_email_address": "Bitte bestätige deine E-Mail-Adresse",
       "resend_verification_email": "Bestätigungs-E-Mail erneut senden",
-      "verification_email_successfully_sent": "Bestätigungs-E-Mail erfolgreich gesendet. Bitte überprüfe dein Postfach.",
+      "verification_email_successfully_sent": "Bestätigungs-E-Mail an {email} gesendet. Bitte überprüfen Sie, um das Update abzuschließen.",
       "we_sent_an_email_to": "Wir haben eine E-Mail an {email} gesendet",
       "you_didnt_receive_an_email_or_your_link_expired": "Hast Du keine E-Mail erhalten oder ist dein Link abgelaufen?"
     },
@@ -451,6 +463,7 @@
     "live_survey_notification_view_more_responses": "Zeige {responseCount} weitere Antworten",
     "live_survey_notification_view_previous_responses": "Vorherige Antworten anzeigen",
     "live_survey_notification_view_response": "Antwort anzeigen",
+    "new_email_verification_text": "Um Ihre neue E-Mail-Adresse zu bestätigen, klicken Sie bitte auf die Schaltfläche unten:",
     "notification_footer_all_the_best": "Alles Gute,",
     "notification_footer_in_your_settings": "in deinen Einstellungen \uD83D\uDE4F",
     "notification_footer_please_turn_them_off": "Bitte ausstellen",
@@ -500,6 +513,8 @@
     "verification_email_thanks": "Danke, dass Du deine E-Mail bestätigt hast!",
     "verification_email_to_fill_survey": "Um die Umfrage auszufüllen, klicke bitte auf den untenstehenden Button:",
     "verification_email_verify_email": "E-Mail bestätigen",
+    "verification_new_email_subject": "E-Mail-Änderungsbestätigung",
+    "verification_security_notice": "Wenn du diese E-Mail-Änderung nicht angefordert hast, ignoriere bitte diese E-Mail oder kontaktiere sofort den Support.",
     "verified_link_survey_email_subject": "Deine Umfrage ist bereit zum Ausfüllen.",
     "weekly_summary_create_reminder_notification_body_cal_slot": "Wähle einen 15-minütigen Termin im Kalender unseres Gründers aus.",
     "weekly_summary_create_reminder_notification_body_dont_let_a_week_pass": "Lass keine Woche vergehen, ohne etwas über deine Nutzer zu lernen:",
@@ -1136,6 +1151,7 @@
         "disable_two_factor_authentication": "Zwei-Faktor-Authentifizierung deaktivieren",
         "disable_two_factor_authentication_description": "Wenn Du die Zwei-Faktor-Authentifizierung deaktivieren musst, empfehlen wir, sie so schnell wie möglich wieder zu aktivieren.",
         "each_backup_code_can_be_used_exactly_once_to_grant_access_without_your_authenticator": "Jeder Backup-Code kann genau einmal verwendet werden, um Zugang ohne deinen Authenticator zu gewähren.",
+        "email_change_initiated": "Deine Anfrage zur Änderung der E-Mail wurde eingeleitet.",
         "enable_two_factor_authentication": "Zwei-Faktor-Authentifizierung aktivieren",
         "enter_the_code_from_your_authenticator_app_below": "Gib den Code aus deiner Authentifizierungs-App unten ein.",
         "file_size_must_be_less_than_10mb": "Dateigröße muss weniger als 10MB sein.",
@@ -1753,7 +1769,7 @@
         "link_to_public_results_copied": "Link zu öffentlichen Ergebnissen kopiert",
         "make_sure_the_survey_type_is_set_to": "Stelle sicher, dass der Umfragetyp richtig eingestellt ist",
         "mobile_app": "Mobile App",
-        "no_response_matches_filter": "Keine Antwort entspricht deinem Filter",
+        "no_responses_found": "Keine Antworten gefunden",
         "only_completed": "Nur vollständige Antworten",
         "other_values_found": "Andere Werte gefunden",
         "overall": "Insgesamt",

apps/web/locales/en-US.json

@@ -7,6 +7,17 @@
     "continue_with_oidc": "Continue with {oidcDisplayName}",
     "continue_with_openid": "Continue with OpenID",
     "continue_with_saml": "Continue with SAML SSO",
+    "email-change": {
+      "confirm_password_description": "Please confirm your password before changing your email address",
+      "email_change_success": "Email changed successfully",
+      "email_change_success_description": "You have successfully changed your email address. Please log in with your new email address.",
+      "email_verification_failed": "Email verification failed",
+      "email_verification_loading": "Email verification in progress...",
+      "email_verification_loading_description": "We are updating your email address in our system. This may take a few seconds.",
+      "invalid_or_expired_token": "Email change failed. Your token is invalid or expired.",
+      "new_email": "New Email",
+      "old_email": "Old Email"
+    },
     "forgot-password": {
       "back_to_login": "Back to login",
       "email-sent": {
@@ -78,11 +89,12 @@
     "verification-requested": {
       "invalid_email_address": "Invalid email address",
       "invalid_token": "Invalid token ☹️",
+      "new_email_verification_success": "If the address is valid, a verification email has been sent.",
       "no_email_provided": "No email provided",
       "please_click_the_link_in_the_email_to_activate_your_account": "Please click the link in the email to activate your account.",
       "please_confirm_your_email_address": "Please confirm your email address",
       "resend_verification_email": "Resend verification email",
-      "verification_email_successfully_sent": "Verification email successfully sent. Please check your inbox.",
+      "verification_email_successfully_sent": "Verification email sent to {email}. Please verify to complete the update.",
       "we_sent_an_email_to": "We sent an email to {email}. ",
       "you_didnt_receive_an_email_or_your_link_expired": "You didn't receive an email or your link expired?"
     },
@@ -451,6 +463,7 @@
     "live_survey_notification_view_more_responses": "View {responseCount} more Responses",
     "live_survey_notification_view_previous_responses": "View previous responses",
     "live_survey_notification_view_response": "View Response",
+    "new_email_verification_text": "To verify your new email address, please click the button below:",
     "notification_footer_all_the_best": "All the best,",
     "notification_footer_in_your_settings": "in your settings \uD83D\uDE4F",
     "notification_footer_please_turn_them_off": "please turn them off",
@@ -500,6 +513,8 @@
     "verification_email_thanks": "Thanks for validating your email!",
     "verification_email_to_fill_survey": "To fill out the survey please click on the button below:",
     "verification_email_verify_email": "Verify email",
+    "verification_new_email_subject": "Email change verification",
+    "verification_security_notice": "If you did not request this email change, please ignore this email or contact support immediately.",
     "verified_link_survey_email_subject": "Your survey is ready to be filled out.",
     "weekly_summary_create_reminder_notification_body_cal_slot": "Pick a 15-minute slot in our CEOs calendar",
     "weekly_summary_create_reminder_notification_body_dont_let_a_week_pass": "Don't let a week pass without learning about your users:",
@@ -971,7 +986,7 @@
         "2000_monthly_identified_users": "2000 Monthly Identified Users",
         "30000_monthly_identified_users": "30000 Monthly Identified Users",
         "3_projects": "3 Projects",
-        "5000_monthly_responses": "5000 Monthly Responses",
+        "5000_monthly_responses": "5,000 Monthly Responses",
         "5_projects": "5 Projects",
         "7500_monthly_identified_users": "7500 Monthly Identified Users",
         "advanced_targeting": "Advanced Targeting",
@@ -1136,6 +1151,7 @@
         "disable_two_factor_authentication": "Disable two factor authentication",
         "disable_two_factor_authentication_description": "If you need to disable 2FA, we recommend re-enabling it as soon as possible.",
         "each_backup_code_can_be_used_exactly_once_to_grant_access_without_your_authenticator": "Each backup code can be used exactly once to grant access without your authenticator.",
+        "email_change_initiated": "Your email change request has been initiated.",
         "enable_two_factor_authentication": "Enable two factor authentication",
         "enter_the_code_from_your_authenticator_app_below": "Enter the code from your authenticator app below.",
         "file_size_must_be_less_than_10mb": "File size must be less than 10MB.",
@@ -1753,7 +1769,7 @@
         "link_to_public_results_copied": "Link to public results copied",
         "make_sure_the_survey_type_is_set_to": "Make sure the survey type is set to",
         "mobile_app": "Mobile app",
-        "no_response_matches_filter": "No response matches your filter",
+        "no_responses_found": "No responses found",
         "only_completed": "Only completed",
         "other_values_found": "Other values found",
         "overall": "Overall",

apps/web/locales/fr-FR.json

@@ -7,6 +7,17 @@
     "continue_with_oidc": "Continuer avec {oidcDisplayName}",
     "continue_with_openid": "Continuer avec OpenID",
     "continue_with_saml": "Continuer avec SAML SSO",
+    "email-change": {
+      "confirm_password_description": "Veuillez confirmer votre mot de passe avant de changer votre adresse e-mail",
+      "email_change_success": "E-mail changé avec succès",
+      "email_change_success_description": "Vous avez changé votre adresse e-mail avec succès. Veuillez vous connecter avec votre nouvelle adresse e-mail.",
+      "email_verification_failed": "Échec de la vérification de l'email",
+      "email_verification_loading": "Vérification de l'email en cours...",
+      "email_verification_loading_description": "Nous mettons à jour votre adresse email dans notre système. Cela peut prendre quelques secondes.",
+      "invalid_or_expired_token": "Échec du changement d'email. Votre jeton est invalide ou expiré.",
+      "new_email": "Nouvel Email",
+      "old_email": "Ancien Email"
+    },
     "forgot-password": {
       "back_to_login": "Retour à la connexion",
       "email-sent": {
@@ -78,11 +89,12 @@
     "verification-requested": {
       "invalid_email_address": "Adresse e-mail invalide",
       "invalid_token": "Jeton non valide ☹️",
+      "new_email_verification_success": "Si l'adresse est valide, un email de vérification a été envoyé.",
       "no_email_provided": "Aucun e-mail fourni",
       "please_click_the_link_in_the_email_to_activate_your_account": "Veuillez cliquer sur le lien dans l'e-mail pour activer votre compte.",
       "please_confirm_your_email_address": "Veuillez confirmer votre adresse e-mail.",
       "resend_verification_email": "Renvoyer l'email de vérification",
-      "verification_email_successfully_sent": "Email de vérification envoyé avec succès. Veuillez vérifier votre boîte de réception.",
+      "verification_email_successfully_sent": "Email de vérification envoyé à {email}. Veuillez vérifier pour compléter la mise à jour.",
       "we_sent_an_email_to": "Nous avons envoyé un email à {email}",
       "you_didnt_receive_an_email_or_your_link_expired": "Vous n'avez pas reçu d'email ou votre lien a expiré ?"
     },
@@ -451,6 +463,7 @@
     "live_survey_notification_view_more_responses": "Voir {responseCount} réponses supplémentaires",
     "live_survey_notification_view_previous_responses": "Voir les réponses précédentes",
     "live_survey_notification_view_response": "Voir la réponse",
+    "new_email_verification_text": "Pour confirmer votre nouvelle adresse e-mail, veuillez cliquer sur le bouton ci-dessous :",
     "notification_footer_all_the_best": "Tous mes vœux,",
     "notification_footer_in_your_settings": "dans vos paramètres \uD83D\uDE4F",
     "notification_footer_please_turn_them_off": "veuillez les éteindre",
@@ -500,6 +513,8 @@
     "verification_email_thanks": "Merci de valider votre email !",
     "verification_email_to_fill_survey": "Pour remplir le questionnaire, veuillez cliquer sur le bouton ci-dessous :",
     "verification_email_verify_email": "Vérifier l'email",
+    "verification_new_email_subject": "Vérification du changement d'email",
+    "verification_security_notice": "Si vous n'avez pas demandé ce changement d'email, veuillez ignorer cet email ou contacter le support immédiatement.",
     "verified_link_survey_email_subject": "Votre enquête est prête à être remplie.",
     "weekly_summary_create_reminder_notification_body_cal_slot": "Choisissez un créneau de 15 minutes dans le calendrier de notre PDG.",
     "weekly_summary_create_reminder_notification_body_dont_let_a_week_pass": "Ne laissez pas une semaine passer sans en apprendre davantage sur vos utilisateurs :",
@@ -971,7 +986,7 @@
         "2000_monthly_identified_users": "2000 Utilisateurs Identifiés Mensuels",
         "30000_monthly_identified_users": "30000 Utilisateurs Identifiés Mensuels",
         "3_projects": "3 Projets",
-        "5000_monthly_responses": "5000 Réponses Mensuelles",
+        "5000_monthly_responses": "5,000 Réponses Mensuelles",
         "5_projects": "5 Projets",
         "7500_monthly_identified_users": "7500 Utilisateurs Identifiés Mensuels",
         "advanced_targeting": "Ciblage Avancé",
@@ -1136,6 +1151,7 @@
         "disable_two_factor_authentication": "Désactiver l'authentification à deux facteurs",
         "disable_two_factor_authentication_description": "Si vous devez désactiver l'authentification à deux facteurs, nous vous recommandons de la réactiver dès que possible.",
         "each_backup_code_can_be_used_exactly_once_to_grant_access_without_your_authenticator": "Chaque code de sauvegarde peut être utilisé exactement une fois pour accorder l'accès sans votre authentificateur.",
+        "email_change_initiated": "Votre demande de changement d'email a été initiée.",
         "enable_two_factor_authentication": "Activer l'authentification à deux facteurs",
         "enter_the_code_from_your_authenticator_app_below": "Entrez le code de votre application d'authentification ci-dessous.",
         "file_size_must_be_less_than_10mb": "La taille du fichier doit être inférieure à 10 Mo.",
@@ -1753,7 +1769,7 @@
         "link_to_public_results_copied": "Lien vers les résultats publics copié",
         "make_sure_the_survey_type_is_set_to": "Assurez-vous que le type d'enquête est défini sur",
         "mobile_app": "Application mobile",
-        "no_response_matches_filter": "Aucune réponse ne correspond à votre filtre",
+        "no_responses_found": "Aucune réponse trouvée",
         "only_completed": "Uniquement terminé",
         "other_values_found": "D'autres valeurs trouvées",
         "overall": "Globalement",

apps/web/locales/pt-BR.json

@@ -7,6 +7,17 @@
     "continue_with_oidc": "Continuar com {oidcDisplayName}",
     "continue_with_openid": "Continuar com OpenID",
     "continue_with_saml": "Continuar com SAML SSO",
+    "email-change": {
+      "confirm_password_description": "Por favor, confirme sua senha antes de mudar seu endereço de e-mail",
+      "email_change_success": "E-mail alterado com sucesso",
+      "email_change_success_description": "Você alterou seu endereço de e-mail com sucesso. Por favor, faça login com seu novo endereço de e-mail.",
+      "email_verification_failed": "Falha na verificação do e-mail",
+      "email_verification_loading": "Verificação de e-mail em andamento...",
+      "email_verification_loading_description": "Estamos atualizando seu endereço de e-mail em nosso sistema. Isso pode levar alguns segundos.",
+      "invalid_or_expired_token": "Falha na alteração do e-mail. Seu token é inválido ou expirou.",
+      "new_email": "Novo Email",
+      "old_email": "Email Antigo"
+    },
     "forgot-password": {
       "back_to_login": "Voltar para o login",
       "email-sent": {
@@ -78,11 +89,12 @@
     "verification-requested": {
       "invalid_email_address": "Endereço de email inválido",
       "invalid_token": "Token inválido ☹️",
+      "new_email_verification_success": "Se o endereço for válido, um email de verificação foi enviado.",
       "no_email_provided": "Nenhum e-mail fornecido",
       "please_click_the_link_in_the_email_to_activate_your_account": "Por favor, clica no link do e-mail pra ativar sua conta.",
       "please_confirm_your_email_address": "Por favor, confirme seu endereço de e-mail",
       "resend_verification_email": "Reenviar e-mail de verificação",
-      "verification_email_successfully_sent": "Email de verificação enviado com sucesso. Por favor, verifique sua caixa de entrada.",
+      "verification_email_successfully_sent": "E-mail de verificação enviado para {email}. Verifique para concluir a atualização.",
       "we_sent_an_email_to": "Enviamos um email para {email}",
       "you_didnt_receive_an_email_or_your_link_expired": "Você não recebeu um e-mail ou seu link expirou?"
     },
@@ -451,6 +463,7 @@
     "live_survey_notification_view_more_responses": "Ver mais {responseCount} respostas",
     "live_survey_notification_view_previous_responses": "Ver respostas anteriores",
     "live_survey_notification_view_response": "Ver Resposta",
+    "new_email_verification_text": "Para verificar seu novo endereço de e-mail, clique no botão abaixo:",
     "notification_footer_all_the_best": "Tudo de bom,",
     "notification_footer_in_your_settings": "nas suas configurações \uD83D\uDE4F",
     "notification_footer_please_turn_them_off": "por favor, desliga eles",
@@ -500,6 +513,8 @@
     "verification_email_thanks": "Valeu por validar seu e-mail!",
     "verification_email_to_fill_survey": "Para preencher a pesquisa, por favor clique no botão abaixo:",
     "verification_email_verify_email": "Verificar e-mail",
+    "verification_new_email_subject": "Verificação de alteração de e-mail",
+    "verification_security_notice": "Se você não solicitou essa mudança de email, por favor ignore este email ou entre em contato com o suporte imediatamente.",
     "verified_link_survey_email_subject": "Sua pesquisa está pronta para ser preenchida.",
     "weekly_summary_create_reminder_notification_body_cal_slot": "Escolha um horário de 15 minutos na agenda do nosso CEO",
     "weekly_summary_create_reminder_notification_body_dont_let_a_week_pass": "Não deixe uma semana passar sem aprender sobre seus usuários:",
@@ -971,7 +986,7 @@
         "2000_monthly_identified_users": "2000 Usuários Identificados Mensalmente",
         "30000_monthly_identified_users": "30000 Usuários Identificados Mensalmente",
         "3_projects": "3 Projetos",
-        "5000_monthly_responses": "5000 Respostas Mensais",
+        "5000_monthly_responses": "5,000 Respostas Mensais",
         "5_projects": "5 Projetos",
         "7500_monthly_identified_users": "7500 Usuários Identificados Mensalmente",
         "advanced_targeting": "Mira Avançada",
@@ -1136,6 +1151,7 @@
         "disable_two_factor_authentication": "Desativar a autenticação de dois fatores",
         "disable_two_factor_authentication_description": "Se você precisar desativar a 2FA, recomendamos reativá-la o mais rápido possível.",
         "each_backup_code_can_be_used_exactly_once_to_grant_access_without_your_authenticator": "Cada código de backup pode ser usado exatamente uma vez para conceder acesso sem o seu autenticador.",
+        "email_change_initiated": "Sua solicitação de alteração de e-mail foi iniciada.",
         "enable_two_factor_authentication": "Ativar autenticação de dois fatores",
         "enter_the_code_from_your_authenticator_app_below": "Digite o código do seu app autenticador abaixo.",
         "file_size_must_be_less_than_10mb": "O tamanho do arquivo deve ser menor que 10MB.",
@@ -1753,7 +1769,7 @@
         "link_to_public_results_copied": "Link pros resultados públicos copiado",
         "make_sure_the_survey_type_is_set_to": "Certifique-se de que o tipo de pesquisa esteja definido como",
         "mobile_app": "app de celular",
-        "no_response_matches_filter": "Nenhuma resposta corresponde ao seu filtro",
+        "no_responses_found": "Nenhuma resposta encontrada",
         "only_completed": "Somente concluído",
         "other_values_found": "Outros valores encontrados",
         "overall": "No geral",

apps/web/locales/pt-PT.json

@@ -7,6 +7,17 @@
     "continue_with_oidc": "Continuar com {oidcDisplayName}",
     "continue_with_openid": "Continuar com OpenID",
     "continue_with_saml": "Continuar com SAML SSO",
+    "email-change": {
+      "confirm_password_description": "Por favor, confirme a sua palavra-passe antes de alterar o seu endereço de email",
+      "email_change_success": "Email alterado com sucesso",
+      "email_change_success_description": "Alterou com sucesso o seu endereço de email. Por favor, inicie sessão com o seu novo endereço de email.",
+      "email_verification_failed": "Falha na verificação do email",
+      "email_verification_loading": "Verificação do email em progresso...",
+      "email_verification_loading_description": "Estamos a atualizar o seu endereço de email no nosso sistema. Isto pode demorar alguns segundos.",
+      "invalid_or_expired_token": "Falha na alteração do email. O seu token é inválido ou expirou.",
+      "new_email": "Novo Email",
+      "old_email": "Email Antigo"
+    },
     "forgot-password": {
       "back_to_login": "Voltar ao login",
       "email-sent": {
@@ -78,11 +89,12 @@
     "verification-requested": {
       "invalid_email_address": "Endereço de email inválido",
       "invalid_token": "Token inválido ☹️",
+      "new_email_verification_success": "Se o endereço for válido, um email de verificação foi enviado.",
       "no_email_provided": "Nenhum email fornecido",
       "please_click_the_link_in_the_email_to_activate_your_account": "Por favor, clique no link no email para ativar a sua conta.",
       "please_confirm_your_email_address": "Por favor, confirme o seu endereço de email",
       "resend_verification_email": "Reenviar email de verificação",
-      "verification_email_successfully_sent": "Email de verificação enviado com sucesso. Por favor, verifique a sua caixa de entrada.",
+      "verification_email_successfully_sent": "Email de verificação enviado para {email}. Por favor, verifique para completar a atualização.",
       "we_sent_an_email_to": "Enviámos um email para {email}. ",
       "you_didnt_receive_an_email_or_your_link_expired": "Não recebeu um email ou o seu link expirou?"
     },
@@ -451,6 +463,7 @@
     "live_survey_notification_view_more_responses": "Ver mais {responseCount} respostas",
     "live_survey_notification_view_previous_responses": "Ver respostas anteriores",
     "live_survey_notification_view_response": "Ver Resposta",
+    "new_email_verification_text": "Para verificar o seu novo endereço de email, por favor clique no botão abaixo:",
     "notification_footer_all_the_best": "Tudo de bom,",
     "notification_footer_in_your_settings": "nas suas definições \uD83D\uDE4F",
     "notification_footer_please_turn_them_off": "por favor, desative-os",
@@ -500,6 +513,8 @@
     "verification_email_thanks": "Obrigado por validar o seu email!",
     "verification_email_to_fill_survey": "Para preencher o questionário, clique no botão abaixo:",
     "verification_email_verify_email": "Verificar email",
+    "verification_new_email_subject": "Verificação de alteração de email",
+    "verification_security_notice": "Se não solicitou esta alteração de email, ignore este email ou contacte o suporte imediatamente.",
     "verified_link_survey_email_subject": "O seu inquérito está pronto para ser preenchido.",
     "weekly_summary_create_reminder_notification_body_cal_slot": "Escolha um intervalo de 15 minutos no calendário do nosso CEO",
     "weekly_summary_create_reminder_notification_body_dont_let_a_week_pass": "Não deixe passar uma semana sem aprender sobre os seus utilizadores:",
@@ -971,7 +986,7 @@
         "2000_monthly_identified_users": "2000 Utilizadores Identificados Mensalmente",
         "30000_monthly_identified_users": "30000 Utilizadores Identificados Mensalmente",
         "3_projects": "3 Projetos",
-        "5000_monthly_responses": "5000 Respostas Mensais",
+        "5000_monthly_responses": "5,000 Respostas Mensais",
         "5_projects": "5 Projetos",
         "7500_monthly_identified_users": "7500 Utilizadores Identificados Mensalmente",
         "advanced_targeting": "Segmentação Avançada",
@@ -1136,6 +1151,7 @@
         "disable_two_factor_authentication": "Desativar autenticação de dois fatores",
         "disable_two_factor_authentication_description": "Se precisar de desativar a autenticação de dois fatores, recomendamos que a reative o mais rapidamente possível.",
         "each_backup_code_can_be_used_exactly_once_to_grant_access_without_your_authenticator": "Cada código de backup pode ser usado exatamente uma vez para conceder acesso sem o seu autenticador.",
+        "email_change_initiated": "O seu pedido de alteração de email foi iniciado.",
         "enable_two_factor_authentication": "Ativar autenticação de dois fatores",
         "enter_the_code_from_your_authenticator_app_below": "Introduza o código da sua aplicação de autenticação abaixo.",
         "file_size_must_be_less_than_10mb": "O tamanho do ficheiro deve ser inferior a 10MB.",
@@ -1753,7 +1769,7 @@
         "link_to_public_results_copied": "Link para resultados públicos copiado",
         "make_sure_the_survey_type_is_set_to": "Certifique-se de que o tipo de inquérito está definido para",
         "mobile_app": "Aplicação móvel",
-        "no_response_matches_filter": "Nenhuma resposta corresponde ao seu filtro",
+        "no_responses_found": "Nenhuma resposta encontrada",
         "only_completed": "Apenas concluído",
         "other_values_found": "Outros valores encontrados",
         "overall": "Geral",

apps/web/locales/zh-Hant-TW.json

@@ -7,6 +7,17 @@
     "continue_with_oidc": "使用 '{'oidcDisplayName'}' 繼續",
     "continue_with_openid": "使用 OpenID 繼續",
     "continue_with_saml": "使用 SAML SSO 繼續",
+    "email-change": {
+      "confirm_password_description": "在更改您的電子郵件地址之前，請確認您的密碼",
+      "email_change_success": "電子郵件已成功更改",
+      "email_change_success_description": "您已成功更改電子郵件地址。請使用您的新電子郵件地址登入。",
+      "email_verification_failed": "電子郵件驗證失敗",
+      "email_verification_loading": "電子郵件驗證進行中...",
+      "email_verification_loading_description": "我們正在系統中更新您的電子郵件地址。這可能需要幾秒鐘。",
+      "invalid_or_expired_token": "電子郵件更改失敗。您的 token 無效或已過期。",
+      "new_email": "新 電子郵件",
+      "old_email": "舊 電子郵件"
+    },
     "forgot-password": {
       "back_to_login": "返回登入",
       "email-sent": {
@@ -78,11 +89,12 @@
     "verification-requested": {
       "invalid_email_address": "無效的電子郵件地址",
       "invalid_token": "無效的權杖 ☹️",
+      "new_email_verification_success": "如果地址有效，驗證電子郵件已發送。",
       "no_email_provided": "未提供電子郵件",
       "please_click_the_link_in_the_email_to_activate_your_account": "請點擊電子郵件中的連結以啟用您的帳戶。",
       "please_confirm_your_email_address": "請確認您的電子郵件地址",
       "resend_verification_email": "重新發送驗證電子郵件",
-      "verification_email_successfully_sent": "驗證電子郵件已成功發送。請檢查您的收件匣。",
+      "verification_email_successfully_sent": "验证电子邮件已发送至 {email}。请验证以完成更新。",
       "we_sent_an_email_to": "我們已發送一封電子郵件至 <email>'{'email'}'</email>。",
       "you_didnt_receive_an_email_or_your_link_expired": "您沒有收到電子郵件或您的連結已過期？"
     },
@@ -451,6 +463,7 @@
     "live_survey_notification_view_more_responses": "檢視另外 '{'responseCount'}' 個回應",
     "live_survey_notification_view_previous_responses": "檢視先前的回應",
     "live_survey_notification_view_response": "檢視回應",
+    "new_email_verification_text": "要驗證您的新電子郵件地址，請點擊下面的按鈕：",
     "notification_footer_all_the_best": "祝您一切順利，",
     "notification_footer_in_your_settings": "在您的設定中 \uD83D\uDE4F",
     "notification_footer_please_turn_them_off": "請關閉它們",
@@ -500,6 +513,8 @@
     "verification_email_thanks": "感謝您驗證您的電子郵件！",
     "verification_email_to_fill_survey": "若要填寫問卷，請點擊下方的按鈕：",
     "verification_email_verify_email": "驗證電子郵件",
+    "verification_new_email_subject": "電子郵件更改驗證",
+    "verification_security_notice": "如果您沒有要求更改此電子郵件，請忽略此電子郵件或立即聯繫支援。",
     "verified_link_survey_email_subject": "您的 survey 已準備好填寫。",
     "weekly_summary_create_reminder_notification_body_cal_slot": "在我們 CEO 的日曆中選擇一個 15 分鐘的時段",
     "weekly_summary_create_reminder_notification_body_dont_let_a_week_pass": "不要讓一週過去而沒有了解您的使用者：",
@@ -1136,6 +1151,7 @@
         "disable_two_factor_authentication": "停用雙重驗證",
         "disable_two_factor_authentication_description": "如果您需要停用 2FA，我們建議您盡快重新啟用它。",
         "each_backup_code_can_be_used_exactly_once_to_grant_access_without_your_authenticator": "每個備份碼只能使用一次，以便在沒有驗證器的情況下授予存取權限。",
+        "email_change_initiated": "您的 email 更改請求已啟動。",
         "enable_two_factor_authentication": "啟用雙重驗證",
         "enter_the_code_from_your_authenticator_app_below": "在下方輸入您驗證器應用程式中的程式碼。",
         "file_size_must_be_less_than_10mb": "檔案大小必須小於 10MB。",
@@ -1753,7 +1769,7 @@
         "link_to_public_results_copied": "已複製公開結果的連結",
         "make_sure_the_survey_type_is_set_to": "請確保問卷類型設定為",
         "mobile_app": "行動應用程式",
-        "no_response_matches_filter": "沒有任何回應符合您的篩選器",
+        "no_responses_found": "找不到回應",
         "only_completed": "僅已完成",
         "other_values_found": "找到其他值",
         "overall": "整體",

apps/web/modules/api/v2/management/responses/lib/response.ts

@@ -135,14 +135,11 @@ export const getResponses = async (
 ): Promise<Result<ApiResponseWithMeta<Response[]>, ApiErrorResponseV2>> => {
   try {
     const query = getResponsesQuery(environmentIds, params);
+    const whereClause = query.where;
 
-    const [responses, count] = await prisma.$transaction([
-      prisma.response.findMany({
-        ...query,
-      }),
-      prisma.response.count({
-        where: query.where,
-      }),
+    const [responses, totalCount] = await Promise.all([
+      prisma.response.findMany(query),
+      prisma.response.count({ where: whereClause }),
     ]);
 
     if (!responses) {
@@ -152,7 +149,7 @@ export const getResponses = async (
     return ok({
       data: responses,
       meta: {
-        total: count,
+        total: totalCount,
         limit: params.limit,
         offset: params.skip,
       },

apps/web/modules/api/v2/management/responses/lib/tests/response.test.ts

@@ -214,17 +214,18 @@ describe("Response Lib", () => {
 
   describe("getResponses", () => {
     test("return responses with meta information", async () => {
-      const responses = [response];
-      prisma.$transaction = vi.fn().mockResolvedValue([responses, responses.length]);
+      (prisma.response.findMany as any).mockResolvedValue([response]);
+      (prisma.response.count as any).mockResolvedValue(1);
 
-      const result = await getResponses(environmentId, responseFilter);
-      expect(prisma.$transaction).toHaveBeenCalled();
+      const result = await getResponses([environmentId], responseFilter);
+      expect(prisma.response.findMany).toHaveBeenCalled();
+      expect(prisma.response.count).toHaveBeenCalled();
       expect(result.ok).toBe(true);
       if (result.ok) {
         expect(result.data).toEqual({
           data: [response],
           meta: {
-            total: responses.length,
+            total: 1,
             limit: responseFilter.limit,
             offset: responseFilter.skip,
           },
@@ -233,9 +234,10 @@ describe("Response Lib", () => {
     });
 
     test("return a not_found error if responses are not found", async () => {
-      prisma.$transaction = vi.fn().mockResolvedValue([null, 0]);
+      (prisma.response.findMany as any).mockResolvedValue(null);
+      (prisma.response.count as any).mockResolvedValue(0);
 
-      const result = await getResponses(environmentId, responseFilter);
+      const result = await getResponses([environmentId], responseFilter);
       expect(result.ok).toBe(false);
       if (!result.ok) {
         expect(result.error).toEqual({
@@ -245,10 +247,25 @@ describe("Response Lib", () => {
       }
     });
 
-    test("return an internal_server_error error if prisma transaction fails", async () => {
-      prisma.$transaction = vi.fn().mockRejectedValue(new Error("Internal server error"));
+    test("return an internal_server_error error if prisma findMany fails", async () => {
+      (prisma.response.findMany as any).mockRejectedValue(new Error("Internal server error"));
+      (prisma.response.count as any).mockResolvedValue(0);
 
-      const result = await getResponses(environmentId, responseFilter);
+      const result = await getResponses([environmentId], responseFilter);
+      expect(result.ok).toBe(false);
+      if (!result.ok) {
+        expect(result.error).toEqual({
+          type: "internal_server_error",
+          details: [{ field: "responses", issue: "Internal server error" }],
+        });
+      }
+    });
+
+    test("return an internal_server_error error if prisma count fails", async () => {
+      (prisma.response.findMany as any).mockResolvedValue([response]);
+      (prisma.response.count as any).mockRejectedValue(new Error("Internal server error"));
+
+      const result = await getResponses([environmentId], responseFilter);
       expect(result.ok).toBe(false);
       if (!result.ok) {
         expect(result.error).toEqual({

apps/web/modules/auth/email-change-without-verification-success/page.test.tsx

@@ -0,0 +1,61 @@
+import "@testing-library/jest-dom/vitest";
+import { cleanup, render, screen } from "@testing-library/react";
+import { getServerSession } from "next-auth";
+import { redirect } from "next/navigation";
+import { afterEach, describe, expect, test, vi } from "vitest";
+import { EmailChangeWithoutVerificationSuccessPage } from "./page";
+
+// Mock the necessary dependencies
+vi.mock("@/modules/auth/components/back-to-login-button", () => ({
+  BackToLoginButton: () => <div data-testid="back-to-login">Back to Login</div>,
+}));
+
+vi.mock("@/modules/auth/components/form-wrapper", () => ({
+  FormWrapper: ({ children }: { children: React.ReactNode }) => (
+    <div data-testid="form-wrapper">{children}</div>
+  ),
+}));
+
+vi.mock("@/modules/auth/lib/authOptions", () => ({
+  authOptions: {},
+}));
+
+vi.mock("next-auth", () => ({
+  getServerSession: vi.fn(),
+}));
+
+vi.mock("next/navigation", () => ({
+  redirect: vi.fn(),
+}));
+
+vi.mock("@/tolgee/server", () => ({ getTranslate: () => Promise.resolve((key: string) => key) }));
+
+describe("EmailChangeWithoutVerificationSuccessPage", () => {
+  afterEach(() => {
+    cleanup();
+    vi.clearAllMocks();
+  });
+
+  test("renders success page with correct translations when user is not logged in", async () => {
+    vi.mocked(getServerSession).mockResolvedValue(null);
+
+    const page = await EmailChangeWithoutVerificationSuccessPage();
+    render(page);
+
+    expect(screen.getByTestId("form-wrapper")).toBeInTheDocument();
+    expect(screen.getByTestId("back-to-login")).toBeInTheDocument();
+    expect(screen.getByText("auth.email-change.email_change_success")).toBeInTheDocument();
+    expect(screen.getByText("auth.email-change.email_change_success_description")).toBeInTheDocument();
+  });
+
+  test("redirects to home page when user is logged in", async () => {
+    vi.mocked(getServerSession).mockResolvedValue({
+      user: { id: "123", email: "test@example.com" },
+      expires: new Date().toISOString(),
+    });
+
+    await EmailChangeWithoutVerificationSuccessPage();
+
+    expect(redirect).toHaveBeenCalledWith("/");
+  });
+});

apps/web/modules/auth/email-change-without-verification-success/page.tsx

@@ -0,0 +1,29 @@
+import { BackToLoginButton } from "@/modules/auth/components/back-to-login-button";
+import { FormWrapper } from "@/modules/auth/components/form-wrapper";
+import { authOptions } from "@/modules/auth/lib/authOptions";
+import { getTranslate } from "@/tolgee/server";
+import { getServerSession } from "next-auth";
+import type { Session } from "next-auth";
+import { redirect } from "next/navigation";
+
+export const EmailChangeWithoutVerificationSuccessPage = async () => {
+  const t = await getTranslate();
+  const session: Session | null = await getServerSession(authOptions);
+
+  if (session) {
+    redirect("/");
+  }
+
+  return (
+    <div className="bg-gradient-radial flex min-h-screen from-slate-200 to-slate-50">
+      <FormWrapper>
+        <h1 className="leading-2 mb-4 text-center font-bold">
+          {t("auth.email-change.email_change_success")}
+        </h1>
+        <p className="text-center text-sm">{t("auth.email-change.email_change_success_description")}</p>
+        <hr className="my-4" />
+        <BackToLoginButton />
+      </FormWrapper>
+    </div>
+  );
+};

apps/web/modules/auth/invite/page.test.tsx

@@ -24,6 +24,7 @@ vi.mock("@/lib/constants", () => ({
   FB_LOGO_URL: "https://formbricks.com/logo.png",
   SMTP_HOST: "smtp.example.com",
   SMTP_PORT: "587",
+  SESSION_MAX_AGE: 1000,
 }));
 
 vi.mock("next-auth", () => ({

apps/web/modules/auth/lib/authOptions.ts

@@ -1,4 +1,9 @@
-import { EMAIL_VERIFICATION_DISABLED, ENCRYPTION_KEY, ENTERPRISE_LICENSE_KEY } from "@/lib/constants";
+import {
+  EMAIL_VERIFICATION_DISABLED,
+  ENCRYPTION_KEY,
+  ENTERPRISE_LICENSE_KEY,
+  SESSION_MAX_AGE,
+} from "@/lib/constants";
 import { symmetricDecrypt, symmetricEncrypt } from "@/lib/crypto";
 import { verifyToken } from "@/lib/jwt";
 import { getUserByEmail, updateUser, updateUserLastLoginAt } from "@/modules/auth/lib/user";
@@ -178,7 +183,7 @@ export const authOptions: NextAuthOptions = {
     ...(ENTERPRISE_LICENSE_KEY ? getSSOProviders() : []),
   ],
   session: {
-    maxAge: 3600,
+    maxAge: SESSION_MAX_AGE,
   },
   callbacks: {
     async jwt({ token }) {

apps/web/modules/auth/lib/brevo.test.ts

@@ -1,8 +1,7 @@
 import { validateInputs } from "@/lib/utils/validate";
-import { Response } from "node-fetch";
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { logger } from "@formbricks/logger";
-import { createBrevoCustomer } from "./brevo";
+import { createBrevoCustomer, updateBrevoCustomer } from "./brevo";
 
 vi.mock("@/lib/constants", () => ({
   BREVO_API_KEY: "mock_api_key",
@@ -42,18 +41,87 @@ describe("createBrevoCustomer", () => {
 
     await createBrevoCustomer({ id: "123", email: "test@example.com" });
 
+    expect(validateInputs).toHaveBeenCalled();
     expect(loggerSpy).toHaveBeenCalledWith(expect.any(Error), "Error sending user to Brevo");
   });
 
-  test("should log the error response if fetch status is not 200", async () => {
+  test("should log the error response if fetch status is not 201", async () => {
     const loggerSpy = vi.spyOn(logger, "error");
 
     vi.mocked(global.fetch).mockResolvedValueOnce(
-      new Response("Bad Request", { status: 400, statusText: "Bad Request" })
+      new global.Response("Bad Request", { status: 400, statusText: "Bad Request" })
     );
 
     await createBrevoCustomer({ id: "123", email: "test@example.com" });
 
+    expect(validateInputs).toHaveBeenCalled();
     expect(loggerSpy).toHaveBeenCalledWith({ errorText: "Bad Request" }, "Error sending user to Brevo");
   });
 });
+
+describe("updateBrevoCustomer", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  test("should return early if BREVO_API_KEY is not defined", async () => {
+    vi.doMock("@/lib/constants", () => ({
+      BREVO_API_KEY: undefined,
+      BREVO_LIST_ID: "123",
+    }));
+
+    const { updateBrevoCustomer } = await import("./brevo"); // Re-import to get the mocked version
+
+    const result = await updateBrevoCustomer({ id: "user123", email: "test@example.com" });
+
+    expect(result).toBeUndefined();
+    expect(global.fetch).not.toHaveBeenCalled();
+    expect(validateInputs).not.toHaveBeenCalled();
+  });
+
+  test("should log an error if fetch fails", async () => {
+    const loggerSpy = vi.spyOn(logger, "error");
+
+    vi.mocked(global.fetch).mockRejectedValueOnce(new Error("Fetch failed"));
+
+    await updateBrevoCustomer({ id: "user123", email: "test@example.com" });
+
+    expect(validateInputs).toHaveBeenCalled();
+    expect(loggerSpy).toHaveBeenCalledWith(expect.any(Error), "Error updating user in Brevo");
+  });
+
+  test("should log the error response if fetch status is not 204", async () => {
+    const loggerSpy = vi.spyOn(logger, "error");
+
+    vi.mocked(global.fetch).mockResolvedValueOnce(
+      new global.Response("Bad Request", { status: 400, statusText: "Bad Request" })
+    );
+
+    await updateBrevoCustomer({ id: "user123", email: "test@example.com" });
+
+    expect(validateInputs).toHaveBeenCalled();
+    expect(loggerSpy).toHaveBeenCalledWith({ errorText: "Bad Request" }, "Error updating user in Brevo");
+  });
+
+  test("should successfully update a Brevo customer", async () => {
+    vi.mocked(global.fetch).mockResolvedValueOnce(new global.Response(null, { status: 204 }));
+
+    await updateBrevoCustomer({ id: "user123", email: "test@example.com" });
+
+    expect(global.fetch).toHaveBeenCalledWith(
+      "https://api.brevo.com/v3/contacts/user123?identifierType=ext_id",
+      expect.objectContaining({
+        method: "PUT",
+        headers: {
+          Accept: "application/json",
+          "api-key": "mock_api_key",
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify({
+          attributes: { EMAIL: "test@example.com" },
+        }),
+      })
+    );
+    expect(validateInputs).toHaveBeenCalled();
+  });
+});

apps/web/modules/auth/lib/brevo.ts

@@ -4,6 +4,26 @@ import { logger } from "@formbricks/logger";
 import { ZId } from "@formbricks/types/common";
 import { TUserEmail, ZUserEmail } from "@formbricks/types/user";
 
+type BrevoCreateContact = {
+  email?: string;
+  ext_id?: string;
+  attributes?: Record<string, string | string[]>;
+  emailBlacklisted?: boolean;
+  smsBlacklisted?: boolean;
+  listIds?: number[];
+  updateEnabled?: boolean;
+  smtpBlacklistSender?: string[];
+};
+
+type BrevoUpdateContact = {
+  attributes?: Record<string, string>;
+  emailBlacklisted?: boolean;
+  smsBlacklisted?: boolean;
+  listIds?: number[];
+  unlinkListIds?: number[];
+  smtpBlacklistSender?: string[];
+};
+
 export const createBrevoCustomer = async ({ id, email }: { id: string; email: TUserEmail }) => {
   if (!BREVO_API_KEY) {
     return;
@@ -12,7 +32,7 @@ export const createBrevoCustomer = async ({ id, email }: { id: string; email: TU
   validateInputs([id, ZId], [email, ZUserEmail]);
 
   try {
-    const requestBody: any = {
+    const requestBody: BrevoCreateContact = {
       email,
       ext_id: id,
       updateEnabled: false,
@@ -34,7 +54,7 @@ export const createBrevoCustomer = async ({ id, email }: { id: string; email: TU
       body: JSON.stringify(requestBody),
     });
 
-    if (res.status !== 200) {
+    if (res.status !== 201) {
       const errorText = await res.text();
       logger.error({ errorText }, "Error sending user to Brevo");
     }
@@ -42,3 +62,36 @@ export const createBrevoCustomer = async ({ id, email }: { id: string; email: TU
     logger.error(error, "Error sending user to Brevo");
   }
 };
+
+export const updateBrevoCustomer = async ({ id, email }: { id: string; email: TUserEmail }) => {
+  if (!BREVO_API_KEY) {
+    return;
+  }
+
+  validateInputs([id, ZId], [email, ZUserEmail]);
+
+  try {
+    const requestBody: BrevoUpdateContact = {
+      attributes: {
+        EMAIL: email,
+      },
+    };
+
+    const res = await fetch(`https://api.brevo.com/v3/contacts/${id}?identifierType=ext_id`, {
+      method: "PUT",
+      headers: {
+        Accept: "application/json",
+        "Content-Type": "application/json",
+        "api-key": BREVO_API_KEY,
+      },
+      body: JSON.stringify(requestBody),
+    });
+
+    if (res.status !== 204) {
+      const errorText = await res.text();
+      logger.error({ errorText }, "Error updating user in Brevo");
+    }
+  } catch (error) {
+    logger.error(error, "Error updating user in Brevo");
+  }
+};

apps/web/modules/auth/verification-requested/components/request-verification-email.test.tsx

@@ -0,0 +1,81 @@
+import "@testing-library/jest-dom/vitest";
+import { cleanup, fireEvent, render, screen } from "@testing-library/react";
+import toast from "react-hot-toast";
+import { afterEach, describe, expect, test, vi } from "vitest";
+import { resendVerificationEmailAction } from "../actions";
+import { RequestVerificationEmail } from "./request-verification-email";
+
+// Mock dependencies
+vi.mock("@tolgee/react", () => ({
+  useTranslate: () => ({
+    t: (key: string, params?: { email?: string }) => {
+      if (key === "auth.verification-requested.no_email_provided") {
+        return "No email provided";
+      }
+      if (key === "auth.verification-requested.verification_email_successfully_sent") {
+        return `Verification email sent to ${params?.email}`;
+      }
+      if (key === "auth.verification-requested.resend_verification_email") {
+        return "Resend verification email";
+      }
+      return key;
+    },
+  }),
+}));
+
+vi.mock("react-hot-toast", () => ({
+  default: {
+    success: vi.fn(),
+    error: vi.fn(),
+  },
+}));
+
+vi.mock("../actions", () => ({
+  resendVerificationEmailAction: vi.fn(),
+}));
+
+describe("RequestVerificationEmail", () => {
+  afterEach(() => {
+    cleanup();
+    vi.clearAllMocks();
+  });
+
+  test("renders resend verification email button", () => {
+    render(<RequestVerificationEmail email="test@example.com" />);
+    expect(screen.getByText("Resend verification email")).toBeInTheDocument();
+  });
+
+  test("shows error toast when no email is provided", async () => {
+    render(<RequestVerificationEmail email={null} />);
+    const button = screen.getByText("Resend verification email");
+    await fireEvent.click(button);
+    expect(toast.error).toHaveBeenCalledWith("No email provided");
+  });
+
+  test("shows success toast when verification email is sent successfully", async () => {
+    const mockEmail = "test@example.com";
+    vi.mocked(resendVerificationEmailAction).mockResolvedValueOnce({ data: true });
+
+    render(<RequestVerificationEmail email={mockEmail} />);
+    const button = screen.getByText("Resend verification email");
+    await fireEvent.click(button);
+
+    expect(resendVerificationEmailAction).toHaveBeenCalledWith({ email: mockEmail });
+    expect(toast.success).toHaveBeenCalledWith(`Verification email sent to ${mockEmail}`);
+  });
+
+  test("reloads page when visibility changes to visible", () => {
+    const mockReload = vi.fn();
+    Object.defineProperty(window, "location", {
+      value: { reload: mockReload },
+      writable: true,
+    });
+
+    render(<RequestVerificationEmail email="test@example.com" />);
+
+    // Simulate visibility change
+    document.dispatchEvent(new Event("visibilitychange"));
+
+    expect(mockReload).toHaveBeenCalled();
+  });
+});

apps/web/modules/auth/verification-requested/components/request-verification-email.tsx

@@ -31,7 +31,7 @@ export const RequestVerificationEmail = ({ email }: RequestVerificationEmailProp
     if (!email) return toast.error(t("auth.verification-requested.no_email_provided"));
     const response = await resendVerificationEmailAction({ email });
     if (response?.data) {
-      toast.success(t("auth.verification-requested.verification_email_successfully_sent"));
+      toast.success(t("auth.verification-requested.verification_email_successfully_sent", { email }));
     } else {
       const errorMessage = getFormattedErrorMessage(response);
       toast.error(errorMessage);

apps/web/modules/auth/verify-email-change/actions.ts

@@ -0,0 +1,23 @@
+"use server";
+
+import { verifyEmailChangeToken } from "@/lib/jwt";
+import { actionClient } from "@/lib/utils/action-client";
+import { updateBrevoCustomer } from "@/modules/auth/lib/brevo";
+import { updateUser } from "@/modules/auth/lib/user";
+import { z } from "zod";
+
+export const verifyEmailChangeAction = actionClient
+  .schema(z.object({ token: z.string() }))
+  .action(async ({ parsedInput }) => {
+    const { id, email } = await verifyEmailChangeToken(parsedInput.token);
+
+    if (!email) {
+      throw new Error("Email not found in token");
+    }
+    const user = await updateUser(id, { email, emailVerified: new Date() });
+    if (!user) {
+      throw new Error("User not found or email update failed");
+    }
+    await updateBrevoCustomer({ id: user.id, email: user.email });
+    return user;
+  });

apps/web/modules/auth/verify-email-change/components/email-change-sign-in.test.tsx

@@ -0,0 +1,68 @@
+import { verifyEmailChangeAction } from "@/modules/auth/verify-email-change/actions";
+import "@testing-library/jest-dom/vitest";
+import { cleanup, render, screen, waitFor } from "@testing-library/react";
+import { signOut } from "next-auth/react";
+import { afterEach, describe, expect, test, vi } from "vitest";
+import { EmailChangeSignIn } from "./email-change-sign-in";
+
+// Mock dependencies
+vi.mock("@tolgee/react", () => ({
+  useTranslate: () => ({
+    t: (key: string) => key,
+  }),
+}));
+
+vi.mock("next-auth/react", () => ({
+  signOut: vi.fn(),
+}));
+
+vi.mock("@/modules/auth/verify-email-change/actions", () => ({
+  verifyEmailChangeAction: vi.fn(),
+}));
+
+describe("EmailChangeSignIn", () => {
+  afterEach(() => {
+    cleanup();
+    vi.clearAllMocks();
+  });
+
+  test("shows loading state initially", () => {
+    render(<EmailChangeSignIn token="valid-token" />);
+    expect(screen.getByText("auth.email-change.email_verification_loading")).toBeInTheDocument();
+  });
+
+  test("handles successful email change verification", async () => {
+    vi.mocked(verifyEmailChangeAction).mockResolvedValueOnce({
+      data: { id: "123", email: "test@example.com", emailVerified: new Date(), locale: "en-US" },
+    });
+
+    render(<EmailChangeSignIn token="valid-token" />);
+
+    await waitFor(() => {
+      expect(screen.getByText("auth.email-change.email_change_success")).toBeInTheDocument();
+      expect(screen.getByText("auth.email-change.email_change_success_description")).toBeInTheDocument();
+    });
+
+    expect(signOut).toHaveBeenCalledWith({ redirect: false });
+  });
+
+  test("handles failed email change verification", async () => {
+    vi.mocked(verifyEmailChangeAction).mockResolvedValueOnce({ serverError: "Error" });
+
+    render(<EmailChangeSignIn token="invalid-token" />);
+
+    await waitFor(() => {
+      expect(screen.getByText("auth.email-change.email_verification_failed")).toBeInTheDocument();
+      expect(screen.getByText("auth.email-change.invalid_or_expired_token")).toBeInTheDocument();
+    });
+
+    expect(signOut).not.toHaveBeenCalled();
+  });
+
+  test("handles empty token", () => {
+    render(<EmailChangeSignIn token="" />);
+
+    expect(screen.getByText("auth.email-change.email_verification_failed")).toBeInTheDocument();
+    expect(screen.getByText("auth.email-change.invalid_or_expired_token")).toBeInTheDocument();
+  });
+});

apps/web/modules/auth/verify-email-change/components/email-change-sign-in.tsx

@@ -0,0 +1,66 @@
+"use client";
+
+import { verifyEmailChangeAction } from "@/modules/auth/verify-email-change/actions";
+import { useTranslate } from "@tolgee/react";
+import { signOut } from "next-auth/react";
+import { useEffect, useState } from "react";
+
+interface EmailChangeSignInProps {
+  token: string;
+}
+
+export const EmailChangeSignIn = ({ token }: EmailChangeSignInProps) => {
+  const { t } = useTranslate();
+  const [status, setStatus] = useState<"success" | "error" | "loading">("loading");
+
+  useEffect(() => {
+    const validateToken = async () => {
+      if (typeof token === "string" && token.trim() !== "") {
+        const result = await verifyEmailChangeAction({ token });
+
+        if (!result?.data) {
+          setStatus("error");
+        } else {
+          setStatus("success");
+        }
+      } else {
+        setStatus("error");
+      }
+    };
+
+    if (token) {
+      validateToken();
+    } else {
+      setStatus("error");
+    }
+  }, [token]);
+
+  useEffect(() => {
+    if (status === "success") {
+      signOut({ redirect: false });
+    }
+  }, [status]);
+
+  const text = {
+    heading: {
+      success: t("auth.email-change.email_change_success"),
+      error: t("auth.email-change.email_verification_failed"),
+      loading: t("auth.email-change.email_verification_loading"),
+    },
+    description: {
+      success: t("auth.email-change.email_change_success_description"),
+      error: t("auth.email-change.invalid_or_expired_token"),
+      loading: t("auth.email-change.email_verification_loading_description"),
+    },
+  };
+
+  return (
+    <>
+      <h1 className={`leading-2 mb-4 text-center font-bold ${status === "error" ? "text-red-600" : ""}`}>
+        {text.heading[status]}
+      </h1>
+      <p className="text-center text-sm">{text.description[status]}</p>
+      <hr className="my-4" />
+    </>
+  );
+};

apps/web/modules/auth/verify-email-change/page.test.tsx

@@ -0,0 +1,47 @@
+import "@testing-library/jest-dom/vitest";
+import { cleanup, render, screen } from "@testing-library/react";
+import { afterEach, describe, expect, test, vi } from "vitest";
+import { VerifyEmailChangePage } from "./page";
+
+// Mock the necessary dependencies
+vi.mock("@/modules/auth/components/back-to-login-button", () => ({
+  BackToLoginButton: () => <div data-testid="back-to-login">Back to Login</div>,
+}));
+
+vi.mock("@/modules/auth/components/form-wrapper", () => ({
+  FormWrapper: ({ children }: { children: React.ReactNode }) => (
+    <div data-testid="form-wrapper">{children}</div>
+  ),
+}));
+
+vi.mock("@/modules/auth/verify-email-change/components/email-change-sign-in", () => ({
+  EmailChangeSignIn: ({ token }: { token: string }) => (
+    <div data-testid="email-change-sign-in">Email Change Sign In with token: {token}</div>
+  ),
+}));
+
+describe("VerifyEmailChangePage", () => {
+  afterEach(() => {
+    cleanup();
+  });
+
+  test("renders the page with form wrapper and components", async () => {
+    const searchParams = { token: "test-token" };
+    render(await VerifyEmailChangePage({ searchParams }));
+
+    expect(screen.getByTestId("form-wrapper")).toBeInTheDocument();
+    expect(screen.getByTestId("email-change-sign-in")).toBeInTheDocument();
+    expect(screen.getByTestId("back-to-login")).toBeInTheDocument();
+    expect(screen.getByText("Email Change Sign In with token: test-token")).toBeInTheDocument();
+  });
+
+  test("handles missing token", async () => {
+    const searchParams = {};
+    render(await VerifyEmailChangePage({ searchParams }));
+
+    expect(screen.getByTestId("form-wrapper")).toBeInTheDocument();
+    expect(screen.getByTestId("email-change-sign-in")).toBeInTheDocument();
+    expect(screen.getByTestId("back-to-login")).toBeInTheDocument();
+    expect(screen.getByText("Email Change Sign In with token:")).toBeInTheDocument();
+  });
+});

apps/web/modules/auth/verify-email-change/page.tsx

@@ -0,0 +1,16 @@
+import { BackToLoginButton } from "@/modules/auth/components/back-to-login-button";
+import { FormWrapper } from "@/modules/auth/components/form-wrapper";
+import { EmailChangeSignIn } from "@/modules/auth/verify-email-change/components/email-change-sign-in";
+
+export const VerifyEmailChangePage = async ({ searchParams }) => {
+  const { token } = await searchParams;
+
+  return (
+    <div className="bg-gradient-radial flex min-h-screen from-slate-200 to-slate-50">
+      <FormWrapper>
+        <EmailChangeSignIn token={token} />
+        <BackToLoginButton />
+      </FormWrapper>
+    </div>
+  );
+};

apps/web/modules/ee/teams/team-list/components/team-settings/team-settings-modal.tsx

@@ -200,11 +200,11 @@ export const TeamSettingsModal = ({
       open={open}
       setOpen={setOpen}
       noPadding
-      className="overflow-visible"
+      className="flex max-h-[90dvh] flex-col overflow-visible"
       size="md"
       hideCloseButton
       closeOnOutsideClick={true}>
-      <div className="sticky top-0 flex h-full flex-col rounded-lg">
+      <div className="sticky top-0 z-10 rounded-t-lg bg-slate-100">
         <button
           className={cn(
             "absolute right-0 top-0 hidden pr-4 pt-4 text-slate-400 hover:text-slate-500 focus:outline-none focus:ring-0 sm:block"
@@ -213,27 +213,27 @@ export const TeamSettingsModal = ({
           <XIcon className="h-6 w-6 rounded-md bg-white" />
           <span className="sr-only">Close</span>
         </button>
-        <div className="rounded-t-lg bg-slate-100">
-          <div className="flex w-full items-center justify-between p-6">
-            <div className="flex items-center space-x-2">
-              <div>
-                <H4>
-                  {t("environments.settings.teams.team_name_settings_title", {
-                    teamName: team.name,
-                  })}
-                </H4>
-                <Muted className="text-slate-500">
-                  {t("environments.settings.teams.team_settings_description")}
-                </Muted>
-              </div>
+        <div className="flex w-full items-center justify-between p-6">
+          <div className="flex items-center space-x-2">
+            <div>
+              <H4>
+                {t("environments.settings.teams.team_name_settings_title", {
+                  teamName: team.name,
+                })}
+              </H4>
+              <Muted className="text-slate-500">
+                {t("environments.settings.teams.team_settings_description")}
+              </Muted>
             </div>
           </div>
         </div>
       </div>
       <FormProvider {...form}>
-        <form className="w-full" onSubmit={handleSubmit(handleUpdateTeam)}>
-          <div className="flex flex-col gap-6 p-6">
-            <div className="max-h-[500px] space-y-6 overflow-y-auto">
+        <form
+          className="flex w-full flex-grow flex-col overflow-hidden"
+          onSubmit={handleSubmit(handleUpdateTeam)}>
+          <div className="flex-grow space-y-6 overflow-y-auto p-6">
+            <div className="space-y-6">
               <FormField
                 control={control}
                 name="name"
@@ -512,6 +512,8 @@ export const TeamSettingsModal = ({
                 />
               </div>
             </div>
+          </div>
+          <div className="sticky bottom-0 z-10 border-slate-200 p-6">
             <div className="flex justify-between">
               <Button size="default" type="button" variant="outline" onClick={closeSettingsModal}>
                 {t("common.cancel")}

apps/web/modules/email/emails/auth/new-email-verification.tsx

@@ -0,0 +1,34 @@
+import { getTranslate } from "@/tolgee/server";
+import { Container, Heading, Link, Text } from "@react-email/components";
+import React from "react";
+import { EmailButton } from "../../components/email-button";
+import { EmailFooter } from "../../components/email-footer";
+import { EmailTemplate } from "../../components/email-template";
+
+interface VerificationEmailProps {
+  readonly verifyLink: string;
+}
+
+export async function NewEmailVerification({
+  verifyLink,
+}: VerificationEmailProps): Promise<React.JSX.Element> {
+  const t = await getTranslate();
+  return (
+    <EmailTemplate t={t}>
+      <Container>
+        <Heading>{t("emails.verification_email_heading")}</Heading>
+        <Text>{t("emails.new_email_verification_text")}</Text>
+        <Text>{t("emails.verification_security_notice")}</Text>
+        <EmailButton href={verifyLink} label={t("emails.verification_email_verify_email")} />
+        <Text>{t("emails.verification_email_click_on_this_link")}</Text>
+        <Link className="break-all text-black" href={verifyLink}>
+          {verifyLink}
+        </Link>
+        <Text className="font-bold">{t("emails.verification_email_link_valid_for_24_hours")}</Text>
+        <EmailFooter t={t} />
+      </Container>
+    </EmailTemplate>
+  );
+}
+
+export default NewEmailVerification;

apps/web/modules/email/index.tsx

@@ -12,8 +12,9 @@ import {
   WEBAPP_URL,
 } from "@/lib/constants";
 import { getSurveyDomain } from "@/lib/getSurveyUrl";
-import { createInviteToken, createToken, createTokenForLinkSurvey } from "@/lib/jwt";
+import { createEmailChangeToken, createInviteToken, createToken, createTokenForLinkSurvey } from "@/lib/jwt";
 import { getOrganizationByEnvironmentId } from "@/lib/organization/service";
+import NewEmailVerification from "@/modules/email/emails/auth/new-email-verification";
 import { EmailCustomizationPreviewEmail } from "@/modules/email/emails/general/email-customization-preview-email";
 import { getTranslate } from "@/tolgee/server";
 import { render } from "@react-email/render";
@@ -86,6 +87,25 @@ export const sendEmail = async (emailData: SendEmailDataProps): Promise<boolean>
   }
 };
 
+export const sendVerificationNewEmail = async (id: string, email: string): Promise<boolean> => {
+  try {
+    const t = await getTranslate();
+    const token = createEmailChangeToken(id, email);
+    const verifyLink = `${WEBAPP_URL}/verify-email-change?token=${encodeURIComponent(token)}`;
+
+    const html = await render(await NewEmailVerification({ verifyLink }));
+
+    return await sendEmail({
+      to: email,
+      subject: t("emails.verification_new_email_subject"),
+      html,
+    });
+  } catch (error) {
+    logger.error(error, "Error in sendVerificationNewEmail");
+    throw error;
+  }
+};
+
 export const sendVerificationEmail = async ({
   id,
   email,

apps/web/modules/organization/settings/api-keys/components/api-key-list.test.tsx

@@ -30,6 +30,7 @@ vi.mock("@/lib/constants", () => ({
   OIDC_CLIENT_SECRET: "test-oidc-client-secret",
   OIDC_SIGNING_ALGORITHM: "test-oidc-signing-algorithm",
   WEBAPP_URL: "test-webapp-url",
+  SESSION_MAX_AGE: 1000,
 }));
 
 // Mock @/lib/env

apps/web/modules/organization/settings/teams/tests/actions.test.ts

@@ -122,6 +122,7 @@ vi.mock("@/lib/constants", () => ({
   SAML_DATABASE_URL: "test-saml-db-url",
   NEXTAUTH_SECRET: "test-nextauth-secret",
   WEBAPP_URL: "http://localhost:3000",
+  SESSION_MAX_AGE: 1000,
 }));
 
 describe("Organization Settings Teams Actions", () => {

apps/web/modules/setup/organization/[organizationId]/invite/page.test.tsx

@@ -54,6 +54,7 @@ vi.mock("@/lib/constants", () => ({
   TURNSTILE_SITE_KEY: "test-turnstile-site-key",
   SAML_OAUTH_ENABLED: true,
   SMTP_PASSWORD: "smtp-password",
+  SESSION_MAX_AGE: 1000,
 }));
 
 // Mock the InviteMembers component

apps/web/modules/setup/organization/create/page.test.tsx

@@ -56,6 +56,7 @@ vi.mock("@/lib/constants", () => ({
   TURNSTILE_SITE_KEY: "test-turnstile-site-key",
   SAML_OAUTH_ENABLED: true,
   SMTP_PASSWORD: "smtp-password",
+  SESSION_MAX_AGE: 1000,
 }));
 
 // Mock the CreateOrganization component

apps/web/modules/survey/editor/components/end-screen-form.test.tsx

@@ -49,6 +49,7 @@ vi.mock("@/lib/constants", () => ({
   SMTP_HOST: "mock-smtp-host",
   SMTP_PORT: "mock-smtp-port",
   IS_POSTHOG_CONFIGURED: true,
+  SESSION_MAX_AGE: 1000,
 }));
 
 vi.mock("@tolgee/react", () => ({

apps/web/modules/survey/link/components/verify-email.test.tsx

@@ -37,6 +37,7 @@ vi.mock("@/lib/constants", () => ({
   SMTP_PORT: 587,
   SMTP_USERNAME: "user@example.com",
   SMTP_PASSWORD: "password",
+  SESSION_MAX_AGE: 1000,
 }));
 
 vi.mock("@/modules/survey/link/actions");

apps/web/modules/survey/link/metadata.test.ts

@@ -75,6 +75,18 @@ describe("getMetadataForLinkSurvey", () => {
         title: mockSurveyName,
         images: [mockOgImageUrl],
       },
+      alternates: {
+        canonical: `/s/${mockSurveyId}`,
+      },
+      robots: {
+        index: false,
+        follow: true,
+        googleBot: {
+          index: false,
+          follow: true,
+          noimageindex: true,
+        },
+      },
     });
   });
 
@@ -147,6 +159,18 @@ describe("getMetadataForLinkSurvey", () => {
         title: mockSurveyName,
         images: [mockOgImageUrl],
       },
+      alternates: {
+        canonical: `/s/${mockSurveyId}`,
+      },
+      robots: {
+        index: false,
+        follow: true,
+        googleBot: {
+          index: false,
+          follow: true,
+          noimageindex: true,
+        },
+      },
     });
   });
 
@@ -174,6 +198,18 @@ describe("getMetadataForLinkSurvey", () => {
         title: mockSurveyName,
         images: [mockOgImageUrl],
       },
+      alternates: {
+        canonical: `/s/${mockSurveyId}`,
+      },
+      robots: {
+        index: false,
+        follow: true,
+        googleBot: {
+          index: false,
+          follow: true,
+          noimageindex: true,
+        },
+      },
     });
   });
 });

apps/web/modules/survey/link/metadata.ts

@@ -27,8 +27,22 @@ export const getMetadataForLinkSurvey = async (surveyId: string): Promise<Metada
     baseMetadata.twitter.images = [ogImgURL];
   }
 
+  const canonicalPath = `/s/${surveyId}`;
+
   return {
     title: survey.name,
     ...baseMetadata,
+    alternates: {
+      canonical: canonicalPath,
+    },
+    robots: {
+      index: false,
+      follow: true,
+      googleBot: {
+        index: false,
+        follow: true,
+        noimageindex: true,
+      },
+    },
   };
 };

apps/web/modules/survey/list/components/survey-card.test.tsx

@@ -25,6 +25,7 @@ vi.mock("@/lib/constants", () => ({
   FB_LOGO_URL: "https://example.com/mock-logo.png",
   SMTP_HOST: "mock-smtp-host",
   SMTP_PORT: "mock-smtp-port",
+  SESSION_MAX_AGE: 1000,
 }));
 
 describe("SurveyCard", () => {

apps/web/modules/survey/list/components/survey-filters.test.tsx

@@ -36,6 +36,7 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "https://example.com",
   ENCRYPTION_KEY: "mock-encryption-key",
   ENTERPRISE_LICENSE_KEY: "mock-license-key",
+  SESSION_MAX_AGE: 1000,
 }));
 
 // Track the callback for useDebounce to better control when it fires

apps/web/modules/ui/components/modal/index.tsx

@@ -6,7 +6,7 @@ import * as React from "react";
 const DialogPortal = DialogPrimitive.Portal;
 
 const DialogOverlay = React.forwardRef<
-  React.ElementRef<typeof DialogPrimitive.Overlay>,
+  React.ComponentRef<typeof DialogPrimitive.Overlay>,
   React.ComponentPropsWithoutRef<typeof DialogPrimitive.Overlay> & { blur?: boolean }
 >(({ className, blur, ...props }, ref) => (
   <DialogPrimitive.Overlay
@@ -35,7 +35,7 @@ const sizeClassName = {
 };
 
 const DialogContent = React.forwardRef<
-  React.ElementRef<typeof DialogPrimitive.Content>,
+  React.ComponentRef<typeof DialogPrimitive.Content>,
   React.ComponentPropsWithoutRef<typeof DialogPrimitive.Content> & DialogContentProps
 >(
   (

apps/web/playwright/js.spec.ts

@@ -138,7 +138,7 @@ test.describe("JS Package Test", async () => {
     const impressionsCount = await page.getByRole("button", { name: "Impressions" }).innerText();
     expect(impressionsCount).toEqual("Impressions\n\n1");
 
-    await expect(page.getByRole("link", { name: "Responses (1)" })).toBeVisible();
+    await expect(page.getByRole("link", { name: "Responses" })).toBeVisible();
     await expect(page.getByRole("button", { name: "Completed 100%" })).toBeVisible();
     await expect(page.getByText("1 Responses", { exact: true }).first()).toBeVisible();
     await expect(page.getByText("CTR100%")).toBeVisible();