Skip to content

feat: add Settings page with API tokens and account deletion#81

Merged
tomasz-tomczyk merged 12 commits intomainfrom
worktree-settings-page
Apr 10, 2026
Merged

feat: add Settings page with API tokens and account deletion#81
tomasz-tomczyk merged 12 commits intomainfrom
worktree-settings-page

Conversation

@tomasz-tomczyk
Copy link
Copy Markdown
Owner

@tomasz-tomczyk tomasz-tomczyk commented Apr 10, 2026

Summary

  • Adds a GitHub-style Settings page at /settings accessible to all authenticated users (selfhosted and hosted)
  • Account section — displays user profile info (name, email, provider)
  • API Tokens section — create and revoke CLI authentication tokens (replaces standalone /tokens page)
  • Danger Zone — delete account with typed confirmation (GitHub-style). Cascades: tokens deleted, device codes deleted, reviews preserved with ownership cleared
  • New :require_user LiveView hook that works in both selfhosted and hosted modes
  • Updates dashboard header to link to Settings instead of API Tokens
  • OAuth callback redirects hosted users to /settings instead of /dashboard

Test plan

  • Visit /settings without auth → redirected to OAuth login
  • After OAuth login, settings page renders with account info
  • Create an API token → plaintext shown with copy button
  • Revoke a token → confirmation dialog, token removed from list
  • Type confirmation text to enable delete account button
  • Wrong confirmation text → button stays disabled
  • Delete account → redirected to home, user record gone
  • Selfhosted dashboard header shows "Settings" link
  • mix precommit passes (381 tests, 0 failures)

🤖 Generated with Claude Code

tomasz-tomczyk and others added 12 commits April 10, 2026 09:48
@tomasz-tomczyk @claude
feat: add :require_user hook and minimal settings LiveView
2d671c9 
Introduces a new on_mount hook that works for both selfhosted and
hosted users, plus skeleton SettingsLive at /settings.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomasz-tomczyk @claude
feat: add Accounts.delete_account/1 with cascade cleanup
9af8bf2 
Deletes user, cascading to API tokens and device codes. Reviews are
preserved with user_id set to nil via DB cascade.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomasz-tomczyk @claude
feat: build settings page with account info, tokens, and danger zone
dea6ee0 
GitHub-style layout with sidebar navigation. Includes API token
management (create/revoke) and account deletion with typed confirmation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomasz-tomczyk @claude
test: add comprehensive settings LiveView tests
9edd6dc 
Covers token CRUD, delete account with confirmation flow, and account
info display.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomasz-tomczyk @claude
refactor: replace standalone tokens page with settings page
1d5fe52 
Updates dashboard header to link to Settings. Removes TokensLive
since its functionality is now part of SettingsLive.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomasz-tomczyk @claude
fix: redirect hosted users to /settings after OAuth login
b197611 
Non-selfhosted users now land on /settings instead of /dashboard
(which would redirect to / since dashboard is selfhosted-only).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomasz-tomczyk @claude
chore: fix formatting from mix format
0546680 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomasz-tomczyk @claude
fix: remove unnecessary global oauth config from settings tests
4087175 
The settings tests don't need oauth_provider configured globally.
Removing it fixes test isolation issues with DashboardLiveTest
and allows the test module to run with async: true.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomasz-tomczyk @claude
fix: guard require_user hook against missing OAuth provider
a031a8d 
Redirects to / instead of /auth/login when no OAuth provider is
configured, preventing a 500 error from nil strategy.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomasz-tomczyk @claude
fix: handle data-confirm on phx-click buttons in LiveView
e492652 
phoenix_html.js only handles data-confirm for elements with data-method
(e.g. <.link method="delete">), not for LiveView phx-click buttons.
This caused the Revoke button on the settings page to silently fail —
no event reached the server.

Add a capture-phase click handler that intercepts data-confirm on
phx-click elements: shows the native confirm dialog, blocks the event
on cancel, and temporarily strips data-confirm on confirm to prevent
phoenix_html.js from showing a duplicate dialog.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomasz-tomczyk @claude
fix: remove redundant data-confirm JS handler
da6eaf8 
phoenix_html.js already handles data-confirm on all clicked elements,
including phx-click buttons — it dispatches a phoenix.link.click custom
event that checks for data-confirm and shows window.confirm(). The
capture-phase handler added in 5cd7e62 was unnecessary and could cause
double-confirm dialogs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomasz-tomczyk @claude
ui: move token creation form above token list
c648a08 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomasz-tomczyk tomasz-tomczyk force-pushed the worktree-settings-page branch from 1d44085 to c648a08 Compare April 10, 2026 08:54
@tomasz-tomczyk tomasz-tomczyk merged commit d640160 into main Apr 10, 2026
1 check passed
@tomasz-tomczyk tomasz-tomczyk deleted the worktree-settings-page branch April 10, 2026 08:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tomasz-tomczyk