Move Public Key to the new Settings tab

[xecdev]

This PR implements #117.

Test Plan:

• Install the updated plugin
• Check the new Settings tab

Summary by CodeRabbit

• New Features

  • Added a dedicated Settings page for managing plugin configuration.

• Changes

  • Relocated Public Key configuration from Paywall Settings to the new Settings page for improved organization.

[coderabbitai]

Warning

Rate limit exceeded

@xecdev has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 41 minutes and 45 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

This PR removes the activation-time admin redirect flag and relocates the PayButton Public Key UI and save flow from the Paywall Settings to a new dedicated Settings page, refactoring admin form handling accordingly.

Changes

Cohort / File(s)	Summary
Activation Behavior Removal includes/class-paybutton-activator.php	Removed the activation-time update_option call that set paybutton_activation_redirect (no other activation logic changed).
Admin Settings Restructuring includes/class-paybutton-admin.php	Replaced handle_save_settings() with process_settings_forms(), added settings_page() and a dedicated Settings submenu, split public-key save into its own form/nonce/capability branch, and updated admin notices to reference the new Settings page.
Settings Template Migration templates/admin/paywall-settings.php, templates/admin/settings.php	Removed the PayButton Public Key input and user guide from the Paywall Settings template and added a new templates/admin/settings.php template containing the Public Key field, guidance, and save form UI.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• make public key field mandatory #102: Touches the same public-key admin handling and UI; closely related to moving/enforcing public-key behavior.
• Secure “Login via Cashtab” Flow (Server-Verified Login Tokens) #90: Alters PayButton_Activator::activate() and the activation redirect behavior this PR removes.

Suggested labels

enhancement (behind the scenes)

Suggested reviewers

• Klakurka

Poem

🐰 Keys hopped out from the paywall night,
A Settings home found, tidy and bright,
Activation redirect quietly set free,
Admin forms now split, neat as can be,
I nibble a carrot and celebrate with glee.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 57.14% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Move Public Key to the new Settings tab' directly and clearly summarizes the main change in the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/new-settings-tab

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@includes/class-paybutton-admin.php`:
- Around line 109-122: The handler block that verifies paybutton_settings_save
and updates the option uses $_POST['paybutton_public_key'] unconditionally,
which can produce notices or save an empty value; before calling
sanitize_text_field and update_option('paybutton_public_key', ...), check that
isset($_POST['paybutton_public_key']) and that the sanitized value is not empty
(short-circuit/return early or add an admin error notice) after the nonce
(wp_verify_nonce) and capability (current_user_can) checks; ensure you reference
the same request keys (paybutton_public_key, paybutton_settings_nonce) and only
call update_option when the value is present and non-empty.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@includes/class-paybutton-admin.php`:
- Line 299: The current assignment for 'settings_saved' uses
isset($_GET['settings-updated']) which treats both settings-updated=true and
settings-updated=false as success; change the check to compare the query value
strictly to the string 'true' (i.e., $_GET['settings-updated'] === 'true') so
the 'settings_saved' flag only becomes true on an explicit successful redirect;
update the 'settings_saved' array entry (in the class handling admin notices
where 'settings_saved' is set) to use that strict comparison, matching the other
handlers that already use === 'true'.

🧹 Nitpick comments (1)

includes/class-paybutton-admin.php (1)

119-124: Consider adding an admin notice for validation failure.

The empty key check correctly prevents saving, but the redirect with settings-updated=false doesn't inform the user why the save failed. Consider adding a transient-based error message or query parameter to display a specific notice.

💡 Suggested improvement

             if ( empty( $_POST['paybutton_public_key'] ) ) {
+                set_transient( 'paybutton_settings_error', 'Public key cannot be empty.', 30 );
                 wp_safe_redirect(
-                    admin_url( 'admin.php?page=paybutton-settings&settings-updated=false' )
+                    admin_url( 'admin.php?page=paybutton-settings&settings-updated=error' )
                 );
                 exit;
             }

Then in settings_page(), check for the transient and display the error.