Skip to content

feat(settings): in-place PAT replacement#109

Merged
wgordon17 merged 4 commits into
gordon-code:mainfrom
wgordon17:worktree-feat+replace-pat
May 8, 2026
Merged

feat(settings): in-place PAT replacement#109
wgordon17 merged 4 commits into
gordon-code:mainfrom
wgordon17:worktree-feat+replace-pat

Conversation

@wgordon17
Copy link
Copy Markdown
Member

@wgordon17 wgordon17 commented May 7, 2026

Summary

  • Adds Replace Token form in Settings > Data > Authentication for PAT users to swap tokens without signing out
  • Validates new token against GitHub API before storing, with same-token and stale-form guards
  • Extends cross-tab StorageEvent handler to sync token replacement across open tabs
  • 14 new tests, full a11y support (aria-expanded, aria-controls, aria-busy, aria-describedby)

wgordon17 added 2 commits May 7, 2026 14:06
@wgordon17
feat(settings): in-place PAT replacement
751e091 
Add a Replace Token form to Settings > Data > Authentication for PAT
users. Validates new token against GitHub /user API before storing.
Includes same-token guard, stale-form guard, focus management, and
full a11y support (aria-expanded, aria-controls, aria-busy,
aria-describedby).

Extend the cross-tab StorageEvent handler to detect token replacement
and sync across tabs via a lightweight /user fetch with generation
counter for rapid-replacement safety.

14 new tests covering the replace-token flow and cross-tab sync.
@wgordon17
docs: token replacement in user guide
cc1cfba 
Adds a note under Personal Access Token Sign-In explaining
how to replace an expired or rotated PAT via Settings.
@wgordon17 wgordon17 force-pushed the worktree-feat+replace-pat branch from 611f3d0 to cc1cfba Compare May 7, 2026 18:29
wgordon17 added 2 commits May 7, 2026 14:46
@wgordon17
fix(settings): abort in-flight fetch on Cancel, fix test assertions
c4f6e6f 
Adds AbortController to handleReplaceToken — Cancel aborts the
in-flight /user fetch, immediately resetting replaceSubmitting via
the catch/finally chain. Prevents the form from staying locked when
the user cancels during slow API responses.

Fixes auth.test.ts: user-preserved test now sets a real user before
StorageEvent to prove preservation, not just null-stays-null.
@wgordon17
fix(auth): drain response body on non-ok cross-tab fetch
4eeb66a 
Consumes the response body via r.body.cancel() when the cross-tab
/user fetch returns a non-OK status, preventing connection pool
drain on repeated events.

Also strengthens the input-cleared test to reopen the form and
verify the input signal was actually reset, not just that the DOM
element was removed.
@wgordon17 wgordon17 marked this pull request as ready for review May 8, 2026 17:14
@wgordon17 wgordon17 merged commit a6efa0f into gordon-code:main May 8, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wgordon17