Refactor User Settings (#3900)

* moved avatar to profile page

* combined password change, email and account deletion into account settings page

* combined totp, access tokens, linked accounts and openid into security settings page

* move access tokens to applications settings page

* small change to restart drone build

* fix change avatar url on profile page

* redirect old settings urls to new ones

* enforce only one autofocus attribute on settings pages

* set correct redirect status code

* fmt fix

Author: daviian

integrations/delete_user_test.go

@@ -43,8 +43,8 @@ func TestUserDeleteAccount(t *testing.T) {
 	prepareTestEnv(t)
 
 	session := loginUser(t, "user8")
-	csrf := GetCSRF(t, session, "/user/settings/delete")
-	urlStr := fmt.Sprintf("/user/settings/delete?password=%s", userPassword)
+	csrf := GetCSRF(t, session, "/user/settings/account")
+	urlStr := fmt.Sprintf("/user/settings/account/delete?password=%s", userPassword)
 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
 		"_csrf": csrf,
 	})
@@ -58,8 +58,8 @@ func TestUserDeleteAccountStillOwnRepos(t *testing.T) {
 	prepareTestEnv(t)
 
 	session := loginUser(t, "user2")
-	csrf := GetCSRF(t, session, "/user/settings/delete")
-	urlStr := fmt.Sprintf("/user/settings/delete?password=%s", userPassword)
+	csrf := GetCSRF(t, session, "/user/settings/account")
+	urlStr := fmt.Sprintf("/user/settings/account/delete?password=%s", userPassword)
 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
 		"_csrf": csrf,
 	})

integrations/links_test.go

@@ -93,15 +93,12 @@ func testLinksAsUser(userName string, t *testing.T) {
 		"/user2?tab=stars",
 		"/user2?tab=activity",
 		"/user/settings",
-		"/user/settings/avatar",
+		"/user/settings/account",
 		"/user/settings/security",
 		"/user/settings/security/two_factor/enroll",
-		"/user/settings/email",
 		"/user/settings/keys",
-		"/user/settings/applications",
-		"/user/settings/account_link",
 		"/user/settings/organization",
-		"/user/settings/delete",
+		"/user/settings/repos",
 	}
 
 	session := loginUser(t, userName)

options/locale/locale_en-US.ini

@@ -306,12 +306,13 @@ form.name_pattern_not_allowed = The pattern '%s' is not allowed in a username.
 
 [settings]
 profile = Profile
+account = Account
 password = Password
 security = Security
 avatar = Avatar
 ssh_gpg_keys = SSH / GPG Keys
 social = Social Accounts
-applications = Access Tokens
+applications = Applications
 orgs = Manage Organizations
 repos = Repositories
 delete = Delete Account

routers/routes/routes.go

@@ -37,6 +37,7 @@ import (
 	"github.com/go-macaron/session"
 	"github.com/go-macaron/toolbox"
 	"gopkg.in/macaron.v1"
+	"net/http"
 )
 
 // NewMacaron initializes Macaron instance.
@@ -217,35 +218,54 @@ func RegisterRoutes(m *macaron.Macaron) {
 	m.Group("/user/settings", func() {
 		m.Get("", user.Settings)
 		m.Post("", bindIgnErr(auth.UpdateProfileForm{}), user.SettingsPost)
-		m.Combo("/avatar").Get(user.SettingsAvatar).
-			Post(binding.MultipartForm(auth.AvatarForm{}), user.SettingsAvatarPost)
+		m.Post("/avatar", binding.MultipartForm(auth.AvatarForm{}), user.SettingsAvatarPost)
 		m.Post("/avatar/delete", user.SettingsDeleteAvatar)
-		m.Combo("/email").Get(user.SettingsEmails).
-			Post(bindIgnErr(auth.AddEmailForm{}), user.SettingsEmailPost)
-		m.Post("/email/delete", user.DeleteEmail)
-		m.Get("/security", user.SettingsSecurity)
-		m.Post("/security", bindIgnErr(auth.ChangePasswordForm{}), user.SettingsSecurityPost)
-		m.Group("/openid", func() {
-			m.Combo("").Get(user.SettingsOpenID).
-				Post(bindIgnErr(auth.AddOpenIDForm{}), user.SettingsOpenIDPost)
-			m.Post("/delete", user.DeleteOpenID)
-			m.Post("/toggle_visibility", user.ToggleOpenIDVisibility)
-		}, openIDSignInEnabled)
-		m.Combo("/keys").Get(user.SettingsKeys).
-			Post(bindIgnErr(auth.AddKeyForm{}), user.SettingsKeysPost)
-		m.Post("/keys/delete", user.DeleteKey)
+		m.Group("/account", func() {
+			m.Combo("").Get(user.SettingsAccount).Post(bindIgnErr(auth.ChangePasswordForm{}), user.SettingsAccountPost)
+			m.Post("/email", bindIgnErr(auth.AddEmailForm{}), user.SettingsEmailPost)
+			m.Post("/email/delete", user.DeleteEmail)
+			m.Post("/delete", user.SettingsDelete)
+		})
+		m.Group("/security", func() {
+			m.Get("", user.SettingsSecurity)
+			m.Group("/two_factor", func() {
+				m.Post("/regenerate_scratch", user.SettingsTwoFactorRegenerateScratch)
+				m.Post("/disable", user.SettingsTwoFactorDisable)
+				m.Get("/enroll", user.SettingsTwoFactorEnroll)
+				m.Post("/enroll", bindIgnErr(auth.TwoFactorAuthForm{}), user.SettingsTwoFactorEnrollPost)
+			})
+			m.Group("/openid", func() {
+				m.Post("", bindIgnErr(auth.AddOpenIDForm{}), user.SettingsOpenIDPost)
+				m.Post("/delete", user.DeleteOpenID)
+				m.Post("/toggle_visibility", user.ToggleOpenIDVisibility)
+			}, openIDSignInEnabled)
+			m.Post("/account_link", user.SettingsDeleteAccountLink)
+		})
 		m.Combo("/applications").Get(user.SettingsApplications).
 			Post(bindIgnErr(auth.NewAccessTokenForm{}), user.SettingsApplicationsPost)
 		m.Post("/applications/delete", user.SettingsDeleteApplication)
-		m.Route("/delete", "GET,POST", user.SettingsDelete)
-		m.Combo("/account_link").Get(user.SettingsAccountLinks).Post(user.SettingsDeleteAccountLink)
+		m.Combo("/keys").Get(user.SettingsKeys).
+			Post(bindIgnErr(auth.AddKeyForm{}), user.SettingsKeysPost)
+		m.Post("/keys/delete", user.DeleteKey)
 		m.Get("/organization", user.SettingsOrganization)
 		m.Get("/repos", user.SettingsRepos)
-		m.Group("/security/two_factor", func() {
-			m.Post("/regenerate_scratch", user.SettingsTwoFactorRegenerateScratch)
-			m.Post("/disable", user.SettingsTwoFactorDisable)
-			m.Get("/enroll", user.SettingsTwoFactorEnroll)
-			m.Post("/enroll", bindIgnErr(auth.TwoFactorAuthForm{}), user.SettingsTwoFactorEnrollPost)
+
+		// redirects from old settings urls to new ones
+		// TODO: can be removed on next major version
+		m.Get("/avatar", func(ctx *context.Context) {
+			ctx.Redirect(setting.AppSubURL+"/user/settings", http.StatusMovedPermanently)
+		})
+		m.Get("/email", func(ctx *context.Context) {
+			ctx.Redirect(setting.AppSubURL+"/user/settings/account", http.StatusMovedPermanently)
+		})
+		m.Get("/delete", func(ctx *context.Context) {
+			ctx.Redirect(setting.AppSubURL+"/user/settings/account", http.StatusMovedPermanently)
+		})
+		m.Get("/openid", func(ctx *context.Context) {
+			ctx.Redirect(setting.AppSubURL+"/user/settings/security", http.StatusMovedPermanently)
+		})
+		m.Get("/account_link", func(ctx *context.Context) {
+			ctx.Redirect(setting.AppSubURL+"/user/settings/security", http.StatusMovedPermanently)
 		})
 	}, reqSignIn, func(ctx *context.Context) {
 		ctx.Data["PageIsUserSettings"] = true