fix(settings): opens GitHub app settings for org access

wgordon17 · wgordon17 · commit ed386dc5489d · 2026-03-25T11:09:35.000-04:00
diff --git a/src/app/components/settings/SettingsPage.tsx b/src/app/components/settings/SettingsPage.tsx
@@ -3,7 +3,7 @@ import { useNavigate } from "@solidjs/router";
 import { config, updateConfig } from "../../stores/config";
 import { clearAuth } from "../../stores/auth";
 import { clearCache } from "../../stores/cache";
-import { buildAuthorizeUrl, MERGE_ORGS_KEY } from "../../lib/oauth";
+import { buildOrgAccessUrl } from "../../lib/oauth";
 import { fetchOrgs } from "../../services/api";
 import { getClient } from "../../services/github";
 import OrgSelector from "../onboarding/OrgSelector";
@@ -153,7 +153,7 @@ export default function SettingsPage() {
   const [confirmClearCache, setConfirmClearCache] = createSignal(false);
   const [confirmReset, setConfirmReset] = createSignal(false);
   const [cacheClearing, setCacheClearing] = createSignal(false);
-  const [reauthing, setReauthing] = createSignal(false);
+  const [merging, setMerging] = createSignal(false);
   const [notifPermission, setNotifPermission] = createSignal<NotificationPermission>(
     typeof Notification !== "undefined" ? Notification.permission : "default"
   );
@@ -191,20 +191,14 @@ export default function SettingsPage() {
     };
     mq.addEventListener("change", handler);
     onCleanup(() => mq.removeEventListener("change", handler));
-
-    // Auto-merge newly accessible orgs after re-auth redirect
-    const shouldMerge = sessionStorage.getItem(MERGE_ORGS_KEY);
-    if (shouldMerge) {
-      sessionStorage.removeItem(MERGE_ORGS_KEY);
-      void mergeNewOrgs();
-    }
   });
 
   // ── Helpers ──────────────────────────────────────────────────────────────
 
   async function mergeNewOrgs() {
     const client = getClient();
     if (!client) return;
+    setMerging(true);
     const snapshot = [...config.selectedOrgs];
     try {
       const allOrgs = await fetchOrgs(client);
@@ -221,15 +215,20 @@ export default function SettingsPage() {
       }
     } catch {
       // Non-fatal — user can manually manage orgs
+    } finally {
+      setMerging(false);
     }
   }
 
-  function handleReAuth() {
-    setReauthing(true);
-    // Reset if navigation doesn't happen (e.g., beforeunload dialog blocks redirect)
-    setTimeout(() => setReauthing(false), 3000);
-    sessionStorage.setItem(MERGE_ORGS_KEY, "true");
-    window.location.href = buildAuthorizeUrl({ returnTo: "/settings" });
+  function handleGrantOrgs() {
+    window.open(buildOrgAccessUrl(), "_blank", "noopener");
+    // Auto-merge newly accessible orgs when user returns from GitHub settings
+    const onFocus = () => {
+      window.removeEventListener("focus", onFocus);
+      void mergeNewOrgs();
+    };
+    window.addEventListener("focus", onFocus);
+    onCleanup(() => window.removeEventListener("focus", onFocus));
   }
 
   function handleOrgsChange(orgs: string[]) {
@@ -408,16 +407,16 @@ export default function SettingsPage() {
                     Organization Access
                   </p>
                   <p class="text-xs text-gray-500 dark:text-gray-400">
-                    Re-authorize with GitHub to grant access to additional organizations
+                    Manage organization access on GitHub — new orgs sync automatically when you return
                   </p>
                 </div>
                 <button
                   type="button"
-                  onClick={handleReAuth}
-                  disabled={reauthing()}
+                  onClick={handleGrantOrgs}
+                  disabled={merging()}
                   class="rounded-md border border-gray-300 bg-white px-3 py-1.5 text-sm font-medium text-gray-700 hover:bg-gray-50 disabled:cursor-not-allowed disabled:opacity-40 dark:border-gray-600 dark:bg-gray-700 dark:text-gray-300 dark:hover:bg-gray-600"
                 >
-                  Grant more orgs
+                  {merging() ? "Syncing..." : "Grant more orgs"}
                 </button>
               </div>
             </div>
diff --git a/src/app/lib/oauth.ts b/src/app/lib/oauth.ts
@@ -1,6 +1,5 @@
 export const OAUTH_STATE_KEY = "github-tracker:oauth-state";
 export const OAUTH_RETURN_TO_KEY = "github-tracker:oauth-return-to";
-export const MERGE_ORGS_KEY = "github-tracker:merge-orgs";
 
 export function generateOAuthState(): string {
   const stateBytes = crypto.getRandomValues(new Uint8Array(16));
@@ -36,3 +35,8 @@ export function buildAuthorizeUrl(options?: { returnTo?: string }): string {
   });
   return `https://github.com/login/oauth/authorize?${params.toString()}`;
 }
+
+export function buildOrgAccessUrl(): string {
+  const clientId = import.meta.env.VITE_GITHUB_CLIENT_ID as string;
+  return `https://github.com/settings/connections/applications/${clientId}`;
+}
diff --git a/tests/components/settings/SettingsPage.test.tsx b/tests/components/settings/SettingsPage.test.tsx
@@ -50,7 +50,7 @@ import * as authStore from "../../../src/app/stores/auth";
 import * as cacheStore from "../../../src/app/stores/cache";
 import * as apiModule from "../../../src/app/services/api";
 import { updateConfig, config } from "../../../src/app/stores/config";
-import { MERGE_ORGS_KEY, OAUTH_STATE_KEY } from "../../../src/app/lib/oauth";
+import { buildOrgAccessUrl } from "../../../src/app/lib/oauth";
 
 // ── Helpers ───────────────────────────────────────────────────────────────────
 
@@ -104,7 +104,6 @@ beforeEach(() => {
     selectedRepos: [],
   });
 
-  // Clear sessionStorage — re-auth tests set MERGE_ORGS_KEY and OAUTH_STATE_KEY
   sessionStorage.clear();
 
   // Mock window.location with both reload and href
@@ -521,126 +520,93 @@ describe("SettingsPage — Theme application", () => {
   });
 });
 
-describe("SettingsPage — Re-auth button", () => {
+describe("SettingsPage — Grant more orgs button", () => {
   it("renders 'Grant more orgs' button in Organizations & Repositories section", () => {
     renderSettings();
     screen.getByRole("button", { name: "Grant more orgs" });
   });
 
-  it("clicking 'Grant more orgs' sets MERGE_ORGS_KEY in sessionStorage", async () => {
+  it("clicking 'Grant more orgs' opens GitHub app settings in new tab", async () => {
     const user = userEvent.setup();
     vi.stubEnv("VITE_GITHUB_CLIENT_ID", "test-client-id");
+    const openSpy = vi.spyOn(window, "open").mockImplementation(() => null);
     renderSettings();
     const btn = screen.getByRole("button", { name: "Grant more orgs" });
     await user.click(btn);
-    expect(sessionStorage.getItem(MERGE_ORGS_KEY)).toBe("true");
+    expect(openSpy).toHaveBeenCalledWith(
+      buildOrgAccessUrl(),
+      "_blank",
+      "noopener",
+    );
     vi.unstubAllEnvs();
   });
 
-  it("clicking 'Grant more orgs' sets window.location.href to GitHub authorize URL", async () => {
+  it("clicking 'Grant more orgs' registers a focus listener for auto-merge", async () => {
     const user = userEvent.setup();
     vi.stubEnv("VITE_GITHUB_CLIENT_ID", "test-client-id");
+    vi.spyOn(window, "open").mockImplementation(() => null);
+    const addSpy = vi.spyOn(window, "addEventListener");
     renderSettings();
     const btn = screen.getByRole("button", { name: "Grant more orgs" });
     await user.click(btn);
-    expect(window.location.href).toContain("https://github.com/login/oauth/authorize");
+    expect(addSpy).toHaveBeenCalledWith("focus", expect.any(Function));
     vi.unstubAllEnvs();
   });
 
-  it("clicking 'Grant more orgs' also sets OAUTH_STATE_KEY in sessionStorage", async () => {
+  it("auto-merges new orgs when window regains focus after granting", async () => {
     const user = userEvent.setup();
     vi.stubEnv("VITE_GITHUB_CLIENT_ID", "test-client-id");
-    renderSettings();
-    const btn = screen.getByRole("button", { name: "Grant more orgs" });
-    await user.click(btn);
-    expect(sessionStorage.getItem(OAUTH_STATE_KEY)).toBeTruthy();
-    vi.unstubAllEnvs();
-  });
-
-  it("'Grant more orgs' button is disabled after click and re-enables after timeout", async () => {
-    vi.useFakeTimers();
-    const user = userEvent.setup({ advanceTimers: vi.advanceTimersByTime });
-    vi.stubEnv("VITE_GITHUB_CLIENT_ID", "test-client-id");
-    renderSettings();
-    const btn = screen.getByRole("button", { name: "Grant more orgs" });
-    await user.click(btn);
-    expect(btn.hasAttribute("disabled")).toBe(true);
-    vi.advanceTimersByTime(3000);
-    expect(btn.hasAttribute("disabled")).toBe(false);
-    vi.unstubAllEnvs();
-    vi.useRealTimers();
-  });
-});
-
-describe("SettingsPage — Auto-merge orgs on mount", () => {
-  it("calls fetchOrgs and merges new orgs when MERGE_ORGS_KEY is in sessionStorage", async () => {
-    sessionStorage.setItem(MERGE_ORGS_KEY, "true");
+    vi.spyOn(window, "open").mockImplementation(() => null);
     updateConfig({ selectedOrgs: ["existing-org"] });
     vi.mocked(apiModule.fetchOrgs).mockResolvedValue([
       { login: "existing-org", avatarUrl: "", type: "org" },
       { login: "new-org", avatarUrl: "", type: "org" },
     ]);
     renderSettings();
+    const btn = screen.getByRole("button", { name: "Grant more orgs" });
+    await user.click(btn);
+    // Simulate user returning from GitHub settings tab
+    window.dispatchEvent(new Event("focus"));
     await waitFor(() => {
       expect(apiModule.fetchOrgs).toHaveBeenCalled();
     });
     await waitFor(() => {
       expect(config.selectedOrgs).toContain("new-org");
-    });
-  });
-
-  it("preserves existing selectedOrgs when merging", async () => {
-    sessionStorage.setItem(MERGE_ORGS_KEY, "true");
-    updateConfig({ selectedOrgs: ["existing-org"] });
-    vi.mocked(apiModule.fetchOrgs).mockResolvedValue([
-      { login: "existing-org", avatarUrl: "", type: "org" },
-      { login: "new-org", avatarUrl: "", type: "org" },
-    ]);
-    renderSettings();
-    await waitFor(() => {
       expect(config.selectedOrgs).toContain("existing-org");
     });
+    vi.unstubAllEnvs();
   });
 
-  it("removes MERGE_ORGS_KEY from sessionStorage after processing", async () => {
-    sessionStorage.setItem(MERGE_ORGS_KEY, "true");
-    updateConfig({ selectedOrgs: [] });
-    vi.mocked(apiModule.fetchOrgs).mockResolvedValue([
-      { login: "new-org", avatarUrl: "", type: "org" },
-    ]);
-    renderSettings();
-    await waitFor(() => {
-      expect(sessionStorage.getItem(MERGE_ORGS_KEY)).toBeNull();
-    });
-  });
-
-  it("does not call fetchOrgs when MERGE_ORGS_KEY is not in sessionStorage", () => {
-    // No MERGE_ORGS_KEY set
-    renderSettings();
-    expect(apiModule.fetchOrgs).not.toHaveBeenCalled();
-  });
-
-  it("silently handles fetchOrgs rejection without breaking", async () => {
-    sessionStorage.setItem(MERGE_ORGS_KEY, "true");
+  it("silently handles fetchOrgs rejection on focus without breaking", async () => {
+    const user = userEvent.setup();
+    vi.stubEnv("VITE_GITHUB_CLIENT_ID", "test-client-id");
+    vi.spyOn(window, "open").mockImplementation(() => null);
     updateConfig({ selectedOrgs: ["existing-org"] });
     vi.mocked(apiModule.fetchOrgs).mockRejectedValue(new Error("Network error"));
     renderSettings();
+    const btn = screen.getByRole("button", { name: "Grant more orgs" });
+    await user.click(btn);
+    window.dispatchEvent(new Event("focus"));
     await waitFor(() => {
       expect(apiModule.fetchOrgs).toHaveBeenCalled();
     });
-    // Config unchanged — error was swallowed
     expect(config.selectedOrgs).toEqual(["existing-org"]);
+    vi.unstubAllEnvs();
   });
 
-  it("skips merge when getClient returns null", async () => {
-    sessionStorage.setItem(MERGE_ORGS_KEY, "true");
+  it("skips merge on focus when getClient returns null", async () => {
+    const user = userEvent.setup();
+    vi.stubEnv("VITE_GITHUB_CLIENT_ID", "test-client-id");
+    vi.spyOn(window, "open").mockImplementation(() => null);
     const github = await import("../../../src/app/services/github");
-    vi.mocked(github.getClient).mockReturnValueOnce(null);
+    vi.mocked(github.getClient).mockReturnValue(null);
     renderSettings();
-    // MERGE_ORGS_KEY still removed synchronously before mergeNewOrgs
-    await waitFor(() => {
-      expect(sessionStorage.getItem(MERGE_ORGS_KEY)).toBeNull();
-    });
+    const btn = screen.getByRole("button", { name: "Grant more orgs" });
+    await user.click(btn);
+    window.dispatchEvent(new Event("focus"));
+    // Give mergeNewOrgs time to bail out
+    await new Promise((r) => setTimeout(r, 50));
     expect(apiModule.fetchOrgs).not.toHaveBeenCalled();
+    vi.unstubAllEnvs();
   });
 });
diff --git a/tests/lib/oauth.test.ts b/tests/lib/oauth.test.ts
@@ -2,6 +2,7 @@ import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
 import {
   generateOAuthState,
   buildAuthorizeUrl,
+  buildOrgAccessUrl,
   sanitizeReturnTo,
   OAUTH_STATE_KEY,
   OAUTH_RETURN_TO_KEY,
@@ -97,6 +98,15 @@ describe("oauth helpers", () => {
     });
   });
 
+  describe("buildOrgAccessUrl", () => {
+    it("returns GitHub connections URL with client ID", () => {
+      const url = buildOrgAccessUrl();
+      expect(url).toBe(
+        "https://github.com/settings/connections/applications/test-client-id"
+      );
+    });
+  });
+
   describe("sanitizeReturnTo", () => {
     it("accepts internal paths", () => {
       expect(sanitizeReturnTo("/settings")).toBe("/settings");
