AppShell: clickable user menu with logout

mastermanas805 · mastermanas805 · commit 3a0fa2fb677e · 2026-05-13T00:08:09.000+05:30
The topbar avatar was a static <div> — `api.logout()` existed but no UI surface called it, leaving users unable to sign out from the dashboard. Replace the avatar with a UserMenu component: clicking the avatar opens a dropdown anchored bottom-right showing the user email, team + tier, an Account-settings link, and a Log-out button. Click- outside and Escape both close the dropdown. UserMenu only reads `me.user.email`, `me.team.name`, and `me.team.tier` so the just-landed `experiments` field on /auth/me (PR #40) is left untouched. Tests: - 6 new tests cover trigger render, open/close, click-outside, Escape, logout-then-navigate, and settings navigation. - npm test: 290 pass / 3 skipped (was 284 / 3) across 15 files. - npm run build: clean.
diff --git a/src/layout/AppShell.tsx b/src/layout/AppShell.tsx
@@ -4,6 +4,7 @@ import { useEffect, useState, type ReactNode } from 'react'
 import { addEnv, setEnv, useDashboardCtx, type DashboardCtx } from '../hooks/useDashboardCtx'
 import * as api from '../api'
 import type { TeamSummary } from '../api'
+import { UserMenu } from './UserMenu'
 
 type Scope = 'read' | 'write' | 'agent'
 
@@ -237,7 +238,7 @@ export function AppShell() {
               </div>
               <div className="topbar-tools">
                 <ScopePill scope={meta.scope} />
-                <div className="avatar" title={ctx.me?.user?.email ?? ''}>A</div>
+                <UserMenu />
               </div>
             </header>
 
diff --git a/src/layout/UserMenu.test.tsx b/src/layout/UserMenu.test.tsx
@@ -0,0 +1,168 @@
+/* UserMenu.test.tsx — coverage for the topbar avatar dropdown that lets
+ * users log out of the dashboard. Bug context: there used to be no UI
+ * surface that called api.logout() — the avatar was a static <div>. This
+ * suite locks the new behaviour:
+ *
+ *   1. Trigger renders the avatar with the email's first letter.
+ *   2. Clicking the trigger opens a dropdown (role="menu" visible).
+ *   3. Clicking outside the dropdown closes it.
+ *   4. Escape key closes the dropdown.
+ *   5. "Log out" calls api.logout() + navigates to /login.
+ *   6. "Account settings" navigates to /app/settings.
+ *
+ * Styling is intentionally not asserted — the layout tokens are expected
+ * to evolve and we don't want to burn tests on every visual tweak. We
+ * pin the behaviour with financial / auth consequences. */
+
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest'
+import { render, screen, fireEvent, cleanup, act } from '@testing-library/react'
+import { MemoryRouter, Routes, Route } from 'react-router-dom'
+
+// ─── Module-level mocks ──────────────────────────────────────────────────
+// Mock the api so logout() is a spy we can assert against (and so it never
+// touches localStorage during the test run).
+vi.mock('../api', async () => {
+  const actual = await vi.importActual<typeof import('../api')>('../api')
+  return {
+    ...actual,
+    logout: vi.fn().mockResolvedValue({ ok: true }),
+  }
+})
+
+// Stub useDashboardCtx so we control what the menu reads. We intentionally
+// only populate the fields the component reads — `experiments` and other
+// /auth/me extensions must NOT be required by the menu.
+const FIXTURE_ME = {
+  user: { id: 'u_test', email: 'aanya@acme.dev', tier: 'pro', team_id: 't_test', created_at: '' },
+  team: { id: 't_test', name: 'acme-corp', slug: 'acme-corp', owner_id: 'u_test', member_count: 1, tier: 'pro', created_at: '' },
+}
+
+vi.mock('../hooks/useDashboardCtx', () => ({
+  useDashboardCtx: () => ({
+    me: FIXTURE_ME,
+    meErr: null,
+    meLoading: false,
+    env: 'production',
+    envs: ['production'],
+    counts: { resources: 0, deployments: 0, vault: 0, team: 1 },
+    resources: [],
+    billing: null,
+    billingLoading: false,
+  }),
+}))
+
+import * as api from '../api'
+import { UserMenu } from './UserMenu'
+
+// ─── Helpers ─────────────────────────────────────────────────────────────
+
+// Render the menu inside a MemoryRouter with extra routes wired up so we
+// can observe navigation by what react-router actually paints. The "*"
+// catch-all route renders the current path as text — assertions read
+// the route-shadow div instead of mocking useNavigate.
+function renderMenu(initialPath = '/app') {
+  return render(
+    <MemoryRouter initialEntries={[initialPath]}>
+      <Routes>
+        <Route path="/app/*" element={<UserMenu />} />
+        <Route path="/login" element={<div data-testid="route-login">on-login</div>} />
+        <Route path="/app/settings" element={<div data-testid="route-settings">on-settings</div>} />
+      </Routes>
+    </MemoryRouter>,
+  )
+}
+
+beforeEach(() => {
+  ;(api.logout as unknown as ReturnType<typeof vi.fn>).mockClear()
+})
+afterEach(() => cleanup())
+
+// ─── Tests ───────────────────────────────────────────────────────────────
+
+describe('UserMenu — trigger', () => {
+  it('renders the avatar with the first letter of the email', () => {
+    renderMenu()
+    const trigger = screen.getByTestId('user-menu-trigger')
+    expect(trigger.textContent).toBe('A')
+    // Email is exposed for screen readers via the title attribute so
+    // users hovering over the avatar see whose account is signed in.
+    expect(trigger.getAttribute('title')).toBe('aanya@acme.dev')
+  })
+})
+
+describe('UserMenu — open / close', () => {
+  it('click trigger opens the dropdown', () => {
+    renderMenu()
+    expect(screen.queryByTestId('user-menu-dropdown')).toBeNull()
+
+    fireEvent.click(screen.getByTestId('user-menu-trigger'))
+
+    const dropdown = screen.getByTestId('user-menu-dropdown')
+    expect(dropdown).toBeTruthy()
+    expect(dropdown.getAttribute('role')).toBe('menu')
+    // The user's email + team identity must surface in the dropdown so
+    // they know which account they're about to log out of.
+    expect(screen.getByTestId('user-menu-email').textContent).toBe('aanya@acme.dev')
+    expect(screen.getByTestId('user-menu-team-name').textContent).toBe('acme-corp')
+    expect(screen.getByTestId('user-menu-tier-badge').textContent).toBe('pro')
+  })
+
+  it('click outside the dropdown closes it', () => {
+    render(
+      <MemoryRouter>
+        <div>
+          <button data-testid="outside">outside</button>
+          <Routes>
+            <Route path="/" element={<UserMenu />} />
+          </Routes>
+        </div>
+      </MemoryRouter>,
+    )
+
+    fireEvent.click(screen.getByTestId('user-menu-trigger'))
+    expect(screen.getByTestId('user-menu-dropdown')).toBeTruthy()
+
+    // mousedown on a node outside the wrapper must close — the click-
+    // outside listener is wired up on `mousedown` (not `click`) so it
+    // fires before any other handler can re-open.
+    fireEvent.mouseDown(screen.getByTestId('outside'))
+    expect(screen.queryByTestId('user-menu-dropdown')).toBeNull()
+  })
+
+  it('Escape key closes the dropdown', () => {
+    renderMenu()
+    fireEvent.click(screen.getByTestId('user-menu-trigger'))
+    expect(screen.getByTestId('user-menu-dropdown')).toBeTruthy()
+
+    fireEvent.keyDown(document, { key: 'Escape' })
+    expect(screen.queryByTestId('user-menu-dropdown')).toBeNull()
+  })
+})
+
+describe('UserMenu — actions', () => {
+  it('Log out calls api.logout() and navigates to /login', async () => {
+    renderMenu()
+    fireEvent.click(screen.getByTestId('user-menu-trigger'))
+
+    await act(async () => {
+      fireEvent.click(screen.getByTestId('user-menu-logout'))
+      // Flush microtasks so the awaited api.logout() promise + the
+      // navigate() that follows commit before assertions.
+      await Promise.resolve()
+    })
+
+    expect(api.logout).toHaveBeenCalledTimes(1)
+    // react-router actually unmounts the menu route and mounts the
+    // login route — proves navigation, not just a spy call.
+    expect(screen.getByTestId('route-login')).toBeTruthy()
+  })
+
+  it('Account settings navigates to /app/settings', () => {
+    renderMenu()
+    fireEvent.click(screen.getByTestId('user-menu-trigger'))
+
+    fireEvent.click(screen.getByTestId('user-menu-settings'))
+
+    expect(screen.getByTestId('route-settings')).toBeTruthy()
+  })
+})
diff --git a/src/layout/UserMenu.tsx b/src/layout/UserMenu.tsx
@@ -0,0 +1,197 @@
+// UserMenu — clickable avatar with dropdown for account actions.
+//
+// Why this exists: the dashboard had a static avatar div in the AppShell
+// topbar with no way to log out from the UI. `api.logout()` existed and
+// the /auth/logout endpoint was referenced in ContractsPage, but no UI
+// surface called it. Users were stuck unless they cleared localStorage
+// by hand. This component fixes that gap.
+//
+// Behaviour:
+//   - Trigger: circular avatar showing the first letter of the email.
+//   - Click toggles a dropdown anchored bottom-right of the trigger.
+//   - Dropdown shows email, team name + tier badge, then a divider,
+//     "Account settings" link, and a "Log out" button.
+//   - Click outside or pressing Escape closes the dropdown.
+//   - Logout calls api.logout() (which clears the token) then navigates
+//     to /login.
+//
+// We intentionally read only the fields we need from the dashboard ctx
+// (`me.user.email`, `me.team.name`, `me.team.tier`) so unrelated /auth/me
+// surface additions like the just-landed `experiments` field don't break
+// the menu.
+
+import { useEffect, useRef, useState } from 'react'
+import { Link, useNavigate } from 'react-router-dom'
+import * as api from '../api'
+import { useDashboardCtx } from '../hooks/useDashboardCtx'
+
+const SETTINGS_PATH = '/app/settings'
+const LOGIN_PATH = '/login'
+
+export function UserMenu() {
+  const ctx = useDashboardCtx()
+  const navigate = useNavigate()
+  const [open, setOpen] = useState(false)
+  const wrapRef = useRef<HTMLDivElement | null>(null)
+
+  const email = ctx.me?.user?.email ?? ''
+  const teamName = ctx.me?.team?.name ?? ctx.me?.team?.slug ?? 'workspace'
+  const tier = ctx.me?.team?.tier ?? '—'
+  const initial = (email[0] ?? 'A').toUpperCase()
+
+  // Click-outside + Escape close. Both listeners are attached only while
+  // the dropdown is open so we don't pay the cost when it isn't.
+  useEffect(() => {
+    if (!open) return
+    function onMouseDown(e: MouseEvent) {
+      const node = wrapRef.current
+      if (node && e.target instanceof Node && !node.contains(e.target)) {
+        setOpen(false)
+      }
+    }
+    function onKeyDown(e: KeyboardEvent) {
+      if (e.key === 'Escape') setOpen(false)
+    }
+    document.addEventListener('mousedown', onMouseDown)
+    document.addEventListener('keydown', onKeyDown)
+    return () => {
+      document.removeEventListener('mousedown', onMouseDown)
+      document.removeEventListener('keydown', onKeyDown)
+    }
+  }, [open])
+
+  async function handleLogout() {
+    // logout() is best-effort and never throws — see api/index.ts:222.
+    // Swallow defensively anyway so a hypothetical future change can't
+    // strand the user on a half-logged-out screen.
+    try {
+      await api.logout()
+    } catch {
+      /* swallow — token is cleared regardless */
+    }
+    setOpen(false)
+    navigate(LOGIN_PATH)
+  }
+
+  return (
+    <div ref={wrapRef} className="user-menu-wrap" data-testid="user-menu" style={{ position: 'relative' }}>
+      <button
+        type="button"
+        className="avatar"
+        title={email}
+        aria-haspopup="menu"
+        aria-expanded={open}
+        aria-label="Open user menu"
+        data-testid="user-menu-trigger"
+        onClick={() => setOpen((o) => !o)}
+        style={{ cursor: 'pointer', border: 0 }}
+      >
+        {initial}
+      </button>
+
+      {open && (
+        <div
+          role="menu"
+          data-testid="user-menu-dropdown"
+          className="user-menu-dropdown"
+          style={{
+            position: 'absolute',
+            top: 'calc(100% + 6px)',
+            right: 0,
+            minWidth: 220,
+            background: 'var(--elevated)',
+            border: '1px solid var(--border-hi)',
+            borderRadius: 'var(--radius-sm)',
+            boxShadow: '0 8px 24px rgba(0,0,0,0.4)',
+            zIndex: 50,
+            padding: 6,
+            fontSize: 13,
+          }}
+        >
+          <div
+            style={{
+              padding: '8px 10px 10px',
+              borderBottom: '1px solid var(--border)',
+              marginBottom: 6,
+            }}
+          >
+            <div
+              data-testid="user-menu-email"
+              style={{
+                color: 'var(--text-dim)',
+                fontFamily: 'var(--font-mono)',
+                fontSize: 11,
+                wordBreak: 'break-all',
+              }}
+            >
+              {email}
+            </div>
+            <div
+              style={{
+                marginTop: 4,
+                display: 'flex',
+                alignItems: 'center',
+                gap: 6,
+                color: 'var(--text)',
+              }}
+            >
+              <span data-testid="user-menu-team-name" style={{ fontWeight: 500 }}>
+                {teamName}
+              </span>
+              <span
+                data-testid="user-menu-tier-badge"
+                style={{
+                  fontFamily: 'var(--font-mono)',
+                  fontSize: 10,
+                  padding: '1px 6px',
+                  borderRadius: 3,
+                  background: 'var(--accent-soft)',
+                  color: 'var(--accent)',
+                  letterSpacing: '0.02em',
+                  textTransform: 'lowercase',
+                }}
+              >
+                {tier}
+              </span>
+            </div>
+          </div>
+
+          <Link
+            role="menuitem"
+            data-testid="user-menu-settings"
+            to={SETTINGS_PATH}
+            onClick={() => setOpen(false)}
+            style={{
+              display: 'block',
+              padding: '8px 10px',
+              borderRadius: 'var(--radius-xs)',
+              color: 'var(--text)',
+            }}
+          >
+            Account settings
+          </Link>
+
+          <button
+            type="button"
+            role="menuitem"
+            data-testid="user-menu-logout"
+            onClick={handleLogout}
+            style={{
+              display: 'block',
+              width: '100%',
+              textAlign: 'left',
+              padding: '8px 10px',
+              borderRadius: 'var(--radius-xs)',
+              color: 'var(--rose)',
+              fontFamily: 'inherit',
+              fontSize: 13,
+              cursor: 'pointer',
+            }}
+          >
+            Log out
+          </button>
+        </div>
+      )}
+    </div>
+  )
+}
