Move RSS and incoming email tokens from User Settings > Accounts to User Settings > Access Tokens

app/controllers/profiles_controller.rb

@@ -31,7 +31,7 @@ class ProfilesController < Profiles::ApplicationController
 
     flash[:notice] = "Incoming email token was successfully reset"
 
-    redirect_to profile_account_path
+    redirect_to profile_personal_access_tokens_path
   end
 
   def reset_rss_token
@@ -41,7 +41,7 @@ class ProfilesController < Profiles::ApplicationController
 
     flash[:notice] = "RSS token was successfully reset"
 
-    redirect_to profile_account_path
+    redirect_to profile_personal_access_tokens_path
   end
 
   def audit_log

app/views/profiles/accounts/_reset_token.html.haml

-- name = label.parameterize
-- attribute = name.underscore
-
-.reset-action
-  %p.cgray
-    = label_tag name, label, class: "label-light"
-    = text_field_tag name, current_user.send(attribute), class: 'form-control', readonly: true, onclick: 'this.select()'
-    %p.help-block
-      = help_text
-  .prepend-top-default
-    = link_to button_label, [:reset, attribute, :profile], method: :put, data: { confirm: 'Are you sure?' }, class: 'btn btn-default private-token'

app/views/profiles/accounts/show.html.haml

@@ -6,21 +6,6 @@
   .alert.alert-info
     Some options are unavailable for LDAP accounts
 
-.row.prepend-top-default
-  .col-lg-4.profile-settings-sidebar
-    %h4.prepend-top-0
-      - number_of_tokens = incoming_email_token_enabled? ? 2 : 1
-      = "Private Token".pluralize(number_of_tokens)
-    %p
-      Keep your private tokens secret. Anyone with access to them can interact with some part of
-      GitLab as if they were you.
-  .col-lg-8.private-tokens-reset
-    = render partial: 'reset_token', locals: { label: 'RSS token', button_label: 'Reset RSS token', help_text: 'Your RSS token is used to access your personalized RSS feeds without username/password authentication. It cannot be used to access any other data.' }
-
-    - if incoming_email_token_enabled?
-      = render partial: 'reset_token', locals: { label: 'Incoming email token', button_label: 'Reset incoming email token', help_text: 'Your incoming email token is used to authenticate you when creating new issues by email, and is included in your project-specific email addresses. It cannot be used to access any other data.' }
-
-%hr
 .row.prepend-top-default
   .col-lg-4.profile-settings-sidebar
     %h4.prepend-top-0

app/views/profiles/personal_access_tokens/index.html.haml

@@ -30,3 +30,40 @@
     = render "shared/personal_access_tokens_form", path: profile_personal_access_tokens_path, impersonation: false, token: @personal_access_token, scopes: @scopes
 
     = render "shared/personal_access_tokens_table", impersonation: false, active_tokens: @active_personal_access_tokens, inactive_tokens: @inactive_personal_access_tokens
+
+%hr
+.row.prepend-top-default
+  .col-lg-4.profile-settings-sidebar
+    %h4.prepend-top-0
+      RSS token
+    %p
+      Your RSS token is used to authenticate you when your RSS reader loads a personalized RSS feed, and is included in your personal RSS feed URLs.
+    %p
+      It cannot be used to access any other data.
+  .col-lg-8.rss-token-reset
+    = label_tag :rss_token, 'RSS token', class: "label-light"
+    = text_field_tag :rss_token, current_user.rss_token, class: 'form-control', readonly: true, onclick: 'this.select()'
+    %p.help-block
+      Keep this token secret. Anyone who gets ahold of it can read activity and issue RSS feeds as if they were you.
+      You should
+      = link_to 'reset it', [:reset, :rss_token, :profile], method: :put, data: { confirm: 'Are you sure? Any RSS URLs currently in use will stop working.' }
+      if that ever happens.
+
+- if incoming_email_token_enabled?
+  %hr
+  .row.prepend-top-default
+    .col-lg-4.profile-settings-sidebar
+      %h4.prepend-top-0
+        Incoming email token
+      %p
+        Your incoming email token is used to authenticate you when you create a new issue by email, and is included in your personal project-specific email addresses.
+      %p
+        It cannot be used to access any other data.
+    .col-lg-8.incoming-email-token-reset
+      = label_tag :incoming_email_token, 'Incoming email token', class: "label-light"
+      = text_field_tag :incoming_email_token, current_user.incoming_email_token, class: 'form-control', readonly: true, onclick: 'this.select()'
+      %p.help-block
+        Keep this token secret. Anyone who gets ahold of it can create issues as if they were you.
+        You should
+        = link_to 'reset it', [:reset, :incoming_email_token, :profile], method: :put, data: { confirm: 'Are you sure? Any issue email addresses currently in use will stop working.' }
+        if that ever happens.

spec/features/profile_spec.rb

 require 'spec_helper'
 
-describe 'Profile account page' do
+describe 'Profile account page', :js do
   let(:user) { create(:user) }
 
   before do
@@ -58,31 +58,36 @@ describe 'Profile account page' do
 
   describe 'when I reset RSS token' do
     before do
-      visit profile_account_path
+      visit profile_personal_access_tokens_path
     end
 
     it 'resets RSS token' do
-      previous_token = find("#rss-token").value
+      within('.rss-token-reset') do
+        previous_token = find("#rss_token").value
+
+        click_link('reset it')
 
-      click_link('Reset RSS token')
+        expect(find('#rss_token').value).not_to eq(previous_token)
+      end
 
       expect(page).to have_content 'RSS token was successfully reset'
-      expect(find('#rss-token').value).not_to eq(previous_token)
     end
   end
 
   describe 'when I reset incoming email token' do
     before do
       allow(Gitlab.config.incoming_email).to receive(:enabled).and_return(true)
-      visit profile_account_path
+      visit profile_personal_access_tokens_path
     end
 
     it 'resets incoming email token' do
-      previous_token = find('#incoming-email-token').value
+      within('.incoming-email-token-reset') do
+        previous_token = find('#incoming_email_token').value
 
-      click_link('Reset incoming email token')
+        click_link('reset it')
 
-      expect(find('#incoming-email-token').value).not_to eq(previous_token)
+        expect(find('#incoming_email_token').value).not_to eq(previous_token)
+      end
     end
   end