feat(web): add Account Security section to settings page

Add new Account Security section with links to Clerk account management pages:
- Account Profile page for managing email and social logins
- Security Settings page for passkeys, passwords, and device management

Features:
- Uses Clerk's buildUserProfileUrl() with fallback URLs
- External link styling with icons and proper security attributes
- Consistent layout matching other settings sections
- Positioned before Danger Zone as requested
- Updated Download section to use consistent flex layout

Tests:
- Comprehensive test coverage for Account Security component
- Updated existing settings tests to include new section
- All 876 tests passing

Author: ervwalter

apps/web/src/components/settings/account-security-section.test.tsx

@@ -0,0 +1,145 @@
+import { describe, it, expect, vi } from "vitest";
+import { render, screen } from "@testing-library/react";
+import { useClerk } from "@clerk/clerk-react";
+import { AccountSecuritySection } from "./account-security-section";
+
+// Mock Clerk
+const mockBuildUserProfileUrl = vi.fn();
+vi.mock("@clerk/clerk-react", () => ({
+  useClerk: vi.fn(),
+}));
+
+// Mock UI components
+vi.mock("@/components/ui/button", () => ({
+  Button: ({ children, asChild, ...props }: any) => {
+    if (asChild) {
+      return (
+        <div data-testid="button-wrapper" {...props}>
+          {children}
+        </div>
+      );
+    }
+    return <button {...props}>{children}</button>;
+  },
+}));
+
+vi.mock("@/components/ui/card", () => ({
+  CardHeader: ({ children }: any) => <div data-testid="card-header">{children}</div>,
+  CardTitle: ({ children }: any) => <h2 data-testid="card-title">{children}</h2>,
+  CardContent: ({ children, className }: any) => (
+    <div data-testid="card-content" className={className}>
+      {children}
+    </div>
+  ),
+}));
+
+// Mock lucide-react icon
+vi.mock("lucide-react", () => ({
+  ExternalLink: ({ className }: any) => (
+    <span data-testid="external-link-icon" className={className}>
+      🔗
+    </span>
+  ),
+}));
+
+describe("AccountSecuritySection", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    vi.mocked(useClerk).mockReturnValue({
+      buildUserProfileUrl: mockBuildUserProfileUrl,
+    });
+  });
+
+  it("should render the section with title and description", () => {
+    mockBuildUserProfileUrl.mockReturnValue("https://test.clerk.accounts.dev/user");
+
+    render(<AccountSecuritySection />);
+
+    expect(screen.getByTestId("card-title")).toHaveTextContent("Account Security");
+    expect(screen.getByText(/TrendWeight uses Clerk to handle authentication/)).toBeInTheDocument();
+  });
+
+  it("should render both account links with Clerk URLs when available", () => {
+    const clerkProfileUrl = "https://test.clerk.accounts.dev/user";
+    mockBuildUserProfileUrl.mockReturnValue(clerkProfileUrl);
+
+    render(<AccountSecuritySection />);
+
+    // Check Account Profile link
+    const profileLink = screen.getByRole("link", { name: /Open Account Profile/ });
+    expect(profileLink).toHaveAttribute("href", clerkProfileUrl);
+    expect(profileLink).toHaveAttribute("target", "_blank");
+    expect(profileLink).toHaveAttribute("rel", "noopener noreferrer");
+
+    // Check Security Settings link
+    const securityLink = screen.getByRole("link", { name: /Open Security Settings/ });
+    expect(securityLink).toHaveAttribute("href", "https://test.clerk.accounts.dev/user/security");
+    expect(securityLink).toHaveAttribute("target", "_blank");
+    expect(securityLink).toHaveAttribute("rel", "noopener noreferrer");
+  });
+
+  it("should use fallback URLs when Clerk buildUserProfileUrl is not available", () => {
+    // Mock useClerk to return an object without buildUserProfileUrl
+    vi.mocked(useClerk).mockReturnValue({});
+
+    render(<AccountSecuritySection />);
+
+    // Check Account Profile link uses fallback
+    const profileLink = screen.getByRole("link", { name: /Open Account Profile/ });
+    expect(profileLink).toHaveAttribute("href", "https://accounts.trendweight.com/user");
+
+    // Check Security Settings link uses fallback
+    const securityLink = screen.getByRole("link", { name: /Open Security Settings/ });
+    expect(securityLink).toHaveAttribute("href", "https://accounts.trendweight.com/user/security");
+  });
+
+  it("should use fallback URLs when Clerk is not available", () => {
+    // Mock useClerk to return null
+    vi.mocked(useClerk).mockReturnValue(null);
+
+    render(<AccountSecuritySection />);
+
+    // Check Account Profile link uses fallback
+    const profileLink = screen.getByRole("link", { name: /Open Account Profile/ });
+    expect(profileLink).toHaveAttribute("href", "https://accounts.trendweight.com/user");
+
+    // Check Security Settings link uses fallback
+    const securityLink = screen.getByRole("link", { name: /Open Security Settings/ });
+    expect(securityLink).toHaveAttribute("href", "https://accounts.trendweight.com/user/security");
+  });
+
+  it("should render external link icons", () => {
+    mockBuildUserProfileUrl.mockReturnValue("https://test.clerk.accounts.dev/user");
+
+    render(<AccountSecuritySection />);
+
+    const icons = screen.getAllByTestId("external-link-icon");
+    expect(icons).toHaveLength(2);
+
+    // Check that icons have the correct styling
+    icons.forEach((icon) => {
+      expect(icon).toHaveClass("ml-1", "h-3", "w-3");
+    });
+  });
+
+  it("should render descriptive text for both sections", () => {
+    mockBuildUserProfileUrl.mockReturnValue("https://test.clerk.accounts.dev/user");
+
+    render(<AccountSecuritySection />);
+
+    // Check Account Profile description
+    expect(screen.getByText(/You can use the profile page to update your email address/)).toBeInTheDocument();
+
+    // Check Security Settings description
+    expect(screen.getByText(/On the security page you can add passkeys/)).toBeInTheDocument();
+  });
+
+  it("should call Clerk buildUserProfileUrl method when available", () => {
+    mockBuildUserProfileUrl.mockReturnValue("https://test.clerk.accounts.dev/user");
+
+    render(<AccountSecuritySection />);
+
+    // The component calls buildUserProfileUrl during render to get the profile URL
+    expect(mockBuildUserProfileUrl).toHaveBeenCalledTimes(1);
+  });
+});

apps/web/src/components/settings/account-security-section.tsx

@@ -0,0 +1,57 @@
+import { ExternalLink as ExternalLinkIcon } from "lucide-react";
+import { useClerk } from "@clerk/clerk-react";
+import { Button } from "@/components/ui/button";
+import { CardContent, CardHeader, CardTitle } from "@/components/ui/card";
+
+export function AccountSecuritySection() {
+  const clerk = useClerk();
+
+  // Use Clerk's built-in method if available, otherwise fallback
+  const profileUrl = clerk?.buildUserProfileUrl?.() || "https://accounts.trendweight.com/user";
+  const securityUrl = profileUrl.replace("/user", "/user/security");
+
+  return (
+    <>
+      <CardHeader>
+        <CardTitle>Account Security</CardTitle>
+      </CardHeader>
+      <CardContent className="space-y-4">
+        <p className="text-muted-foreground text-sm">
+          TrendWeight uses Clerk to handle authentication and account security. The links below will open pages in a new tab where you can manage your account
+          details and security settings.
+        </p>
+        <div className="border-border flex items-center justify-between space-x-4 rounded-lg border p-4">
+          <div className="flex-1 pr-4">
+            <h4 className="text-foreground font-medium">Account Profile</h4>
+            <p className="text-muted-foreground text-sm">
+              You can use the profile page to update your email address, add or remove social login methods (Google, Microsoft, Apple), and manage your basic
+              account information.
+            </p>
+          </div>
+          <Button asChild variant="default" size="sm">
+            <a href={profileUrl} target="_blank" rel="noopener noreferrer">
+              Open Account Profile
+              <ExternalLinkIcon className="ml-1 h-3 w-3" />
+            </a>
+          </Button>
+        </div>
+
+        <div className="border-border flex items-center justify-between space-x-4 rounded-lg border p-4">
+          <div className="flex-1 pr-4">
+            <h4 className="text-foreground font-medium">Security Settings</h4>
+            <p className="text-muted-foreground text-sm">
+              On the security page you can add passkeys for secure login, change your password (or add one if you signed up with social login), and manage your
+              logged-in devices.
+            </p>
+          </div>
+          <Button asChild variant="default" size="sm">
+            <a href={securityUrl} target="_blank" rel="noopener noreferrer">
+              Open Security Settings
+              <ExternalLinkIcon className="ml-1 h-3 w-3" />
+            </a>
+          </Button>
+        </div>
+      </CardContent>
+    </>
+  );
+}

apps/web/src/components/settings/download-section.tsx

@@ -1,7 +1,7 @@
-import { Link } from "@tanstack/react-router";
-import { useProviderLinks } from "@/lib/api/queries";
 import { Button } from "@/components/ui/button";
-import { Card, CardContent, CardHeader, CardTitle, CardDescription } from "@/components/ui/card";
+import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
+import { useProviderLinks } from "@/lib/api/queries";
+import { Link } from "@tanstack/react-router";
 
 export function DownloadSection() {
   const { data: providerLinks } = useProviderLinks();
@@ -16,12 +16,12 @@ export function DownloadSection() {
     <Card className="mb-6">
       <CardHeader>
         <CardTitle>Download</CardTitle>
-        <CardDescription>
+      </CardHeader>
+      <CardContent className="flex items-center justify-between space-x-4">
+        <p className="text-muted-foreground flex-1 pr-4 text-sm">
           You can view and download all your historical scale readings from your connected providers. Export your data as a CSV file for backup or analysis in
           other applications.
-        </CardDescription>
-      </CardHeader>
-      <CardContent>
+        </p>
         <Button asChild variant="default" size="sm">
           <Link to="/download">View / Download Your Data</Link>
         </Button>

apps/web/src/components/settings/settings.test.tsx

@@ -47,6 +47,10 @@ vi.mock("@/components/ui/button", () => ({
 }));
 
 // Mock section components
+vi.mock("./account-security-section", () => ({
+  AccountSecuritySection: () => <div data-testid="account-security">Account Security</div>,
+}));
+
 vi.mock("./advanced-section", () => ({
   AdvancedSection: ({ register }: any) => (
     <div data-testid="advanced-section">
@@ -128,6 +132,7 @@ describe("Settings", () => {
     expect(screen.getByTestId("sharing-section")).toBeInTheDocument();
     expect(screen.getByTestId("connected-accounts")).toBeInTheDocument();
     expect(screen.getByTestId("download-section")).toBeInTheDocument();
+    expect(screen.getByTestId("account-security")).toBeInTheDocument();
     expect(screen.getByTestId("danger-zone")).toBeInTheDocument();
   });
 

apps/web/src/components/settings/settings.tsx

@@ -7,6 +7,7 @@ import { useNavigationGuard } from "@/lib/hooks/use-navigation-guard";
 import { NewVersionNotice } from "@/components/notices/new-version-notice";
 import { Button } from "@/components/ui/button";
 import { Card } from "@/components/ui/card";
+import { AccountSecuritySection } from "./account-security-section";
 import { AdvancedSection } from "./advanced-section";
 import { ConnectedAccountsSection } from "./connected-accounts-section";
 import { DangerZoneSection } from "./danger-zone-section";
@@ -140,6 +141,11 @@ export function Settings() {
       {/* Download Card */}
       <DownloadSection />
 
+      {/* Account Security Card */}
+      <Card className="mb-6">
+        <AccountSecuritySection />
+      </Card>
+
       {/* Danger Zone Card */}
       <Card className="border-destructive">
         <DangerZoneSection />