feat: account settings with Vuexy tab pattern and MFA banner fix

Restructures account/profile pages to match Vuexy's account-settings tab pattern (Account, Security, Notifications) and fixes the MFA enforcement banner that stayed visible after successful setup. Backend: - Add phone column to users table with migration - Add PUT /me/profile endpoint for profile updates - Create UpdateProfileRequest form request - Update MeResource to include phone field Organizer app: - Rewrite account-settings as tabbed page (VTabs pill style + VWindow) - Create AccountTab: avatar, profile form, email change, danger zone - Create SecurityTab: password change, MFA method cards, backup codes, trusted devices, disable MFA danger zone - Create NotificationsTab: placeholder with disabled toggles - Fix MFA banner: set authStore.mfaSetupRequired = false on setup complete - Update router guard to redirect to ?tab=security for MFA enforcement - Update UserProfile menu links to use tab query params Portal: - Restructure profiel.vue with VTabs (Mijn profiel + Beveiliging) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 22:18:16 +02:00
parent cd2c775692
commit 79b7fe0b42
22 changed files with 1860 additions and 1101 deletions
--- a/api/app/Http/Controllers/Api/V1/AccountController.php
+++ b/api/app/Http/Controllers/Api/V1/AccountController.php
@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Http\Controllers\Api\V1;

 use App\Http\Controllers\Controller;
+use App\Http\Requests\Api\V1\UpdateProfileRequest;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
@@ -13,6 +14,25 @@ use Illuminate\Validation\ValidationException;

 final class AccountController extends Controller
 {
+    /**
+     * PUT /api/v1/me/profile
+     * Authenticated user updates their profile.
+     */
+    public function updateProfile(UpdateProfileRequest $request): JsonResponse
+    {
+        $user = $request->user();
+
+        $user->update($request->validated());
+
+        activity()
+            ->causedBy($user)
+            ->performedOn($user)
+            ->log('user.profile.updated');
+
+        return $this->success(message: 'Je profiel is bijgewerkt.');
+    }
+
+
    /**
     * POST /api/v1/me/change-password
     * Authenticated user changes their own password.
--- a/api/app/Http/Requests/Api/V1/UpdateProfileRequest.php
+++ b/api/app/Http/Requests/Api/V1/UpdateProfileRequest.php
@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\Api\V1;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+final class UpdateProfileRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    public function rules(): array
+    {
+        return [
+            'first_name' => ['required', 'string', 'max:100'],
+            'last_name' => ['required', 'string', 'max:100'],
+            'phone' => ['nullable', 'string', 'max:20'],
+            'date_of_birth' => ['nullable', 'date', 'before:today'],
+            'timezone' => ['required', 'string', 'timezone:all'],
+            'locale' => ['required', 'string', 'in:nl,en'],
+        ];
+    }
+}
--- a/api/app/Http/Resources/Api/V1/MeResource.php
+++ b/api/app/Http/Resources/Api/V1/MeResource.php
@@ -20,6 +20,7 @@ final class MeResource extends JsonResource
            'full_name' => $this->full_name,
            'date_of_birth' => $this->date_of_birth?->toDateString(),
            'email' => $this->email,
+            'phone' => $this->phone,
            'timezone' => $this->timezone,
            'locale' => $this->locale,
            'avatar' => $this->avatar,
--- a/api/app/Models/User.php
+++ b/api/app/Models/User.php
@@ -28,6 +28,7 @@ final class User extends Authenticatable
        'last_name',
        'date_of_birth',
        'email',
+        'phone',
        'password',
        'timezone',
        'locale',