bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ac36dfe9b7af2908aab3e2d4a8df3d229fe1a472
crewli/api/app/Http/Controllers/Api/V1/AccountController.php
bert.hausmans 79b7fe0b42 feat: account settings with Vuexy tab pattern and MFA banner fix 
Restructures account/profile pages to match Vuexy's account-settings
tab pattern (Account, Security, Notifications) and fixes the MFA
enforcement banner that stayed visible after successful setup.

Backend:
- Add phone column to users table with migration
- Add PUT /me/profile endpoint for profile updates
- Create UpdateProfileRequest form request
- Update MeResource to include phone field

Organizer app:
- Rewrite account-settings as tabbed page (VTabs pill style + VWindow)
- Create AccountTab: avatar, profile form, email change, danger zone
- Create SecurityTab: password change, MFA method cards, backup codes,
  trusted devices, disable MFA danger zone
- Create NotificationsTab: placeholder with disabled toggles
- Fix MFA banner: set authStore.mfaSetupRequired = false on setup complete
- Update router guard to redirect to ?tab=security for MFA enforcement
- Update UserProfile menu links to use tab query params

Portal:
- Restructure profiel.vue with VTabs (Mijn profiel + Beveiliging)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 22:18:16 +02:00

76 lines
2.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\UpdateProfileRequest;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rules\Password;
use Illuminate\Validation\ValidationException;
final class AccountController extends Controller
{
/**
* PUT /api/v1/me/profile
* Authenticated user updates their profile.
*/
public function updateProfile(UpdateProfileRequest $request): JsonResponse
{
$user = $request->user();
$user->update($request->validated());
activity()
->causedBy($user)
->performedOn($user)
->log('user.profile.updated');
return $this->success(message: 'Je profiel is bijgewerkt.');
}
/**
* POST /api/v1/me/change-password
* Authenticated user changes their own password.
*/
public function changePassword(Request $request): JsonResponse
{
$validated = $request->validate([
'current_password' => ['required'],
'password' => ['required', 'confirmed', Password::min(8)->mixedCase()->numbers()],
]);
$user = $request->user();
if (! Hash::check($validated['current_password'], $user->password)) {
throw ValidationException::withMessages([
'current_password' => ['Het huidige wachtwoord is onjuist.'],
]);
}
$user->update([
'password' => Hash::make($validated['password']),
]);
// Revoke all OTHER tokens (keep current session)
$currentToken = $user->currentAccessToken();
if ($currentToken instanceof \Laravel\Sanctum\PersonalAccessToken) {
$user->tokens()->where('id', '!=', $currentToken->id)->delete();
} else {
// TransientToken (test) or no token — revoke all
$user->tokens()->delete();
}
activity()
->causedBy($user)
->performedOn($user)
->log('user.password_changed');
return $this->success(message: 'Je wachtwoord is succesvol gewijzigd.');
}
}
Reference in New Issue View Git Blame Copy Permalink