Add profile management (display name, email, password change, account deletion)
Full-stack profile section: DisplayName column on User model, profile CRUD endpoints on AuthController, and complete Settings > Profile tab UI with profile editing, password change, account info, and account deletion. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -43,4 +43,40 @@ public class AuthController : ControllerBase
|
||||
await _authService.RevokeRefreshTokenAsync(userId);
|
||||
return NoContent();
|
||||
}
|
||||
|
||||
[Authorize]
|
||||
[HttpGet("profile")]
|
||||
public async Task<ActionResult<UserProfileResponse>> GetProfile()
|
||||
{
|
||||
var userId = Guid.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier)!);
|
||||
var profile = await _authService.GetProfileAsync(userId);
|
||||
return Ok(profile);
|
||||
}
|
||||
|
||||
[Authorize]
|
||||
[HttpPut("profile")]
|
||||
public async Task<ActionResult<UserProfileResponse>> UpdateProfile(UpdateProfileRequest request)
|
||||
{
|
||||
var userId = Guid.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier)!);
|
||||
var profile = await _authService.UpdateProfileAsync(userId, request);
|
||||
return Ok(profile);
|
||||
}
|
||||
|
||||
[Authorize]
|
||||
[HttpPost("change-password")]
|
||||
public async Task<ActionResult> ChangePassword(ChangePasswordRequest request)
|
||||
{
|
||||
var userId = Guid.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier)!);
|
||||
await _authService.ChangePasswordAsync(userId, request);
|
||||
return NoContent();
|
||||
}
|
||||
|
||||
[Authorize]
|
||||
[HttpDelete("account")]
|
||||
public async Task<ActionResult> DeleteAccount()
|
||||
{
|
||||
var userId = Guid.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier)!);
|
||||
await _authService.DeleteAccountAsync(userId);
|
||||
return NoContent();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -82,6 +82,54 @@ public class AuthService : IAuthService
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<UserProfileResponse> GetProfileAsync(Guid userId)
|
||||
{
|
||||
var user = await _db.Users.FindAsync(userId)
|
||||
?? throw new KeyNotFoundException("User not found");
|
||||
|
||||
return new UserProfileResponse(user.Username, user.DisplayName, user.Email, user.CreatedAt, user.LastLoginAt);
|
||||
}
|
||||
|
||||
public async Task<UserProfileResponse> UpdateProfileAsync(Guid userId, UpdateProfileRequest request)
|
||||
{
|
||||
var user = await _db.Users.FindAsync(userId)
|
||||
?? throw new KeyNotFoundException("User not found");
|
||||
|
||||
if (request.DisplayName != null)
|
||||
user.DisplayName = request.DisplayName;
|
||||
|
||||
if (request.Email != null && request.Email != user.Email)
|
||||
{
|
||||
if (await _db.Users.AnyAsync(u => u.Email == request.Email && u.Id != userId))
|
||||
throw new InvalidOperationException("Email already in use");
|
||||
user.Email = request.Email;
|
||||
}
|
||||
|
||||
await _db.SaveChangesAsync();
|
||||
return new UserProfileResponse(user.Username, user.DisplayName, user.Email, user.CreatedAt, user.LastLoginAt);
|
||||
}
|
||||
|
||||
public async Task ChangePasswordAsync(Guid userId, ChangePasswordRequest request)
|
||||
{
|
||||
var user = await _db.Users.FindAsync(userId)
|
||||
?? throw new KeyNotFoundException("User not found");
|
||||
|
||||
if (!BCrypt.Net.BCrypt.Verify(request.CurrentPassword, user.PasswordHash))
|
||||
throw new InvalidOperationException("Current password is incorrect");
|
||||
|
||||
user.PasswordHash = BCrypt.Net.BCrypt.HashPassword(request.NewPassword);
|
||||
await _db.SaveChangesAsync();
|
||||
}
|
||||
|
||||
public async Task DeleteAccountAsync(Guid userId)
|
||||
{
|
||||
var user = await _db.Users.FindAsync(userId)
|
||||
?? throw new KeyNotFoundException("User not found");
|
||||
|
||||
_db.Users.Remove(user);
|
||||
await _db.SaveChangesAsync();
|
||||
}
|
||||
|
||||
private AuthResponse GenerateAuthResponse(User user)
|
||||
{
|
||||
var expiresAt = DateTime.UtcNow.AddHours(12);
|
||||
@@ -92,7 +140,7 @@ public class AuthService : IAuthService
|
||||
user.RefreshTokenExpiresAt = DateTime.UtcNow.AddDays(30);
|
||||
_db.SaveChanges();
|
||||
|
||||
return new AuthResponse(token, refreshToken, expiresAt, user.Username);
|
||||
return new AuthResponse(token, refreshToken, expiresAt, user.Username, user.DisplayName);
|
||||
}
|
||||
|
||||
private string GenerateJwtToken(User user, DateTime expiresAt)
|
||||
|
||||
Reference in New Issue
Block a user