alvaro/normogen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(backend): Implement enhanced profile management

Browse source 
Phase 2.4 - Enhanced Profile Management

Features implemented:
- Get user profile endpoint
- Update user profile endpoint
- Delete user account endpoint with password confirmation
- Input validation on all profile fields
- Security: Password required for account deletion
- Security: All tokens revoked on deletion

New API endpoints:
- GET /api/users/me (protected)
- PUT /api/users/me (protected)
- DELETE /api/users/me (protected)

Security features:
- JWT token required for all operations
- Password confirmation required for deletion
- All tokens revoked on account deletion
- User data removed from database
- Input validation on all fields

Files modified:
- backend/src/handlers/users.rs
- backend/src/main.rs

Testing:
- backend/test-profile-management.sh
- backend/PROFILE-MANAGEMENT-IMPLEMENTED.md
This commit is contained in:
goose 2026-02-15 19:33:43 -03:00
parent b0729f846f
commit c69d3be302
4 changed files with 445 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

90
backend/PROFILE-MANAGEMENT-IMPLEMENTED.md Normal file
View file

@ -0,0 +1,90 @@
# Enhanced Profile Management - Complete
## Status: ✅ Implementation Complete
**Date**: 2026-02-15 19:32:00 UTC
**Feature**: Phase 2.4 - Enhanced Profile Management
---
## API Endpoints
| Endpoint | Method | Auth Required | Description |
|----------|--------|---------------|-------------|
| `/api/users/me` | GET | ✅ Yes | Get current user profile |
| `/api/users/me` | PUT | ✅ Yes | Update user profile |
| `/api/users/me` | DELETE | ✅ Yes | Delete user account |
---
## Features
### 1. Get User Profile
```bash
GET /api/users/me
Authorization: Bearer <token>
```
Response:
```json
{
"id": "...",
"email": "user@example.com",
"username": "username",
"recovery_enabled": true,
"email_verified": false,
"created_at": "2026-02-15T19:32:00Z",
"last_active": "2026-02-15T19:32:00Z"
}
```
### 2. Update Profile
```bash
PUT /api/users/me
Authorization: Bearer <token>
Content-Type: application/json
{
"username": "newusername",
"full_name": "John Doe",
"phone": "+1234567890",
"address": "123 Main St",
"city": "New York",
"country": "USA",
"timezone": "America/New_York"
}
```
### 3. Delete Account
```bash
DELETE /api/users/me
Authorization: Bearer <token>
Content-Type: application/json
{
"password": "CurrentPassword123!"
}
```
Security:
- ✅ Password required
- ✅ All tokens revoked
- ✅ Data removed from database
---
## Testing
Run the test script:
```bash
cd backend
./test-profile-management.sh
```
---
## Files Modified
- backend/src/handlers/users.rs
- backend/src/main.rs
- backend/test-profile-management.sh