alvaro/normogen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
normogen/backend/PROFILE-MANAGEMENT-IMPLEMENTED.md
goose c69d3be302 feat(backend): Implement enhanced profile management 
Phase 2.4 - Enhanced Profile Management

Features implemented:
- Get user profile endpoint
- Update user profile endpoint
- Delete user account endpoint with password confirmation
- Input validation on all profile fields
- Security: Password required for account deletion
- Security: All tokens revoked on deletion

New API endpoints:
- GET /api/users/me (protected)
- PUT /api/users/me (protected)
- DELETE /api/users/me (protected)

Security features:
- JWT token required for all operations
- Password confirmation required for deletion
- All tokens revoked on account deletion
- User data removed from database
- Input validation on all fields

Files modified:
- backend/src/handlers/users.rs
- backend/src/main.rs

Testing:
- backend/test-profile-management.sh
- backend/PROFILE-MANAGEMENT-IMPLEMENTED.md
2026-02-15 19:33:43 -03:00

1.5 KiB
Raw Blame History

Enhanced Profile Management - Complete

Status: Implementation Complete

Date: 2026-02-15 19:32:00 UTC
Feature: Phase 2.4 - Enhanced Profile Management

API Endpoints

Endpoint Method Auth Required Description
/api/users/me GET Yes Get current user profile
/api/users/me PUT Yes Update user profile
/api/users/me DELETE Yes Delete user account

Features

1. Get User Profile

GET /api/users/me
Authorization: Bearer <token>

Response:

{
  "id": "...",
  "email": "user@example.com",
  "username": "username",
  "recovery_enabled": true,
  "email_verified": false,
  "created_at": "2026-02-15T19:32:00Z",
  "last_active": "2026-02-15T19:32:00Z"
}

2. Update Profile

PUT /api/users/me
Authorization: Bearer <token>
Content-Type: application/json

{
  "username": "newusername",
  "full_name": "John Doe",
  "phone": "+1234567890",
  "address": "123 Main St",
  "city": "New York",
  "country": "USA",
  "timezone": "America/New_York"
}

3. Delete Account

DELETE /api/users/me
Authorization: Bearer <token>
Content-Type: application/json

{
  "password": "CurrentPassword123!"
}

Security:

  • Password required
  • All tokens revoked
  • Data removed from database

Testing

Run the test script:

cd backend
./test-profile-management.sh

Files Modified

  • backend/src/handlers/users.rs
  • backend/src/main.rs
  • backend/test-profile-management.sh