feat: add updateProfile, updatePassword, deleteAccount API endpoints

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-11 13:02:23 +01:00
parent 94d695d637
commit e90078d39e
3 changed files with 195 additions and 0 deletions
--- a/app/Http/Controllers/Api/UserController.php
+++ b/app/Http/Controllers/Api/UserController.php
@@ -3,10 +3,14 @@
 namespace App\Http\Controllers\Api;

 use App\Http\Controllers\Controller;
+use App\Models\User;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Hash;
 use Illuminate\Validation\Rule;
+use Illuminate\Validation\Rules\Password;
+use Illuminate\Validation\ValidationException;

 final class UserController extends Controller
 {
@@ -59,4 +63,58 @@ final class UserController extends Controller

        return response()->noContent();
    }
+
+    public function updateProfile(Request $request): JsonResponse
+    {
+        $validated = $request->validate([
+            'name' => ['required', 'string', 'max:255'],
+            'email' => ['required', 'string', 'email', 'max:255', Rule::unique(User::class)->ignore($request->user()->id)],
+        ]);
+
+        $user = $request->user();
+        $user->fill($validated);
+
+        if ($user->isDirty('email')) {
+            $user->email_verified_at = null;
+        }
+
+        $user->save();
+
+        return response()->json($user->fresh());
+    }
+
+    public function updatePassword(Request $request): JsonResponse
+    {
+        $request->validate([
+            'current_password' => ['required', 'string'],
+            'password' => ['required', 'string', Password::defaults(), 'confirmed'],
+        ]);
+
+        if (! Hash::check($request->string('current_password'), $request->user()->password)) {
+            throw ValidationException::withMessages([
+                'current_password' => [__('The provided password does not match your current password.')],
+            ]);
+        }
+
+        $request->user()->update(['password' => $request->string('password')]);
+
+        return response()->json(['message' => 'Password updated.']);
+    }
+
+    public function deleteAccount(Request $request): Response
+    {
+        $request->validate(['password' => ['required', 'string']]);
+
+        if (! Hash::check($request->string('password'), $request->user()->password)) {
+            throw ValidationException::withMessages([
+                'password' => [__('The provided password does not match your current password.')],
+            ]);
+        }
+
+        $user = $request->user();
+        $user->tokens()->delete();
+        $user->delete();
+
+        return response()->noContent();
+    }
 }