feat(auth): PATCH /api/auth/me profile update endpoint (closes J6)
Audit J6: ProfileTab needs a full-profile update endpoint. Adds AuthController::updateProfile (first_name/last_name/phone/timezone), routed in the existing /api/auth auth:sanctum group; mirrors the sibling updateNotificationPreferences. userResource() now also returns phone + timezone so the GET /me round-trip carries them. phpstan-baseline.neon updated for Pest PendingCalls false positives in the new test file (same pattern as all other Feature test files). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -228,6 +228,31 @@ class AuthController extends Controller
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* PATCH /api/auth/me — обновление профиля текущего пользователя
|
||||
* (имя, фамилия, телефон, тайм-зона). Email менять нельзя (через support).
|
||||
*
|
||||
* Audit J6/D1 (ProfileTab). Зеркалит updateNotificationPreferences:
|
||||
* та же группа auth:sanctum, тот же inline-validate, тот же userResource.
|
||||
*/
|
||||
public function updateProfile(Request $request): JsonResponse
|
||||
{
|
||||
$validated = $request->validate([
|
||||
'first_name' => ['required', 'string', 'max:255'],
|
||||
'last_name' => ['required', 'string', 'max:255'],
|
||||
'phone' => ['nullable', 'string', 'max:20'],
|
||||
'timezone' => ['required', 'timezone'],
|
||||
]);
|
||||
|
||||
/** @var User $user */
|
||||
$user = $request->user();
|
||||
$user->update($validated);
|
||||
|
||||
return response()->json([
|
||||
'user' => $this->userResource($user->fresh()),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Ключ throttle для login: email|ip — защищает email от брутфорса даже
|
||||
* за NAT'ом, и IP от перебора емейлов с одного источника.
|
||||
@@ -333,6 +358,8 @@ class AuthController extends Controller
|
||||
'email' => $user->email,
|
||||
'first_name' => $user->first_name,
|
||||
'last_name' => $user->last_name,
|
||||
'phone' => $user->phone,
|
||||
'timezone' => $user->timezone,
|
||||
'tenant_id' => $user->tenant_id,
|
||||
'totp_enabled' => $user->totp_enabled,
|
||||
'last_login_at' => $user->last_login_at,
|
||||
|
||||
Reference in New Issue
Block a user