User Profile Management

This section describes the functionalities available for authenticated users to manage their own personal profile information and account settings.

Key Functionalities

View User Profile

• Endpoint: /profile
• Description: Displays the authenticated user's profile editing form, pre-populated with their current account details.

Update User Profile

• Endpoint: PATCH /profile
• Description: Allows the authenticated user to update their personal profile information.
• Validation: Utilizes a ProfileUpdateRequest for robust data validation, ensuring the integrity and correctness of the submitted information.
• Email Re-verification: If the user changes their email address, the email_verified_at timestamp is automatically reset to null, requiring the user to re-verify their new email address for security purposes.
• Outcome: Upon successful update, the user is redirected back to the profile editing page with a success status.

Delete User Account

• Endpoint: DELETE /profile
• Description: Enables an authenticated user to permanently delete their own account from the system.
• Security Requirement: Requires the user to confirm their current_password to authorize the account deletion, preventing unauthorized or accidental removal.
• Process:
  1. The user is logged out.
  2. The user's account record is deleted from the database.
  3. The current session is invalidated, and a new session token is regenerated to ensure no lingering session data.
• Outcome: The user is redirected to the application's root URL.

Inferred Specifications

• User Self-Service: The system provides a dedicated interface for users to manage their own profile details, promoting self-sufficiency.
• Mandatory Email Re-verification: Any change to a user's email address necessitates a re-verification process, enhancing account security and ensuring the email remains valid and controlled by the user.
• Secure Account Deletion: Account deletion is a protected operation, requiring explicit password confirmation to safeguard against unintended data loss or malicious actions.
• Robust Session Management: The account deletion process includes proper session invalidation and token regeneration, ensuring that no stale session data persists after an account is removed.
• Data Integrity through Validation: The use of a dedicated ProfileUpdateRequest ensures that all submitted profile data adheres to predefined validation rules, maintaining data quality.
• No Explicit Audit Logging (in this controller): While other critical actions are logged, this controller does not explicitly use AuditLog for profile updates or deletions. It is assumed that such logging might occur at a lower level (e.g., model events) or is a deliberate design choice for self-service actions.