The ProfileController handles user profile management, including viewing, updating, and deleting user accounts.
Class Overview
namespace App\Http\Controllers;
use App\Http\Requests\ProfileUpdateRequest;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Redirect;
use Illuminate\View\View;
class ProfileController extends Controller
Routes
| Method | Route | Action | Middleware |
|---|
| GET | /profile | edit | auth, verified |
| PATCH | /profile | update | auth, verified |
| DELETE | /profile | destroy | auth, verified |
Methods
edit()
Display the user’s profile form.
public function edit(Request $request): View
The HTTP request instance
View - The profile edit view
Response Data:
The authenticated user object
Whether the user authenticated via OAuth (GitHub/Google)
public function edit(Request $request): View
{
$isSocialiteUser = Auth::user()->isSocialiteUser();
return view('profile.edit', [
'user' => $request->user(),
'isSocialiteUser' => $isSocialiteUser,
]);
}
OAuth users (GitHub/Google) have restricted profile editing capabilities - they cannot change their password since authentication is managed by the provider.
update()
Update the user’s profile information.
public function update(ProfileUpdateRequest $request): RedirectResponse
request
ProfileUpdateRequest
required
Validated profile update request
ProfileUpdateRequest):
name - string, max 255 charactersemail - string, email format, unique (excluding current user)
Returns: RedirectResponse - Redirects back to profile edit page
Response:
- Redirects to
profile.edit route
- Flash message:
status = "profile-updated"
Example Implementation:
public function update(ProfileUpdateRequest $request): RedirectResponse
{
$request->user()->fill($request->validated());
if ($request->user()->isDirty('email')) {
$request->user()->email_verified_at = null;
}
$request->user()->save();
return Redirect::route('profile.edit')->with('status', 'profile-updated');
}
Changing the email address resets email_verified_at to null, requiring the user to verify their new email address.
destroy()
Delete the user’s account.
public function destroy(Request $request): RedirectResponse
The HTTP request with password confirmation
Current password for confirmation (validated with current_password rule)
RedirectResponse - Redirects to home page
Actions Performed:
- Validates current password
- Logs out the user
- Deletes the user record (cascade deletes accounts, categories, transactions)
- Invalidates the session
- Regenerates CSRF token
- Redirects to
/
Example Implementation:
public function destroy(Request $request): RedirectResponse
{
$request->validateWithBag('userDeletion', [
'password' => ['required', 'current_password'],
]);
$user = $request->user();
Auth::logout();
$user->delete();
$request->session()->invalidate();
$request->session()->regenerateToken();
return Redirect::to('/');
}
Account deletion is permanent and will delete all associated data including accounts, transactions, categories, and net worth history.
Example Usage
Updating Profile
// PATCH /profile
// Request Body:
{
"name": "John Doe",
"email": "[email protected]"
}
// Response: Redirect to /profile with flash message
// Session: status => "profile-updated"
Deleting Account
// DELETE /profile
// Request Body:
{
"password": "current-password"
}
// Response: Redirect to / (home page)
// User logged out and account deleted