UpdateProfile handles PUT /auth/profile (update own profile: username, email, first_name, last_name).
(w http.ResponseWriter, r *http.Request)
| 879 | |
| 880 | // UpdateProfile handles PUT /auth/profile (update own profile: username, email, first_name, last_name). |
| 881 | func (h *AuthHandler) UpdateProfile(w http.ResponseWriter, r *http.Request) { |
| 882 | userID, _ := r.Context().Value(middleware.UserIDKey).(string) |
| 883 | if userID == "" { |
| 884 | Error(w, http.StatusUnauthorized, "Unauthorized") |
| 885 | return |
| 886 | } |
| 887 | user, err := h.users.GetByID(r.Context(), userID) |
| 888 | if err != nil || user == nil { |
| 889 | Error(w, http.StatusNotFound, "User not found") |
| 890 | return |
| 891 | } |
| 892 | // OIDC users cannot modify profile fields managed by IdP |
| 893 | if user.OidcSub != nil || user.OidcProvider != nil { |
| 894 | Error(w, http.StatusForbidden, "Profile information is managed by your OIDC provider and cannot be modified here") |
| 895 | return |
| 896 | } |
| 897 | var req map[string]interface{} |
| 898 | if err := decodeJSON(r, &req); err != nil { |
| 899 | Error(w, http.StatusBadRequest, "Invalid request body") |
| 900 | return |
| 901 | } |
| 902 | extractStr := func(keys ...string) *string { |
| 903 | for _, k := range keys { |
| 904 | if v, ok := req[k]; ok && v != nil { |
| 905 | if s, ok := v.(string); ok { |
| 906 | t := strings.TrimSpace(s) |
| 907 | return &t |
| 908 | } |
| 909 | } |
| 910 | } |
| 911 | return nil |
| 912 | } |
| 913 | // For first_name/last_name: key present with empty string means clear |
| 914 | extractName := func(keys ...string) *string { |
| 915 | for _, k := range keys { |
| 916 | if _, has := req[k]; has { |
| 917 | if v, ok := req[k].(string); ok { |
| 918 | t := strings.TrimSpace(v) |
| 919 | if t == "" { |
| 920 | return nil // explicit clear |
| 921 | } |
| 922 | return &t |
| 923 | } |
| 924 | return nil // null |
| 925 | } |
| 926 | } |
| 927 | return nil |
| 928 | } |
| 929 | username := extractStr("username") |
| 930 | email := extractStr("email") |
| 931 | firstName := extractName("first_name", "firstName") |
| 932 | lastName := extractName("last_name", "lastName") |
| 933 | u := *user |
| 934 | if username != nil { |
| 935 | if len(*username) < 3 { |
| 936 | Error(w, http.StatusBadRequest, "Username must be at least 3 characters") |
| 937 | return |
| 938 | } |
nothing calls this directly
no test coverage detected