Skip to content

feat: Add actionable account controls to Settings page#1964

Open
fennhelloworld wants to merge 2 commits into
SecureBananaLabs:mainfrom
fennhelloworld:fix/settings-account-controls-1810
Open

feat: Add actionable account controls to Settings page#1964
fennhelloworld wants to merge 2 commits into
SecureBananaLabs:mainfrom
fennhelloworld:fix/settings-account-controls-1810

Conversation

@fennhelloworld
Copy link
Copy Markdown

@fennhelloworld fennhelloworld commented May 30, 2026

Summary

Closes #1810 — Settings page should provide actionable account controls.

Problem

The Settings page was a placeholder with only a heading and a sentence. No actual controls were available for users to manage their account.

Changes

Frontend (apps/web)

  • Rewrote apps/web/app/settings/page.tsx as a full client component with three sections:
    1. Update Profile — edit full name, email, and bio
    2. Change Password — current password + new password + confirm, with match validation
    3. Delete Account — destructive action behind a confirmation dialog requiring password re-entry
  • Added "Settings" link to Navigation.tsx
  • Styled consistently with the existing dark theme (card borders, input fields, action buttons)

Backend (apps/api)

  • PUT /api/settings/password — change password (auth-protected)
  • PUT /api/settings/profile — update profile fields (auth-protected)
  • DELETE /api/settings/account — delete account with password confirmation (auth-protected)
  • New files: settingsController.js, settingsService.js, settingsRoutes.js, validators/settings.js
  • Zod validation on all payloads; authMiddleware enforced on all routes
  • Wired into app.js under /api/settings

Security Considerations

  • All settings endpoints require a valid JWT (authMiddleware)
  • Password change requires the current password
  • Account deletion requires password confirmation and shows an explicit warning
  • Delete confirmation uses a two-step UI (button → expand → confirm) to prevent accidental clicks

Testing

  • next build completes successfully with no TypeScript errors
  • Settings page renders at /settings (static) ✅

feat: add actionable account controls to Settings page (SecureBananaL…
7463996 
…abs#1810)

- Add Change Password section with current/new/confirm password fields
- Add Update Profile section with name, email, and bio fields
- Add Delete Account section with confirmation dialog and password verify
- Add backend API endpoints: PUT /api/settings/password,
  PUT /api/settings/profile, DELETE /api/settings/account
- All settings routes protected by authMiddleware
- Zod validation for all request payloads
- Style consistent with existing dark theme
- Add Settings link to Navigation

Closes SecureBananaLabs#1810
github-actions Bot added a commit that referenced this pull request May 30, 2026
@github-actions
chore: update leaderboard for PR #1964
bc55406
fix: add ZodError handling in settings controllers + add comprehensiv…
d43c427 
…e auth/validation tests

- Wrap all 3 settings controller handlers in try/catch for ZodError
- Return 400 with validation message instead of unhandled rejection
- Add test suite for all settings endpoints: auth (401), valid requests (200),
  password mismatch, missing password, short password validation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Settings page should provide actionable account controls

1 participant

@fennhelloworld