feat: tambah profil akun dan ganti password

Tambahkan halaman /dashboard/profile beserta API ganti password untuk user yang sedang login. Rapikan AuthSeeder agar idempotent dan bisa ambil admin email/password dari env.
2026-03-06 16:07:10 +07:00
parent cea6b06638
commit 132b040418
8 changed files with 243 additions and 11 deletions
--- a/app/Modules/Auth/Services/AuthService.php
+++ b/app/Modules/Auth/Services/AuthService.php
@@ -67,8 +67,9 @@ class AuthService
    public function currentUser(): ?array
    {
        $session = session();
-        $userId  = $session->get(self::SESSION_USER_ID);
-        if (!$userId) {
+        $rawUserId = $session->get(self::SESSION_USER_ID);
+        $userId    = (int) $rawUserId;
+        if ($userId <= 0) {
            return null;
        }

@@ -81,6 +82,31 @@ class AuthService
        return $this->userWithRoles($user);
    }

+    /**
+     * Change password for the given user. Verifies current password first.
+     *
+     * @param int    $userId
+     * @param string $currentPassword
+     * @param string $newPassword
+     * @return bool True on success, false if current password wrong or user not found
+     */
+    public function changePassword(int $userId, string $currentPassword, string $newPassword): bool
+    {
+        $user = $this->userModel->find($userId);
+        if (!$user || !$user->isActive()) {
+            return false;
+        }
+
+        if (!password_verify($currentPassword, $user->password_hash)) {
+            return false;
+        }
+
+        $hash = password_hash($newPassword, PASSWORD_DEFAULT);
+        $this->userModel->update($userId, ['password_hash' => $hash]);
+
+        return true;
+    }
+
    /**
     * Build user array with roles (no password).
     */