Profile Management
Overview
Every authenticated member has a profile that stores their personal information. Profile data is used across the platform (event applications, leaderboards, membership cards, etc.).
Workflow
Step-by-Step: Edit Profile
- Log in and click your avatar in the top navigation bar.
- Select "Edit Profile" (or navigate to
/profile). - The
EditProfileDialogopens with current values pre-filled. - Update any of: First Name, Last Name, Phone Number.
- Click Save.
- Changes are reflected immediately across the platform.
Phone number validation
Phone numbers are validated using the international libphonenumber library and stored in E.164 format (e.g., +359888123456). Invalid formats are rejected with a clear error message.
Step-by-Step: Directory Visibility
The member directory is opt-in by default (privacy-first, GDPR Article 25).
- Go to your Profile page.
- Toggle "Show in Member Directory".
- When enabled, your name appears in the members directory visible to all authenticated users.
- When disabled, your profile is hidden from the directory.
Application Properties
| Property | Default | Description |
|---|---|---|
| (no custom properties) | — | Phone validation is library-only |
Security Notes
- Users can only update their own profile — the server resolves the user from the JWT subject, not from a URL parameter. No IDOR risk.
- Admin can view all user profiles via
GET /api/v1/usersand can lock, unlock, or delete accounts. - Soft-delete: deleted accounts have
deletedAtset and are excluded from all queries.
QA Checklist
- Update first/last name → changes visible immediately
- Enter valid international phone → saved in E.164 format
- Enter invalid phone (e.g.,
abc123) → error shown, not saved - Toggle directory visibility → appears/disappears from member directory
- Attempt to update another user's profile via API → 403 Forbidden