Account Management
The profile scaffold is a complete, Jetstream-style account page — not just a
name/email form. It's tabbed: Profile, Change password, Sessions, and
a Danger zone.
php artisan adminlte:scaffold profile
php artisan migrate # adds the nullable `avatar` column to users
php artisan storage:link # so uploaded avatars are publicly served
What it publishes
| Artifact | Destination |
|---|---|
add_profile_fields_to_users_table migration (avatar column) |
database/migrations/ |
UpdateProfileRequest, UpdatePasswordRequest |
app/Http/Requests/AdminLte/ |
ProfileController |
app/Http/Controllers/AdminLte/ |
| Tabbed account view | resources/views/adminlte/profile/ |
ProfileTest |
tests/Feature/AdminLte/ |
| Routes | profile.* in the managed /admin group |
Routes:
| Verb | URI | Name | Purpose |
|---|---|---|---|
| GET | /admin/profile |
adminlte.profile.show |
Account page |
| PUT | /admin/profile |
adminlte.profile.update |
Update name / email |
| PUT | /admin/profile/password |
adminlte.profile.password.update |
Change password |
| POST | /admin/profile/avatar |
adminlte.profile.avatar.update |
Upload avatar |
| PUT | /admin/profile/other-sessions |
adminlte.profile.sessions.logout-others |
Log out other devices |
| DELETE | /admin/profile |
adminlte.profile.destroy |
Delete account |
Features
- Profile — name + email via
UpdateProfileRequest. When the email changes and theUserimplementsMustVerifyEmail, verification is re-triggered. - Avatar — image upload (max 2 MB) to the
publicdisk underavatars/. The path is set directly on the model, so you don't need to addavatarto the User$fillable. Requiresphp artisan storage:link. - Change password — current-password check + confirmed new password
(
UpdatePasswordRequestuses thecurrent_passwordrule andPassword::defaults()). - Sessions — lists the user's active sessions and offers
"log out other devices" (
Auth::logoutOtherDevices). Requires the database session driver (SESSION_DRIVER=database+ asessionstable); with any other driver the tab shows a notice instead. - Danger zone — password-confirmed account deletion (also removes the avatar file and logs the user out).
Notes
- The account routes live in the auth-protected
/admingroup. - See
authentication.mdfor the related auth-hardening features (login throttling, email verification, password confirmation).