User Profile
Add a profile / account-settings page where users edit personal fields and access Rodauth security features (change password, 2FA, etc.) in one place.
Goal
A /profile URL that shows the user's personal fields plus a "Security" section linking to Rodauth-managed features.
🚨 Critical
- Profile association is always
:profileregardless of the model class —current_user.profile,build_profile,params.require(:profile)always work. - Profile needs
pu:profile:connto be visible — without it, no/profileroute, noprofile_urlhelper. - Every user needs a profile row. Add an
after_create :create_profile!callback to the user model. Without it,current_user.profileis nil.
Quick path
rails g pu:profile:setup date_of_birth:date bio:text \
--dest=competition \
--portal=competition_portalpu:profile:setup is a meta-generator — runs pu:profile:install + pu:profile:conn in one shot.
Step-by-step
1. Install
rails generate pu:profile:install bio:text avatar:attachment 'timezone:string?' \
--dest=customer| Option | Default | Description |
|---|---|---|
--dest=DEST | (prompts) | Target package or main_app |
--user-model=NAME | User | Rodauth user model |
Custom resource name (first positional argument):
rails g pu:profile:install AccountSettings bio:text --dest=main_appBy default the model is {UserModel}Profile (UserProfile, StaffUserProfile, etc.).
2. Migrate
rails db:migrate3. Connect to a portal
rails g pu:profile:conn --dest=customer_portalThis registers the profile as a singular resource — exposes /profile (no :id) and the profile_url helper.
4. Add the auto-create callback
# app/models/user.rb (modified by pu:profile:install)
class User < ApplicationRecord
has_one :profile, class_name: "UserProfile", dependent: :destroy
after_create :create_profile!
private
def create_profile! = create_profile
endFor existing users at migration time:
rails runner "User.find_each(&:create_profile)"What you get
The generated definition injects a custom ShowPage that renders SecuritySection — dynamically lists Rodauth security links based on which features are enabled:
| Feature enabled | Link rendered |
|---|---|
change_password | Change Password |
change_login | Change Email |
otp | Two-Factor Authentication |
recovery_codes | Recovery Codes |
webauthn | Security Keys |
active_sessions | Active Sessions |
close_account | Close Account |
If a feature isn't enabled, its link doesn't render — no configuration needed.
Linking to the profile
link_to("Profile", profile_url) if respond_to?(:profile_url)The respond_to? guard is defensive — only portals that ran pu:profile:conn have the helper.
Customizing the definition
The generated profile is a normal Plutonium definition. Customize like any other:
class UserProfileDefinition < Plutonium::Resource::Definition
field :bio, as: :markdown
input :avatar, as: :uppy
field :timezone, as: :select, choices: ActiveSupport::TimeZone.all.map(&:name)
metadata :created_at, :updated_at
class ShowPage < ShowPage
private
def render_after_content
render Plutonium::Profile::SecuritySection.new
end
end
endSee Reference › Resource › Definition for the full definition surface.
Multiple account types
If your app has both User and StaffUser accounts, run pu:profile:install once per:
rails g pu:profile:install --user-model=User --dest=main_app
rails g pu:profile:install --user-model=StaffUser --dest=main_appEach gets its own *Profile model with :profile association on the respective user. Connect each to the appropriate portal:
rails g pu:profile:conn UserProfile --dest=customer_portal
rails g pu:profile:conn StaffUserProfile --dest=admin_portalCommon issues
current_user.profileis nil — every user needs a profile row. Addafter_create :create_profile!to the user model.profile_urlis undefined — the profile isn't connected to this portal. Runpu:profile:conn --dest=<portal>.SecuritySectionshows nothing — none of the relevant Rodauth features are enabled. Enablechange_password,otp, etc. on the Rodauth plugin.
Related
- Reference › Auth › Profile — full surface
- Reference › Auth › Accounts — Rodauth feature flags that gate SecuritySection
- Authentication — the underlying auth setup