cameleer/cameleer-saas
2
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: vendor admin management and shared account settings #59

Merged
hsiegeln merged 19 commits from feature/vendor-admin-account-settings into main 2026-04-27 15:20:23 +02:00
Conversation 0 Commits 19 Files Changed 28 +4586 -697
claude commented 2026-04-27 15:10:22 +02:00
Owner
Copy Link

Summary

  • Multi-vendor admin management — new /vendor/admins page lets platform admins invite/create additional administrators, remove them, reset their password or MFA. Uses the saas-vendor global Logto role. Invite via email when connector is configured, create with temporary credentials when not.
  • Shared account settings page — new /settings/account accessible to any authenticated user (vendor or tenant). Manage display name, change password (with current-password verification + confirmation email), TOTP MFA setup/removal, backup codes, passkey list/rename/delete. Reached via user dropdown menu in the TopBar.
  • AccountService extraction — new account/ package centralizes all user-level identity operations previously scattered across TenantPortalService and OnboardingService. TenantPortalService now delegates to AccountService (129 lines removed). Tenant SettingsPage imports shared components (467 lines removed).
  • LogtoManagementClient additions — password verification via Management API, global role CRUD methods, null orgId guard fix for vendor admin creation.
  • Security/api/account/** endpoints require authenticated(), MFA enforcement exemptions for account management paths, vendor admin reset operations verify target is actually a platform admin.

Changes

  • 23 files changed, +1,901 / -685 lines
  • New backend: AccountService, AccountController, VendorAdminService, VendorAdminController
  • New frontend: AccountSettingsPage, VendorAdminsPage, 4 shared components in components/account/
  • Refactored: TenantPortalService (delegation), SettingsPage (shared imports), tenant-hooks.ts (re-exports)

Test plan

  • Sign in as vendor, click username dropdown → "Account Settings" → verify profile, password change, MFA setup all work
  • Navigate to Vendor → Administrators → verify current admin listed with "You" badge
  • Add a new administrator (with temp credentials if no email connector)
  • Test Reset Password, Reset MFA, Remove actions on the new admin
  • Verify self-removal is blocked
  • Sign in as tenant admin → /tenant/settings → verify MFA, passkey, password sections still work
  • Verify forgot password link visible on sign-in page when email connector is active
## Summary - **Multi-vendor admin management** — new `/vendor/admins` page lets platform admins invite/create additional administrators, remove them, reset their password or MFA. Uses the `saas-vendor` global Logto role. Invite via email when connector is configured, create with temporary credentials when not. - **Shared account settings page** — new `/settings/account` accessible to any authenticated user (vendor or tenant). Manage display name, change password (with current-password verification + confirmation email), TOTP MFA setup/removal, backup codes, passkey list/rename/delete. Reached via user dropdown menu in the TopBar. - **AccountService extraction** — new `account/` package centralizes all user-level identity operations previously scattered across `TenantPortalService` and `OnboardingService`. `TenantPortalService` now delegates to `AccountService` (129 lines removed). Tenant `SettingsPage` imports shared components (467 lines removed). - **LogtoManagementClient additions** — password verification via Management API, global role CRUD methods, null orgId guard fix for vendor admin creation. - **Security** — `/api/account/**` endpoints require `authenticated()`, MFA enforcement exemptions for account management paths, vendor admin reset operations verify target is actually a platform admin. ## Changes - 23 files changed, +1,901 / -685 lines - New backend: `AccountService`, `AccountController`, `VendorAdminService`, `VendorAdminController` - New frontend: `AccountSettingsPage`, `VendorAdminsPage`, 4 shared components in `components/account/` - Refactored: `TenantPortalService` (delegation), `SettingsPage` (shared imports), `tenant-hooks.ts` (re-exports) ## Test plan - [ ] Sign in as vendor, click username dropdown → "Account Settings" → verify profile, password change, MFA setup all work - [ ] Navigate to Vendor → Administrators → verify current admin listed with "You" badge - [ ] Add a new administrator (with temp credentials if no email connector) - [ ] Test Reset Password, Reset MFA, Remove actions on the new admin - [ ] Verify self-removal is blocked - [ ] Sign in as tenant admin → /tenant/settings → verify MFA, passkey, password sections still work - [ ] Verify forgot password link visible on sign-in page when email connector is active
claude added 18 commits 2026-04-27 15:10:22 +02:00
docs: vendor admin management and account settings design spec 86d9ba4985 
Two features: multi-vendor admin management (invite/create, remove,
reset password/MFA) and shared account settings page (profile, password
change with current-password verification, MFA self-service). Includes
consolidation plan extracting user-level identity operations from
TenantPortalService into new AccountService.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
docs: implementation plan for vendor admin management and account settings 316e5ef6c1 
16 tasks covering: LogtoManagementClient additions, AccountService
extraction, AccountController, VendorAdminService/Controller,
SecurityConfig updates, frontend component extraction, shared
AccountSettingsPage, VendorAdminsPage, and Layout user menu.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat: add password verify and role management methods to LogtoManagementClient 19428b4e27 
Adds verifyUserPassword (for current-password check before password change) and
four global role methods (listRoleUsers, getRoleByName, assignGlobalRole,
revokeGlobalRole) needed by the upcoming AccountService and VendorAdminService.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat: add AccountService extracting user identity operations from TenantPortalService 90d84ffd00 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat: add AccountController with /api/account/* endpoints b63e5e9c81
feat: add /api/account/** security config and MFA enforcement exemptions ab240e42b0 
Permit /settings/** SPA route, gate /api/account/** as authenticated,
and exempt account MFA/profile/password paths from MFA enforcement filter.
refactor: delegate TenantPortalService MFA/password/passkey methods to AccountService cc3d2dc111 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
refactor: use AccountService for display name in OnboardingService 665ffefd3e 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat: add vendor admin management (list, create/invite, remove, reset password/MFA) 022b6d9722 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix: guard against null orgId in createAndInviteUser and createUserWithPassword 0da1ffea7f 
Vendor admins use global roles, not org roles — passing null orgId
would previously cause addUserToOrganization to call
/api/organizations/null/users and fail.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat: add TypeScript types and React Query hooks for account and vendor admin APIs bf42f13afc 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat: extract shared account components (Profile, Password, MFA, Passkey) e563631efb 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat: add AccountSettingsPage composing shared account components 5d1d263c74
feat: add VendorAdminsPage with list, create/invite, remove, reset actions d44ee4b977 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat: add account settings route and user menu dropdown 8668642b8d 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
refactor: consolidate tenant SettingsPage to use shared account components e5e0cad7c3 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix: code review findings — dead catch blocks, notification email, role verification 372d3c77a0 
- Remove dead IllegalArgumentException catch blocks in TenantPortalController
  (delegated methods now throw ResponseStatusException, handled by Spring)
- Add password reset notification email in VendorAdminService.resetAdminPassword
- Add verifyIsVendorAdmin guard to resetAdminPassword and resetAdminMfa
  to prevent platform admins from resetting arbitrary non-admin users

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
docs: update CLAUDE.md for account package, vendor admins, and shared components
Some checks failed
CI / build (push) Failing after 2m1s
Details
CI / docker (push) Has been skipped
Details
CI / build (pull_request) Failing after 1m46s
Details
CI / docker (pull_request) Has been skipped
Details
e9e18f6c38 
- Add account/ package to Key Packages table
- Add VendorAdminService/Controller to vendor/ package
- Note TenantPortalService delegation to AccountService
- Update ui/CLAUDE.md: AccountSettingsPage, VendorAdminsPage,
  Administrators sidebar, user menu dropdown, shared components

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
claude added 1 commit 2026-04-27 15:15:23 +02:00
fix: add AccountService mock to TenantPortalServiceTest constructor
All checks were successful
CI / build (push) Successful in 3m9s
Details
CI / build (pull_request) Successful in 3m8s
Details
CI / docker (pull_request) Has been skipped
Details
CI / docker (push) Successful in 1m43s
Details
f823a409d0 
The TenantPortalService constructor gained an AccountService parameter
in the consolidation refactor — the test was missing it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
hsiegeln merged commit 0b4d0e3b2f into main 2026-04-27 15:20:23 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
auth
Identity, authentication, OIDC, RBAC
 billing
Billing, metering, and Stripe integration
 day-1
Required for initial launch
 epic
Top-level epic grouping related issues
 future
Planned for future release
 infra
Infrastructure, GitOps, K8s orchestration
 licensing
License module and feature gating
 networking
Network isolation, VPN, tenant separation
 observability
Observability integration (cameleer3-server)
 ops
Platform operations and self-monitoring
 phase-1
Phase 1: Foundation + Auth
 phase-2
Phase 2: Tenants + Licensing
 phase-3
Phase 3: Runtime Orchestration + Environments
 phase-4
Phase 4: Observability Pipeline + Inbound Routing
 phase-5
Phase 5: K8s Operational Layer
 phase-6
Phase 6: Billing + Metering
 phase-7
Phase 7: Billing + Metering
 phase-8
Phase 8: Security Hardening + Self-Monitoring
 phase-9
Phase 9: Frontend (React Shell)
 platform
SaaS management platform
 runtime
Camel application runtime
 secrets
Secrets management and vault integration
 security
Security, compliance, SOC 2, audit
 task
Implementation task within a phase
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cameleer/cameleer-saas#59
Delete Branch "feature/vendor-admin-account-settings"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?