Logotipo Hedhog

Get Hedhog updates in your inbox

New releases, fresh recipes, and breaking changes — no spam.

Back to Core modulesWired in CoreModule

Core Submodule

profile

Owns current-user profile, MFA, recovery codes and personal settings.

Source path: libraries/core/src/profile

Module file: profile.module.ts

Introduction

This page documents the profile submodule as part of the Core package. Use it as a quick technical reference for implementation scope, exposed APIs and MCP integration points.

HTTP Endpoints

30 endpoints

Return the profile of the currently authenticated user.

Update the current user's profile information.

Body

FieldTypeRequiredNotes
namestringyes

Upload a new avatar for the current user.

Body

FieldTypeRequiredNotes
fileFileyesImage file, multipart/form-data

Update the current user's UI preferences.

Body

FieldTypeRequiredNotes
theme"light" | "dark" | "system"no
languagestringno2-char language code

Change the current user's password.

Body

FieldTypeRequiredNotes
currentPasswordstringyesStrong password
newPasswordstringyesMin 6 chars

Initiate an email change; triggers a verification flow.

Body

FieldTypeRequiredNotes
passwordstringyesMin 6 chars (current password)
emailstringyesNew email address
pinstringnoPin code (if MFA is required)

List all MFA methods registered for the current user.

Return the current user's primary email identifier.

Rename an MFA method.

Params
mfaId (int)

Body

FieldTypeRequiredNotes
namestringyes

Check whether the user must complete MFA verification before adding a new method.

Check whether the user must complete MFA verification before removing a method.

Verify the current MFA method before adding a new one.

Body

FieldTypeRequiredNotes
verificationCodestringyes
verificationType"totp" | "email" | "recovery" | "webauthn"yes
hashstringno
assertionResponseobjectnoWebAuthn assertion (if verificationType is webauthn)

Generate a TOTP secret and QR code URI for the authenticator app setup.

Verify a TOTP token and save the authenticator app as an MFA method.

Body

FieldTypeRequiredNotes
namestringyes
tokenstringyesExactly 6 digits
secretstringyesTOTP secret from generate step

Remove the TOTP MFA method after verifying the current token.

Params
mfaId (int)

Body

FieldTypeRequiredNotes
tokenstringyesCurrent TOTP code to confirm removal

Send an email verification code to the user's email.

Body

FieldTypeRequiredNotes
emailstringyesValid email address

Confirm the email verification code.

Body

FieldTypeRequiredNotes
pinstringyesPin code received by email
challengeIdnumberyes
namestringno

Send a verification code to set up email as an MFA method.

Body

FieldTypeRequiredNotes
emailstringyesValid email address

Confirm the email MFA setup verification code.

Body

FieldTypeRequiredNotes
pinstringyesPin code received by email
challengeIdnumberyes
namestringno

Remove an email MFA method.

Params
mfaId (int)

Body

FieldTypeRequiredNotes
tokenstringyes
hashstringyes

Send a removal confirmation code to the email being unlinked.

Body

FieldTypeRequiredNotes
emailstringyesEmail address to be unlinked

Send a verification challenge before showing or regenerating recovery codes.

Regenerate recovery codes after verifying identity.

Body

FieldTypeRequiredNotes
verificationCodestringno
hashstringno
verificationType"totp" | "email" | "recovery" | "webauthn"no
assertionResponseobjectno

Remove an MFA method after completing the required verification.

Params
mfaId (int)

Body

FieldTypeRequiredNotes
tokenstringno
hashstringno
verificationType"totp" | "email" | "recovery" | "webauthn"no
assertionResponseobjectno

Remove an MFA method using a recovery code as proof of identity.

Params
mfaId (int)

Body

FieldTypeRequiredNotes
recoveryCodestringyes

Generate WebAuthn registration options for adding a passkey.

Body

FieldTypeRequiredNotes
namestringyesDisplay name for the passkey

Verify and save a new WebAuthn credential.

Body

FieldTypeRequiredNotes
namestringyes
attestationResponseobjectyesWebAuthn attestation from the browser

Generate WebAuthn authentication options for verifying a passkey.

Verify a WebAuthn authentication assertion.

Body

FieldTypeRequiredNotes
assertionResponseobjectyesWebAuthn assertion from the browser

Remove a registered WebAuthn passkey.

Params
mfaId (int)

MCP Tools

Named tools callable by AI models via the Model Context Protocol (MCP).

  • core.profile.get

    Return the current user's profile data

  • core.profile.update

    Update the current user's profile information

  • core.profile.update-preferences

    Update the current user's display and locale preferences

  • core.profile.mfa.list

    List MFA/WebAuthn credentials registered to the current user

  • core.profile.change-password

    Change the current user's password