/* Personal account settings — port of billing-account.jsx AccountSettingsScreen. Per-user preferences (vs Settings which is workspace-level). Wires to /api/auth/me; password change endpoint isn't implemented yet. */ function AccountScreen() { const me = Auth.getUser() || {}; const [currentPw, setCurrentPw] = useState(''); const [newPw, setNewPw] = useState(''); const [pwBusy, setPwBusy] = useState(false); const [pwErr, setPwErr] = useState(null); /* 2FA setup state — three steps: 1. idle: show "Set up 2FA" button 2. setup: backend returned secret + URI → show QR + verify input 3. enabled: show backup codes (one-time) + disable button If user already has 2FA enabled (totp_enabled in JWT), skip to (3). */ const [twofa, setTwofa] = useState({ step: me.totp_enabled ? 'enabled' : 'idle', secret: null, uri: null, code: '', busy: false, err: null, backupCodes: null, }); async function start2fa() { setTwofa((t) => ({ ...t, busy: true, err: null })); try { const res = await apiFetch('/api/auth/2fa/setup', { method: 'POST', body: JSON.stringify({}) }); setTwofa((t) => ({ ...t, step: 'setup', secret: res.secret, uri: res.uri, busy: false })); } catch (err) { setTwofa((t) => ({ ...t, busy: false, err: err.message })); } } async function verify2fa() { setTwofa((t) => ({ ...t, busy: true, err: null })); try { const res = await apiFetch('/api/auth/2fa/verify', { method: 'POST', body: JSON.stringify({ code: twofa.code }), }); setTwofa((t) => ({ ...t, step: 'enabled', backupCodes: res.backup_codes || [], busy: false, code: '', })); window.toast && window.toast.success('Two-factor enabled — save your backup codes!'); /* Update local user record so the chrome reflects the change. */ const u = Auth.getUser(); if (u) Auth.setSession(Auth.getToken(), { ...u, totp_enabled: true }); } catch (err) { setTwofa((t) => ({ ...t, busy: false, err: err.message })); } } async function disable2fa() { const code = window.prompt('Enter your current 6-digit authenticator code to disable 2FA:'); if (!code) return; setTwofa((t) => ({ ...t, busy: true, err: null })); try { await apiFetch('/api/auth/2fa/disable', { method: 'POST', body: JSON.stringify({ code: code.replace(/\s/g, '') }), }); setTwofa({ step: 'idle', secret: null, uri: null, code: '', busy: false, err: null, backupCodes: null }); const u = Auth.getUser(); if (u) Auth.setSession(Auth.getToken(), { ...u, totp_enabled: false }); window.toast && window.toast.success('Two-factor disabled'); } catch (err) { setTwofa((t) => ({ ...t, busy: false, err: err.message })); } } async function changePassword() { setPwErr(null); if (!currentPw || !newPw) { setPwErr('Both current and new passwords are required.'); return; } if (newPw.length < 8) { setPwErr('New password must be at least 8 characters.'); return; } setPwBusy(true); try { await apiFetch('/api/auth/me/password', { method: 'POST', body: JSON.stringify({ current_password: currentPw, new_password: newPw }), }); setCurrentPw(''); setNewPw(''); window.toast && window.toast.success('Password updated'); } catch (err) { setPwErr(err.message || 'Password change failed'); } finally { setPwBusy(false); } } return (
Slate · Personal account

Account

Personal credentials and devices. Workspace-level settings live in Settings.

Identity

Used for sign-in and audit trail.

Display name
Email
User ID

Password & two-factor

Change your password. Two-factor setup is coming next.

Current password
setCurrentPw(e.target.value)} placeholder="Enter your current password" />
New password
setNewPw(e.target.value)} placeholder="At least 8 characters" />
{pwErr && (
{pwErr}
)}
Two-factor
{twofa.step === 'idle' && ( )} {twofa.step === 'setup' && (
Open your authenticator app (1Password, Authy, Google Authenticator) and scan this QR — or paste the secret manually.
{twofa.uri && ( 2FA QR code )}
{twofa.secret}
Manual entry secret — copy/paste if you can't scan.
setTwofa((t) => ({ ...t, code: e.target.value }))} placeholder="6-digit code from your app" style={{ width: '100%' }} /> {twofa.err && (
{twofa.err}
)}
)} {twofa.step === 'enabled' && (
Two-factor is enabled
{twofa.backupCodes && twofa.backupCodes.length > 0 && ( <>
One-time backup codes — save these now
{twofa.backupCodes.map((c) => {c})}
)} {twofa.err && (
{twofa.err}
)}
)}

Sessions

Active sign-ins. JWT expires in 24 hours.

This browser CURRENT
Signed in just now
); } window.AccountScreen = AccountScreen;