refactor(api): update User interface to use entity objects

- Change UserUpdate to accept *models.User instead of separate
  id/changes parameters
- Change UserDelete to accept *models.User instead of id string
- Update service layer to resolve users before update/delete operations
- Remove UserChanges model usage in favor of direct entity updates
- Add applyUserChanges helper function for user field updates
- Update all service methods to use new interface signatures
- Add proper BSON marshaling with ObjectID conversion in UserUpdate
- Update AuthLocalUser to modify user object directly before update
- Update CreateUserToken to handle preferred namespace updates
- Update LeaveNamespace to resolve user before clearing preferences
- Update Setup to pass user entity to UserDelete on rollback
- Simplify UserDelete implementation using DeleteOne directly
- Add case-insensitive field comparison in applyUserChanges
- Normalize string fields (username, email, recovery_email) to lowercase
- Update password hashing to return complete UserPassword object
- Update all mock expectations to use entity objects
- Add complete user and updatedUser fixtures in test cases
- Reorder mock setup in tests for better clarity
- Fix expected error user state in UpdatePasswordUser tests

BREAKING CHANGE: UserUpdate and UserDelete now accept *models.User and
return only error

Author: heiytor

api/services/auth.go

@@ -310,15 +310,16 @@ func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser
 	}
 
 	// Updates last_login and the hash algorithm to bcrypt if still using SHA256
-	changes := &models.UserChanges{LastLogin: clock.Now(), PreferredNamespace: &tenantID}
+	user.LastLogin = clock.Now()
+	user.Preferences.PreferredNamespace = tenantID
 	if !strings.HasPrefix(user.Password.Hash, "$") {
 		if neo, _ := models.HashUserPassword(req.Password); neo.Hash != "" {
-			changes.Password = neo.Hash
+			user.Password = neo
 		}
 	}
 
 	// TODO: evaluate make this update in a go routine.
-	if err := s.store.UserUpdate(ctx, user.ID, changes); err != nil {
+	if err := s.store.UserUpdate(ctx, user); err != nil {
 		return nil, 0, "", NewErrUserUpdate(user, err)
 	}
 
@@ -391,7 +392,11 @@ func (s *service) CreateUserToken(ctx context.Context, req *requests.CreateUserT
 		role = member.Role.String()
 
 		if user.Preferences.PreferredNamespace != namespace.TenantID {
-			_ = s.store.UserUpdate(ctx, user.ID, &models.UserChanges{PreferredNamespace: &tenantID})
+			user.Preferences.PreferredNamespace = tenantID
+			// TODO: evaluate make this update in a go routine.
+			if err := s.store.UserUpdate(ctx, user); err != nil {
+				return nil, NewErrUserUpdate(user, err)
+			}
 		}
 	}