feat: add password change endpoint with complexity validation

[kaifcodec]

This PR implements the backend logic and comprehensive testing for the "Change Password" feature in the Developer Panel. It includes custom validation for password complexity and secure verification of the current password.

---

Changes Made:

• Schema (developer.py):
  • Added PasswordChange model.
  • Implemented a field_validator to ensure a mix of letters and numbers (min 8 characters).
  • Added a model_validator to ensure new_password and confirm_password match.
• API Route (auth.py):
  • Created POST /change-password endpoint.
  • Added logic to verify the user's current_password before permitting changes.
  • Integrated with developer_service.update_developer_info to handle automatic password hashing.
• Tests (test_auth.py):
  • Added TestChangePassword class.
  • Added test cases for success, invalid current password, complexity failures, and mismatch errors.

---

To-Do

• Backend: Pydantic Schema validation
• Backend: API Route implementation
• Backend: Unit tests for authentication logic
• Frontend: Create "Change Password" form in React
• Frontend: Connect UI to the new API endpoint
• Frontend: Add success/error notifications

---

Closes #531

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5eaae8bd-5579-42f2-b645-bf749050624e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[kaifcodec]

@KaliszS Backend is complete. I'm ready to implement the Change Password UI.
Currently, src/components/settings/ only contains providers/. Should I create a new account/ or security/ directory there for this form?

[KaliszS]

CI pipeline failed. We need to fix tests and code quality for backend first. Let me know if you need assist with that! :)

Regarding your frontend question, @farce1 should be able to answer this ;)

[kaifcodec]

@KaliszS I've addressed the CI failures and the requested changes:

• Status Codes: Updated tests to expect 400 instead of 422 to match the project's error handling.
• Error Messages: Aligned the mismatch test assertion with the actual API output.
• Imports & Style: Fixed the schema export and applied ruff formatting.

I've verified this in a clean environment and all 35 tests in test_auth.py are now passing.

@farce1 Any update on the frontend directory? Should I go ahead with src/components/settings/security/?

The backend is ready for another look!

[Gasiek]

Regarding the directory in frontend, you can go ahead with src/components/settings/security/ if security is the idea for the name of the tab for changing the password.

We will anyway need to clean up/restructure the components directory on frontend and settle on one approach where to put what @farce1 . But we will tackle that in a different PR.

[KaliszS]

There are more things to improve (like JSONResponse in new endpoint with 200/204 status code response or SecretStr instead of str in pydantic model's password fields), but those issue exist in other parts of the same module, so it's something we need to fix in separate PR imho anyway.

[kaifcodec]

@KaliszS I've pushed the updates to align with your feedback:

1. Schema Refactor: Removed the password complexity validation. I originally included it to enhance security during the password change flow, but I understand the need for consistency across the platform's current registration logic.

Let me know if there's anything else in the backend that needs adjustment before I move to the frontend.