Implement 'change password' and 'change email' features

[qisforq]

Objective:

Implement the "Change Password" and "Change Email" features to allow users to update their account credentials securely.

Sub-tasks:

1. Design the Change Password and Change Email UI

   • [ ] Create wireframes or mockups for the Change Password and Change Email forms in the user settings or profile page
   • [ ] Define the required fields and validation rules for each form
   • [ ] Obtain approval from stakeholders on the design

2. Implement the Change Password form

   • [ ] Create a new component or modify an existing one to display the Change Password form
   • [ ] Include fields for the current password, new password, and confirm new password
   • [ ] Implement form validation to ensure the new password meets the required criteria (e.g., minimum length, complexity)
   • [ ] Hash the new password securely before sending it to the backend

3. Implement the Change Email form

   • [ ] Create a new component or modify an existing one to display the Change Email form
   • [ ] Include fields for the current email and new email
   • [ ] Implement form validation to ensure the new email is in a valid format

4. Handle Change Password request

   • [ ] Create an API endpoint in the backend to handle the Change Password request
   • [ ] Verify the user's current password before allowing the password change
   • [ ] Update the user's password in the database with the new hashed password
   • [ ] Send a confirmation email to the user's registered email address notifying them about the password change

5. Handle Change Email request

   • [ ] Create an API endpoint in the backend to handle the Change Email request
   • [ ] Verify the user's current email before allowing the email change
   • [ ] Send a verification email to the new email address to confirm the email change
   • [ ] Update the user's email in the database once the verification is complete
   • [ ] Send a confirmation email to both the old and new email addresses notifying the user about the email change

6. Implement security measures

   • [ ] Implement rate limiting or throttling to prevent excessive attempts to change passwords or email addresses
   • [ ] Log all password and email change activities for auditing and security purposes
   • [ ] Consider implementing two-factor authentication (2FA) for additional security when changing sensitive account information

7. Test and monitor

   • [ ] Conduct thorough testing of the Change Password and Change Email features, including edge cases and security scenarios
   • [ ] Verify that the password and email changes are properly reflected in the user's account and database
   • [ ] Monitor the performance and security of the password and email change processes and address any issues promptly

[qisforq]

This will be revised to be just change password task

[chef-louis]

• Basic password changing functionality has been added
• TODO: add validation on password entry (ie. char length; matching passwords, etc)
• TODO: add confirmation toast upon successful password update