feat(auth): change password and username (#1295)

* feat(backend): added change password api endpoint.

* feat(web): added profile UI to change password.

I think we can change the username too, but I don't know if we should for now disabled the username field.

* refactor: don't leak username or password.

* refactor: protect the route.

* generic

* feat: add ChangeUsername

* fix(tests): speculative fix for TestUserRepo_Update

* Revert "feat: add ChangeUsername"

This reverts commit d4c1645002883a278aa45dec3c8c19fa1cc75d9b.

* refactor into 1 endpoint that handles both

* feat: added option to change username as well. :pain:

* refactor: frontend

* refactor: function names in backend

I think this makes it more clear what their function is

* fix: change to 2 cols with separator

* refactor: update user

* fix: test db create user

---------

Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
Co-authored-by: soup <soup@r4tio.dev>
Co-authored-by: martylukyy <35452459+martylukyy@users.noreply.github.com>
Co-authored-by: ze0s <ze0s@riseup.net>

internal/database/user_test.go

@@ -55,11 +55,19 @@ func TestUserRepo_Update(t *testing.T) {
 		})
 		assert.NoError(t, err)
 
+		storedUser, err := repo.FindByUsername(context.Background(), user.Username)
+		assert.NoError(t, err)
+		user.ID = storedUser.ID
+
 		t.Run(fmt.Sprintf("UpdateUser_Succeeds [%s]", dbType), func(t *testing.T) {
 			// Update the user
 			newPassword := "newPassword123"
 			user.Password = newPassword
-			err := repo.Update(context.Background(), user)
+			req := domain.UpdateUserRequest{
+				UsernameCurrent: user.Username,
+				PasswordNewHash: newPassword,
+			}
+			err := repo.Update(context.Background(), req)
 			assert.NoError(t, err)
 
 			// Verify
@@ -68,7 +76,7 @@ func TestUserRepo_Update(t *testing.T) {
 			assert.Equal(t, newPassword, updatedUser.Password)
 
 			// Cleanup
-			_ = repo.Delete(context.Background(), user.Username)
+			_ = repo.Delete(context.Background(), updatedUser.Username)
 		})
 	}
 }