feat: Refactor rides app with unique constraints, mixins, and enhanced documentation

- Added migration to convert unique_together constraints to UniqueConstraint for RideModel.
- Introduced RideFormMixin for handling entity suggestions in ride forms.
- Created comprehensive code standards documentation outlining formatting, docstring requirements, complexity guidelines, and testing requirements.
- Established error handling guidelines with a structured exception hierarchy and best practices for API and view error handling.
- Documented view pattern guidelines, emphasizing the use of CBVs, FBVs, and ViewSets with examples.
- Implemented a benchmarking script for query performance analysis and optimization.
- Developed security documentation detailing measures, configurations, and a security checklist.
- Compiled a database optimization guide covering indexing strategies, query optimization patterns, and computed fields.

backend/apps/accounts/services.py

@@ -2,16 +2,281 @@
 User management services for ThrillWiki.
 
 This module contains services for user account management including
-user deletion while preserving submissions.
+user deletion while preserving submissions, password management,
+and email change functionality.
+
+Recent additions:
+- AccountService: Handles password and email change operations
+- UserDeletionService: Manages user deletion while preserving content
 """
 
-from typing import Optional
-from django.db import transaction
-from django.utils import timezone
+import logging
+import re
+from typing import Any, Dict, Optional
+
 from django.conf import settings
+from django.contrib.auth import update_session_auth_hash
 from django.contrib.sites.models import Site
+from django.contrib.sites.shortcuts import get_current_site
+from django.db import transaction
+from django.http import HttpRequest
+from django.template.loader import render_to_string
+from django.utils import timezone
+from django.utils.crypto import get_random_string
 from django_forwardemail.services import EmailService
-from .models import User, UserProfile, UserDeletionRequest
+
+from .models import EmailVerification, User, UserDeletionRequest, UserProfile
+
+logger = logging.getLogger(__name__)
+
+
+class AccountService:
+    """Service for account management operations including password and email changes."""
+
+    @staticmethod
+    def validate_password(password: str) -> bool:
+        """
+        Validate password meets requirements.
+
+        Args:
+            password: The password to validate
+
+        Returns:
+            True if password meets requirements, False otherwise
+        """
+        return (
+            len(password) >= 8
+            and bool(re.search(r"[A-Z]", password))
+            and bool(re.search(r"[a-z]", password))
+            and bool(re.search(r"[0-9]", password))
+        )
+
+    @staticmethod
+    def change_password(
+        *,
+        user: User,
+        old_password: str,
+        new_password: str,
+        request: HttpRequest,
+    ) -> Dict[str, Any]:
+        """
+        Change user password with validation and notification.
+
+        Validates the old password, checks new password requirements,
+        updates the password, and sends a confirmation email.
+
+        Args:
+            user: The user whose password is being changed
+            old_password: Current password for verification
+            new_password: New password to set
+            request: HTTP request for session handling
+
+        Returns:
+            Dictionary with success status, message, and optional redirect URL:
+            {
+                'success': bool,
+                'message': str,
+                'redirect_url': Optional[str]
+            }
+        """
+        # Verify old password
+        if not user.check_password(old_password):
+            logger.warning(
+                f"Password change failed: incorrect current password for user {user.id}"
+            )
+            return {
+                'success': False,
+                'message': "Current password is incorrect",
+                'redirect_url': None
+            }
+
+        # Validate new password
+        if not AccountService.validate_password(new_password):
+            return {
+                'success': False,
+                'message': "Password must be at least 8 characters and contain uppercase, lowercase, and numbers",
+                'redirect_url': None
+            }
+
+        # Update password
+        user.set_password(new_password)
+        user.save()
+
+        # Keep user logged in after password change
+        update_session_auth_hash(request, user)
+
+        # Send confirmation email
+        AccountService._send_password_change_confirmation(request, user)
+
+        logger.info(f"Password changed successfully for user {user.id}")
+
+        return {
+            'success': True,
+            'message': "Password changed successfully. Please check your email for confirmation.",
+            'redirect_url': None
+        }
+
+    @staticmethod
+    def _send_password_change_confirmation(request: HttpRequest, user: User) -> None:
+        """Send password change confirmation email."""
+        site = get_current_site(request)
+        context = {
+            "user": user,
+            "site_name": site.name,
+        }
+
+        email_html = render_to_string(
+            "accounts/email/password_change_confirmation.html", context
+        )
+
+        try:
+            EmailService.send_email(
+                to=user.email,
+                subject="Password Changed Successfully",
+                text="Your password has been changed successfully.",
+                site=site,
+                html=email_html,
+            )
+        except Exception as e:
+            logger.error(f"Failed to send password change confirmation email: {e}")
+
+    @staticmethod
+    def initiate_email_change(
+        *,
+        user: User,
+        new_email: str,
+        request: HttpRequest,
+    ) -> Dict[str, Any]:
+        """
+        Initiate email change with verification.
+
+        Creates a verification token and sends a verification email
+        to the new email address.
+
+        Args:
+            user: The user changing their email
+            new_email: The new email address
+            request: HTTP request for site context
+
+        Returns:
+            Dictionary with success status and message:
+            {
+                'success': bool,
+                'message': str
+            }
+        """
+        if not new_email:
+            return {
+                'success': False,
+                'message': "New email is required"
+            }
+
+        # Check if email is already in use
+        if User.objects.filter(email=new_email).exclude(id=user.id).exists():
+            return {
+                'success': False,
+                'message': "This email address is already in use"
+            }
+
+        # Generate verification token
+        token = get_random_string(64)
+
+        # Create or update email verification record
+        EmailVerification.objects.update_or_create(
+            user=user,
+            defaults={"token": token}
+        )
+
+        # Store pending email
+        user.pending_email = new_email
+        user.save()
+
+        # Send verification email
+        AccountService._send_email_verification(request, user, new_email, token)
+
+        logger.info(f"Email change initiated for user {user.id} to {new_email}")
+
+        return {
+            'success': True,
+            'message': "Verification email sent to your new email address"
+        }
+
+    @staticmethod
+    def _send_email_verification(
+        request: HttpRequest,
+        user: User,
+        new_email: str,
+        token: str
+    ) -> None:
+        """Send email verification for email change."""
+        from django.urls import reverse
+
+        site = get_current_site(request)
+        verification_url = reverse("verify_email", kwargs={"token": token})
+
+        context = {
+            "user": user,
+            "verification_url": verification_url,
+            "site_name": site.name,
+        }
+
+        email_html = render_to_string("accounts/email/verify_email.html", context)
+
+        try:
+            EmailService.send_email(
+                to=new_email,
+                subject="Verify your new email address",
+                text="Click the link to verify your new email address",
+                site=site,
+                html=email_html,
+            )
+        except Exception as e:
+            logger.error(f"Failed to send email verification: {e}")
+
+    @staticmethod
+    def verify_email_change(*, token: str) -> Dict[str, Any]:
+        """
+        Verify email change token and update user email.
+
+        Args:
+            token: The verification token
+
+        Returns:
+            Dictionary with success status and message
+        """
+        try:
+            verification = EmailVerification.objects.select_related("user").get(
+                token=token
+            )
+        except EmailVerification.DoesNotExist:
+            return {
+                'success': False,
+                'message': "Invalid or expired verification token"
+            }
+
+        user = verification.user
+
+        if not user.pending_email:
+            return {
+                'success': False,
+                'message': "No pending email change found"
+            }
+
+        # Update email
+        old_email = user.email
+        user.email = user.pending_email
+        user.pending_email = None
+        user.save()
+
+        # Delete verification record
+        verification.delete()
+
+        logger.info(f"Email changed for user {user.id} from {old_email} to {user.email}")
+
+        return {
+            'success': True,
+            'message': "Email address updated successfully"
+        }
 
 
 class UserDeletionService: