Based on the git diff provided, here's a concise and descriptive commit message:

feat: add passkey authentication and enhance user preferences

- Add passkey login security event type with fingerprint icon
- Include request and site context in email confirmation for backend
- Add user_id exact match filter to prevent incorrect user lookups
- Enable PATCH method for updating user preferences via API
- Add moderation_preferences support to user settings
- Optimize ticket queries with select_related and prefetch_related

This commit introduces passkey authentication tracking, improves user
profile filtering accuracy, and extends the preferences API to support
updates. Query optimizations reduce database hits for ticket listings.

backend/apps/api/v1/accounts/views.py

@@ -904,6 +904,12 @@ def list_profiles(request):
         is_active=True,
     ).select_related("profile").order_by("-date_joined")
     
+    # User ID filter - EXACT match (critical for single user lookups)
+    user_id = request.query_params.get("user_id", "").strip()
+    if user_id:
+        # Use exact match to prevent user_id=4 from matching user_id=4448
+        queryset = queryset.filter(user_id=user_id)
+    
     # Search filter
     search = request.query_params.get("search", "").strip()
     if search:
@@ -1081,18 +1087,53 @@ def update_user_profile(request):
 @extend_schema(
     operation_id="get_user_preferences",
     summary="Get user preferences",
-    description="Get the authenticated user's preferences and settings.",
+    description="Get or update the authenticated user's preferences and settings.",
     responses={
         200: UserPreferencesSerializer,
         401: {"description": "Authentication required"},
     },
     tags=["User Settings"],
 )
-@api_view(["GET"])
+@api_view(["GET", "PATCH"])
 @permission_classes([IsAuthenticated])
 def get_user_preferences(request):
-    """Get user preferences."""
+    """Get or update user preferences."""
     user = request.user
+    
+    if request.method == "PATCH":
+        current_data = {
+            "theme_preference": user.theme_preference,
+            "email_notifications": user.email_notifications,
+            "push_notifications": user.push_notifications,
+            "privacy_level": user.privacy_level,
+            "show_email": user.show_email,
+            "show_real_name": user.show_real_name,
+            "show_statistics": user.show_statistics,
+            "allow_friend_requests": user.allow_friend_requests,
+            "allow_messages": user.allow_messages,
+        }
+        
+        # Handle moderation_preferences field (stored as JSON on User model if it exists)
+        if "moderation_preferences" in request.data:
+            try:
+                if hasattr(user, 'moderation_preferences'):
+                    user.moderation_preferences = request.data["moderation_preferences"]
+                    user.save()
+                # Return success even if field doesn't exist (non-critical preference)
+                return Response({"moderation_preferences": request.data["moderation_preferences"]}, status=status.HTTP_200_OK)
+            except Exception:
+                # Non-critical - just return success
+                return Response({"moderation_preferences": request.data["moderation_preferences"]}, status=status.HTTP_200_OK)
+        
+        serializer = UserPreferencesSerializer(data={**current_data, **request.data})
+        if serializer.is_valid():
+            for field, value in serializer.validated_data.items():
+                setattr(user, field, value)
+            user.save()
+            return Response(serializer.data, status=status.HTTP_200_OK)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+    
+    # GET request
     data = {
         "theme_preference": user.theme_preference,
         "email_notifications": user.email_notifications,