Fixed password settings so that changed passwords actually work and I can actually change the passwords

backend/main.py

@@ -68,6 +68,17 @@ def update_user(user_id: str, user_update: schemas.UserUpdate, db: Session = Dep
     db.refresh(db_user)
     return db_user
 
+@app.post("/users/{user_id}/password")
+def change_password(user_id: str, payload: schemas.PasswordChange, db: Session = Depends(get_db)):
+    db_user = db.query(models.User).filter(models.User.id == user_id).first()
+    if not db_user:
+        raise HTTPException(status_code=404, detail="User not found")
+    if not auth.verify_password(payload.old_password, db_user.password_hash):
+        raise HTTPException(status_code=401, detail="Current password is incorrect")
+    db_user.password_hash = auth.get_password_hash(payload.new_password)
+    db.commit()
+    return {"message": "Password updated"}
+
 @app.delete("/users/{user_id}")
 def delete_user(user_id: str, db: Session = Depends(get_db)):
     db_user = db.query(models.User).filter(models.User.id == user_id).first()