**Description:** Allow authenticated users to change their own password. **Tasks:** - [ ] Create `PATCH /api/auth/change-password` - [ ] Require authentication - [ ] Validate `currentPassword` and `newPassword` - [ ] Verify current password; return `401` if incorrect - [ ] Hash and update new password; invalidate all refresh tokens **Acceptance Criteria:** Authenticated user can change password; wrong current password returns `401`. ---
Description:
Allow authenticated users to change their own password.
Tasks:
PATCH /api/auth/change-passwordcurrentPasswordandnewPassword401if incorrectAcceptance Criteria:
Authenticated user can change password; wrong current password returns
401.