--- issue: "023" title: "changePassword action exists but no dashboard UI page exposes it" severity: major domain: auth labels: [frontend, missing-feature] status: open created: 2026-05-29 source: Doc vs Code Audit 2026-05-29 --- # 🟠 changePassword action exists but no dashboard UI page exposes it **Severity:** major **Domain:** auth **Labels:** frontend, missing-feature ## Description `frontend/src/actions/account.ts` (line ~263) defines `changePassword()` which calls `POST /api/auth/change-password`. The backend endpoint exists and `changePasswordValidation` enforces password complexity (uppercase + lowercase + digit). However, **no dashboard page or component renders a change-password form**. The feature is API-only. ## Current Behavior Users have no UI path to change their password after login. The only password reset mechanism is the email-based reset flow. ## Expected Behavior A "Change Password" section in the account settings dashboard (e.g., under `/dashboard/account`) that calls `changePassword()` with `{ currentPassword, newPassword }`. ## Affected Files - Missing: Change password form component in `/dashboard/account` or `/dashboard/account/security` - `frontend/src/actions/account.ts` — `changePassword` function (implemented, no callers) ## References - [Doc vs Code Audit Report](../09%20-%20Audits/Doc%20vs%20Code%20Audit%20Report%20-%202026-05-29.md) — Finding M4