Add settings modal with account management

[vanajmoorthy]

Summary

Reimplement the settings modal from #72 (closed due to merge conflicts after 65 commits diverged on main). This PR consolidates all user account management into a single modal dialog accessible from the dashboard.

Plan

1. Backend: New forms (core/forms.py)

• UpdateEmailForm — validates email format and case-insensitive uniqueness
• ChangePasswordForm — validates current password + new password confirmation

2. Backend: New views (core/views.py)

• update_email_view — @login_required @require_POST, handles email update with duplicate checking, returns JSON for AJAX
• change_password_view — @login_required @require_POST, changes password and re-authenticates user (prevents logout), returns JSON
• delete_account_view — @login_required @require_POST, requires text confirmation ("DELETE") + password verification, deletes user cascade, returns JSON
• Enhance existing update_privacy_view and update_recommendation_visibility to support both AJAX (JSON response) and form POST (redirect) patterns

3. Backend: URLs (core/urls.py)

Add 3 new paths:

dashboard/update-email/     → update_email
dashboard/change-password/  → change_password
dashboard/delete-account/   → delete_account

4. Backend: Analytics (core/analytics/events.py)

• Add track_account_deleted(user_id) event
• Extend track_settings_updated() to cover email/password changes

5. Frontend: Settings modal template (core/templates/core/partials/settings_modal.html)

New partial with Alpine.js state management containing:

• Display name — inline editing (reuse existing update_username_api)
• Email update — form with validation feedback
• Password change — current password + new password + confirm
• Privacy toggles — profile visibility and recommendation visibility (move from inline dashboard to modal)
• Danger zone — account deletion with confirmation flow (type "DELETE" + enter password)
• Smooth transitions, neobrutalist styling, keyboard accessible (Escape to close)

6. Frontend: Dashboard integration (core/templates/core/dashboard.html)

• Add settingsOpen to the existing shareModalData() Alpine.js scope (or merge scopes)
• Add a Settings button in the bottom action bar (alongside "Update Bibliotype")
• Replace the inline privacy toggle section with the settings modal include
• Keep all existing cards, animations, and share functionality untouched

7. Database migration

• Change UserProfile.is_public default from False to True (new migration)

8. Tests (core/tests/test_settings.py)

Comprehensive test suite covering:

• Email update: valid change, duplicate prevention, case-insensitive check
• Password change: correct old password required, mismatch rejection, re-auth after change
• Account deletion: requires "DELETE" confirmation + correct password, cascades profile deletion
• Privacy/recommendation toggles: both AJAX and form POST paths
• Auth guards on all endpoints

Files to modify

• core/forms.py — add 2 forms
• core/views.py — add 3 views, enhance 2 existing views
• core/urls.py — add 3 URL paths
• core/analytics/events.py — add 1 event, update 1 event
• core/models.py — change is_public default (1 line)
• core/templates/core/dashboard.html — add settings button + modal include, remove inline privacy toggle
• core/templates/core/partials/settings_modal.html — new file
• core/tests/test_settings.py — new file
• core/migrations/0027_*.py — new migration

Test plan

• All 31+ settings tests pass
• Existing test suite still passes
• Settings modal opens/closes correctly
• Email, password, and display name updates work via AJAX
• Privacy toggles work from within modal
• Account deletion requires both "DELETE" text and correct password
• User stays logged in after password change
• Anonymous users cannot access any settings endpoints

🤖 Generated with Claude Code