The old key comparison was wrong — the localStorage key may have been
randomly generated rather than PBKDF2-derived. Fix:
- Add /accounts/check-password/ to validate the old password server-side
before touching any keys
- Use the localStorage key directly as the old decryption key (it is
always the correct source of truth, regardless of how it was generated)
- Derive the new key from the new password via PBKDF2
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The encryption key is PBKDF2-derived from the login password. Changing
the password without migrating the key would make all books undecryptable
on the next login.
- Add POST /books/<pk>/rekey/ endpoint to replace a book's ciphertexts
- Password change form is now JS-driven: before submitting to the server,
derives the old key, verifies it matches localStorage, derives the new
key, re-encrypts all books (data + meta) and their highlights/bookmarks,
updates localStorage, then submits the Django form
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Uses Django's built-in PasswordChangeForm and update_session_auth_hash
so the session stays valid after the change. Form is hidden in a
<details> element and opens automatically on validation errors.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>