fix: standardize password validation and refactor admin password reset flow

[praveen-bhosle]

Description

This PR standardizes the minimum password length across the application to ensure consistency between the frontend and backend validation layers. It also refactors the administrator password reset flow to automatically generate secure passwords and enforce a first-time login password change for affected users. Lastly, it cleans up the codebase by removing redundant marketplace authentication pages.

---

What’s Included

• Unified Password Validation: Standardized minimum password length to 6 characters across all frontend validation points and updated the backend Pydantic models with min_length=6.
• Admin Password Reset Workflow: Implemented autogenerated passwords for admin-initiated resets, allowing admins to copy the new credentials, and enforced a "force password change" flag on the user's next login.
• Codebase Cleanup: Eliminated redundant marketplace-login and marketplace-signup pages to streamline the authentication routing.

---

Why This Change

• Security & Consistency: Eliminates validation mismatches between the frontend and backend, preventing unexpected API validation failures for users.
• Better Admin UX & Security: Auto-generation ensures strong initial passwords, while forcing a user reset on first login maintains account privacy and security ownership.
• Maintainability: Removes dead code and redundant authentication views, simplifying future routing updates.

---

Acceptance Criteria

• Frontend validation restricts password creation/updates to $\ge$ 6 characters at all entry points.
• Pydantic models reject password payloads shorter than 6 characters with a validation error.
• Admin password reset generates a random password, displays a copyable string to the admin, and flags the user account for a mandatory password reset.
• A user logging in with an admin-reset password is successfully redirected to a "Change Password" prompt before accessing the app.
• Redundant marketplace login and signup routes/pages are completely removed and no longer accessible.

---

How to Test

1. Verify Password Length Constraints: Attempt to create a password with fewer than 6 characters on the frontend, and directly via the API. Verify that both layers block the request.
2. Test Admin Reset Flow: Log in as an admin, trigger a password reset for a test user, copy the autogenerated password, and verify it displays correctly.
3. Verify Force Password Change: Log in with the test user using the generated password. Confirm that the application forces a password change immediately upon authentication.
4. Check Dead Routes: Attempt to navigate to the old marketplace login/signup URLs to ensure they are removed or correctly handle fallback routing.

---

Tech Guide

• Validation: Added Field(..., min_length=6) to the relevant Pydantic user/auth schemas.
• Auth Flags: Introduced/utilized a backend flag (e.g., requires_password_change or equivalent boolean) on the user model that is flipped to True during an admin reset and checked during the login handshake middleware/route.
• Route Cleanup: Deleted the redundant marketplace authentication page components and stripped their corresponding routes from the frontend router configuration.

---

User Guide (Only if user-facing)

• Admins: When resetting a user's password, a secure password will now be automatically generated for you to copy and share with the user.
• Users: If an administrator resets your password, you will be prompted to choose a new, permanent password the very next time you log in. The minimum password length for all accounts is now 6 characters.

---

Screenshots / Videos (Mandatory for UI changes)

reset_password.mp4

---

Checklist

• Self-reviewed my code
• Added comments for complex logic
• Added/updated tests
• All tests pass locally
• Have added Tech Guide and User Guide

[amoghar29]

what is this module?

[praveen-bhosle]

removed it

[amoghar29]

use full path imports and not relative imports