feat: PasswordResetBegin of auth controller;

fix: sql query updateLoginInformationByUsername used in-database hashing;
refactor: renamed LogOutAccounts into LogOutSessions in models/auth;
refactor: added error checks on opening transactions for all auth service methods;
refactor: added error checks on commiting transactions likewise;
refactor: simplified PasswordResetBegin logic;
feat: implemented PasswordResetComplete method of auth service;

backend/internal/database/query.sql.go

@@ -865,13 +865,7 @@ const updateLoginInformationByUsername = `-- name: UpdateLoginInformationByUsern
 UPDATE login_informations
 SET 
   email = COALESCE($2, email), 
-  password_hash = COALESCE(
-    CASE
-      WHEN $3::text IS NOT NULL
-      THEN crypt($3::text, gen_salt('bf'))
-    END,
-    password_hash
-  ), 
+  password_hash = COALESCE($3::text, password_hash), 
   totp_encrypted = COALESCE($4, totp_encrypted),
   email_2fa_enabled = COALESCE($5, email_2fa_enabled),
   password_change_date = COALESCE($6, password_change_date)
@@ -882,7 +876,7 @@ WHERE users.username = $1 AND login_informations.user_id = users.id
 type UpdateLoginInformationByUsernameParams struct {
 	Username           string
 	Email              *string
-	Password           string
+	PasswordHash       string
 	TotpEncrypted      *string
 	Email2faEnabled    *bool
 	PasswordChangeDate pgtype.Timestamp
@@ -892,7 +886,7 @@ func (q *Queries) UpdateLoginInformationByUsername(ctx context.Context, arg Upda
 	_, err := q.db.Exec(ctx, updateLoginInformationByUsername,
 		arg.Username,
 		arg.Email,
-		arg.Password,
+		arg.PasswordHash,
 		arg.TotpEncrypted,
 		arg.Email2faEnabled,
 		arg.PasswordChangeDate,