# Account Manager API Documentation

## Overview
The `AccountManager` class provides functionality for managing user accounts, including:
- Account creation and authentication
- Password management (hashing, verification, reset)
- Account search and retrieval
- Tenant association management

## Class Methods

### `hash_password(password, salt=None)`
Generates a hashed password and salt for secure storage.

**Parameters:**
- `password` (str): Plain text password to hash
- `salt` (bytes, optional): Optional salt value. If None, generates new salt.

**Returns:**
- Tuple of (base64_password_hashed, base64_salt)

**Example:**
```python
hashed_pw, salt = AccountManager.hash_password("mysecurepassword")
```

### `create_account(username, email, password)`
Creates a new user account.

**Parameters:**
- `username` (str): Unique username
- `email` (str): User email address
- `password` (str): Plain text password

**Returns:**
- Dictionary with created account details:
  ```python
  {
      "id": UUID,
      "username": str,
      "email": str,
      "created_at": datetime
  }
  ```

### `get_user_by_username(username)`
Retrieves user information by username.

**Parameters:**
- `username` (str): Username to search for

**Returns:**
- User dictionary or None if not found

### `search_accounts(search=None, page=1, page_size=10)`
Searches accounts with pagination.

**Parameters:**
- `search` (str): Optional search term
- `page` (int): Page number (1-based)
- `page_size` (int): Items per page

**Returns:**
```python
{
    "data": [user_dicts],
    "total": int
}
```

### `verify_password(plain_password, hashed_password, salt)`
Verifies a password against stored hash.

**Parameters:**
- `plain_password` (str): Password to verify
- `hashed_password` (str): Stored password hash
- `salt` (str): Password salt

**Returns:**
- bool: True if password matches

### Password Management
- `update_password(username, email, new_password)`
- `reset_password(account_id)`

### Tenant Association
- `associate_with_tenant(account_id, tenant_id, role, invited_by, current)`
- `get_tenant_accounts(tenant_id)`
- `get_account_tenants(account_id)`

## Error Handling
All methods raise exceptions on failure and log errors using the module logger.

## Security Notes
- Uses PBKDF2 with SHA-256 for password hashing
- Generates random salts for each password
- All sensitive operations are logged