diff --git a/.env.example b/.env.example
index 5a32404..de6af12 100644
--- a/.env.example
+++ b/.env.example
@@ -14,3 +14,6 @@ MONGO_DB=fantasyrealm_logs
 # pgAdmin Configuration
 PGADMIN_EMAIL=contact@fantasy-realm.com
 PGADMIN_PASSWORD=__PGADMIN_PASSWORD__
+
+# Frontend URL (used for email links)
+FRONTEND_URL=https://fantasy-realm.com
diff --git a/infra/docker-compose.yml b/infra/docker-compose.yml
index 78d88a3..fc22cbd 100644
--- a/infra/docker-compose.yml
+++ b/infra/docker-compose.yml
@@ -63,6 +63,7 @@ services:
       ConnectionStrings__PostgreSQL: "Host=postgres;Port=5432;Database=${POSTGRES_DB:-fantasyrealm};Username=${POSTGRES_USER:-fantasyrealm};Password=${POSTGRES_PASSWORD}"
       ConnectionStrings__MongoDB: "mongodb://${MONGO_USER:-fantasyrealm}:${MONGO_PASSWORD}@mongodb:27017/${MONGO_DB:-fantasyrealm_logs}?authSource=admin"
       Email__Password: ${EMAIL_PASSWORD}
+      Email__BaseUrl: ${FRONTEND_URL:-http://localhost:5173}
     depends_on:
       postgres:
         condition: service_healthy
diff --git a/src/backend/src/FantasyRealm.Api/Controllers/AuthController.cs b/src/backend/src/FantasyRealm.Api/Controllers/AuthController.cs
index d9c5b66..f1ac787 100644
--- a/src/backend/src/FantasyRealm.Api/Controllers/AuthController.cs
+++ b/src/backend/src/FantasyRealm.Api/Controllers/AuthController.cs
@@ -1,5 +1,7 @@
+using System.IdentityModel.Tokens.Jwt;
 using FantasyRealm.Application.DTOs;
 using FantasyRealm.Application.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace FantasyRealm.Api.Controllers
@@ -9,15 +11,8 @@ namespace FantasyRealm.Api.Controllers
     /// </summary>
     [ApiController]
     [Route("api/[controller]")]
-    public sealed class AuthController : ControllerBase
+    public sealed class AuthController(IAuthService authService) : ControllerBase
     {
-        private readonly IAuthService _authService;
-
-        public AuthController(IAuthService authService)
-        {
-            _authService = authService;
-        }
-
         /// <summary>
         /// Registers a new user account.
         /// </summary>
@@ -33,7 +28,7 @@ public AuthController(IAuthService authService)
         [ProducesResponseType(StatusCodes.Status409Conflict)]
         public async Task<IActionResult> Register([FromBody] RegisterRequest request, CancellationToken cancellationToken)
         {
-            var result = await _authService.RegisterAsync(request, cancellationToken);
+            var result = await authService.RegisterAsync(request, cancellationToken);
 
             if (result.IsFailure)
             {
@@ -58,7 +53,7 @@ public async Task<IActionResult> Register([FromBody] RegisterRequest request, Ca
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public async Task<IActionResult> Login([FromBody] LoginRequest request, CancellationToken cancellationToken)
         {
-            var result = await _authService.LoginAsync(request, cancellationToken);
+            var result = await authService.LoginAsync(request, cancellationToken);
 
             if (result.IsFailure)
             {
@@ -85,7 +80,7 @@ public async Task<IActionResult> Login([FromBody] LoginRequest request, Cancella
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<IActionResult> ForgotPassword([FromBody] ForgotPasswordRequest request, CancellationToken cancellationToken)
         {
-            var result = await _authService.ForgotPasswordAsync(request, cancellationToken);
+            var result = await authService.ForgotPasswordAsync(request, cancellationToken);
 
             if (result.IsFailure)
             {
@@ -94,5 +89,40 @@ public async Task<IActionResult> ForgotPassword([FromBody] ForgotPasswordRequest
 
             return Ok(new { message = "Un nouveau mot de passe a été envoyé à votre adresse email." });
         }
+
+        /// <summary>
+        /// Changes the password for the authenticated user.
+        /// </summary>
+        /// <param name="request">The current and new password details.</param>
+        /// <param name="cancellationToken">Cancellation token.</param>
+        /// <returns>A new JWT token upon successful password change.</returns>
+        /// <response code="200">Password changed successfully.</response>
+        /// <response code="400">Invalid request data or password validation failed.</response>
+        /// <response code="401">Not authenticated or current password is incorrect.</response>
+        /// <response code="403">Account suspended.</response>
+        [HttpPost("change-password")]
+        [Authorize]
+        [ProducesResponseType(typeof(ChangePasswordResponse), StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status400BadRequest)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        [ProducesResponseType(StatusCodes.Status403Forbidden)]
+        public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordRequest request, CancellationToken cancellationToken)
+        {
+            var userIdClaim = User.FindFirst(JwtRegisteredClaimNames.Sub)?.Value;
+
+            if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId))
+            {
+                return Unauthorized(new { message = "Token invalide." });
+            }
+
+            var result = await authService.ChangePasswordAsync(userId, request, cancellationToken);
+
+            if (result.IsFailure)
+            {
+                return StatusCode(result.ErrorCode ?? 400, new { message = result.Error });
+            }
+
+            return Ok(result.Value);
+        }
     }
 }
diff --git a/src/backend/src/FantasyRealm.Api/Program.cs b/src/backend/src/FantasyRealm.Api/Program.cs
index 108fdbd..ff66c59 100644
--- a/src/backend/src/FantasyRealm.Api/Program.cs
+++ b/src/backend/src/FantasyRealm.Api/Program.cs
@@ -44,6 +44,7 @@ private static void Main(string[] args)
             })
             .AddJwtBearer(options =>
             {
+                options.MapInboundClaims = false;
                 options.TokenValidationParameters = new TokenValidationParameters
                 {
                     ValidateIssuer = true,
diff --git a/src/backend/src/FantasyRealm.Api/appsettings.json b/src/backend/src/FantasyRealm.Api/appsettings.json
index 8318bb8..c365572 100644
--- a/src/backend/src/FantasyRealm.Api/appsettings.json
+++ b/src/backend/src/FantasyRealm.Api/appsettings.json
@@ -20,7 +20,8 @@
     "Username": "noreply@fantasy-realm.com",
     "Password": "",
     "FromAddress": "noreply@fantasy-realm.com",
-    "FromName": "FantasyRealm"
+    "FromName": "FantasyRealm",
+    "BaseUrl": "http://localhost:5173"
   },
   "Jwt": {
     "Secret": "CHANGE_ME_IN_PRODUCTION_THIS_IS_A_DEV_SECRET_KEY_MIN_32_CHARS",
diff --git a/src/backend/src/FantasyRealm.Application/DTOs/ChangePasswordRequest.cs b/src/backend/src/FantasyRealm.Application/DTOs/ChangePasswordRequest.cs
new file mode 100644
index 0000000..c093096
--- /dev/null
+++ b/src/backend/src/FantasyRealm.Application/DTOs/ChangePasswordRequest.cs
@@ -0,0 +1,18 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace FantasyRealm.Application.DTOs
+{
+    /// <summary>
+    /// Request payload for changing user password.
+    /// </summary>
+    public sealed record ChangePasswordRequest(
+        [Required(ErrorMessage = "Le mot de passe actuel est requis.")]
+        string CurrentPassword,
+
+        [Required(ErrorMessage = "Le nouveau mot de passe est requis.")]
+        string NewPassword,
+
+        [Required(ErrorMessage = "La confirmation du mot de passe est requise.")]
+        string ConfirmNewPassword
+    );
+}
diff --git a/src/backend/src/FantasyRealm.Application/DTOs/ChangePasswordResponse.cs b/src/backend/src/FantasyRealm.Application/DTOs/ChangePasswordResponse.cs
new file mode 100644
index 0000000..4e7f0b3
--- /dev/null
+++ b/src/backend/src/FantasyRealm.Application/DTOs/ChangePasswordResponse.cs
@@ -0,0 +1,11 @@
+namespace FantasyRealm.Application.DTOs
+{
+    /// <summary>
+    /// Response payload for successful password change.
+    /// </summary>
+    public sealed record ChangePasswordResponse(
+        string Token,
+        DateTime ExpiresAt,
+        UserInfo User
+    );
+}
diff --git a/src/backend/src/FantasyRealm.Application/Interfaces/IAuthService.cs b/src/backend/src/FantasyRealm.Application/Interfaces/IAuthService.cs
index 1dd20c1..abb94b3 100644
--- a/src/backend/src/FantasyRealm.Application/Interfaces/IAuthService.cs
+++ b/src/backend/src/FantasyRealm.Application/Interfaces/IAuthService.cs
@@ -31,5 +31,14 @@ public interface IAuthService
         /// <param name="cancellationToken">Cancellation token.</param>
         /// <returns>A result indicating success or an error.</returns>
         Task<Result<Unit>> ForgotPasswordAsync(ForgotPasswordRequest request, CancellationToken cancellationToken = default);
+
+        /// <summary>
+        /// Changes the password for an authenticated user.
+        /// </summary>
+        /// <param name="userId">The ID of the authenticated user.</param>
+        /// <param name="request">The change password request containing current and new passwords.</param>
+        /// <param name="cancellationToken">Cancellation token.</param>
+        /// <returns>A result containing the new token or an error.</returns>
+        Task<Result<ChangePasswordResponse>> ChangePasswordAsync(int userId, ChangePasswordRequest request, CancellationToken cancellationToken = default);
     }
 }
diff --git a/src/backend/src/FantasyRealm.Application/Interfaces/IUserRepository.cs b/src/backend/src/FantasyRealm.Application/Interfaces/IUserRepository.cs
index 7ef2976..81ca503 100644
--- a/src/backend/src/FantasyRealm.Application/Interfaces/IUserRepository.cs
+++ b/src/backend/src/FantasyRealm.Application/Interfaces/IUserRepository.cs
@@ -36,6 +36,14 @@ public interface IUserRepository
         /// <returns>The user with their role, or null if not found.</returns>
         Task<User?> GetByEmailWithRoleAsync(string email, CancellationToken cancellationToken = default);
 
+        /// <summary>
+        /// Retrieves a user by ID, including their role.
+        /// </summary>
+        /// <param name="id">The user ID.</param>
+        /// <param name="cancellationToken">Cancellation token.</param>
+        /// <returns>The user with their role, or null if not found.</returns>
+        Task<User?> GetByIdWithRoleAsync(int id, CancellationToken cancellationToken = default);
+
         /// <summary>
         /// Retrieves a user by email and pseudo combination, including their role.
         /// Used for password reset verification.
diff --git a/src/backend/src/FantasyRealm.Application/Services/AuthService.cs b/src/backend/src/FantasyRealm.Application/Services/AuthService.cs
index 0c8cd42..e83881a 100644
--- a/src/backend/src/FantasyRealm.Application/Services/AuthService.cs
+++ b/src/backend/src/FantasyRealm.Application/Services/AuthService.cs
@@ -10,36 +10,19 @@ namespace FantasyRealm.Application.Services
     /// <summary>
     /// Service implementation for authentication operations.
     /// </summary>
-    public sealed class AuthService : IAuthService
+    public sealed class AuthService(
+        IUserRepository userRepository,
+        IPasswordHasher passwordHasher,
+        IPasswordGenerator passwordGenerator,
+        IEmailService emailService,
+        IJwtService jwtService,
+        ILogger<AuthService> logger) : IAuthService
     {
         private const string DefaultRole = "User";
         private const string InvalidCredentialsMessage = "Identifiants incorrects.";
         private const string AccountSuspendedMessage = "Votre compte a été suspendu.";
         private const string UserNotFoundMessage = "Aucun compte ne correspond à ces informations.";
 
-        private readonly IUserRepository _userRepository;
-        private readonly IPasswordHasher _passwordHasher;
-        private readonly IPasswordGenerator _passwordGenerator;
-        private readonly IEmailService _emailService;
-        private readonly IJwtService _jwtService;
-        private readonly ILogger<AuthService> _logger;
-
-        public AuthService(
-            IUserRepository userRepository,
-            IPasswordHasher passwordHasher,
-            IPasswordGenerator passwordGenerator,
-            IEmailService emailService,
-            IJwtService jwtService,
-            ILogger<AuthService> logger)
-        {
-            _userRepository = userRepository;
-            _passwordHasher = passwordHasher;
-            _passwordGenerator = passwordGenerator;
-            _emailService = emailService;
-            _jwtService = jwtService;
-            _logger = logger;
-        }
-
         /// <inheritdoc />
         public async Task<Result<RegisterResponse>> RegisterAsync(RegisterRequest request, CancellationToken cancellationToken = default)
         {
@@ -55,19 +38,19 @@ public async Task<Result<RegisterResponse>> RegisterAsync(RegisterRequest reques
                 return Result<RegisterResponse>.Failure(errorMessage, 400);
             }
 
-            var emailExists = await _userRepository.ExistsByEmailAsync(request.Email, cancellationToken);
+            var emailExists = await userRepository.ExistsByEmailAsync(request.Email, cancellationToken);
             if (emailExists)
             {
                 return Result<RegisterResponse>.Failure("Cette adresse email est déjà utilisée.", 409);
             }
 
-            var pseudoExists = await _userRepository.ExistsByPseudoAsync(request.Pseudo, cancellationToken);
+            var pseudoExists = await userRepository.ExistsByPseudoAsync(request.Pseudo, cancellationToken);
             if (pseudoExists)
             {
                 return Result<RegisterResponse>.Failure("Ce pseudo est déjà utilisé.", 409);
             }
 
-            var role = await _userRepository.GetRoleByLabelAsync(DefaultRole, cancellationToken);
+            var role = await userRepository.GetRoleByLabelAsync(DefaultRole, cancellationToken);
             if (role is null)
             {
                 return Result<RegisterResponse>.Failure("Configuration error: default role not found.", 500);
@@ -77,24 +60,24 @@ public async Task<Result<RegisterResponse>> RegisterAsync(RegisterRequest reques
             {
                 Email = request.Email.ToLowerInvariant().Trim(),
                 Pseudo = request.Pseudo.Trim(),
-                PasswordHash = _passwordHasher.Hash(request.Password),
+                PasswordHash = passwordHasher.Hash(request.Password),
                 RoleId = role.Id,
                 IsSuspended = false,
                 MustChangePassword = false
             };
 
-            var createdUser = await _userRepository.CreateAsync(user, cancellationToken);
+            var createdUser = await userRepository.CreateAsync(user, cancellationToken);
 
             _ = Task.Run(async () =>
             {
                 try
                 {
-                    await _emailService.SendWelcomeEmailAsync(createdUser.Email, createdUser.Pseudo, CancellationToken.None);
-                    _logger.LogInformation("Welcome email sent to {Email}", createdUser.Email);
+                    await emailService.SendWelcomeEmailAsync(createdUser.Email, createdUser.Pseudo, CancellationToken.None);
+                    logger.LogInformation("Welcome email sent to {Email}", createdUser.Email);
                 }
                 catch (Exception ex)
                 {
-                    _logger.LogWarning(ex, "Failed to send welcome email to {Email}", createdUser.Email);
+                    logger.LogWarning(ex, "Failed to send welcome email to {Email}", createdUser.Email);
                 }
             }, CancellationToken.None);
 
@@ -112,30 +95,30 @@ public async Task<Result<LoginResponse>> LoginAsync(LoginRequest request, Cancel
         {
             var normalizedEmail = request.Email.ToLowerInvariant().Trim();
 
-            var user = await _userRepository.GetByEmailWithRoleAsync(normalizedEmail, cancellationToken);
+            var user = await userRepository.GetByEmailWithRoleAsync(normalizedEmail, cancellationToken);
 
             if (user is null)
             {
-                _logger.LogWarning("Login failed: user not found for email {Email}", normalizedEmail);
+                logger.LogWarning("Login failed: user not found for email {Email}", normalizedEmail);
                 return Result<LoginResponse>.Failure(InvalidCredentialsMessage, 401);
             }
 
-            if (!_passwordHasher.Verify(request.Password, user.PasswordHash))
+            if (!passwordHasher.Verify(request.Password, user.PasswordHash))
             {
-                _logger.LogWarning("Login failed: invalid password for user {UserId}", user.Id);
+                logger.LogWarning("Login failed: invalid password for user {UserId}", user.Id);
                 return Result<LoginResponse>.Failure(InvalidCredentialsMessage, 401);
             }
 
             if (user.IsSuspended)
             {
-                _logger.LogWarning("Login failed: account suspended for user {UserId}", user.Id);
+                logger.LogWarning("Login failed: account suspended for user {UserId}", user.Id);
                 return Result<LoginResponse>.Failure(AccountSuspendedMessage, 403);
             }
 
-            var token = _jwtService.GenerateToken(user.Id, user.Email, user.Pseudo, user.Role.Label);
-            var expiresAt = _jwtService.GetExpirationDate();
+            var token = jwtService.GenerateToken(user.Id, user.Email, user.Pseudo, user.Role.Label);
+            var expiresAt = jwtService.GetExpirationDate();
 
-            _logger.LogInformation("Login successful for user {UserId} ({Email})", user.Id, user.Email);
+            logger.LogInformation("Login successful for user {UserId} ({Email})", user.Id, user.Email);
 
             var userInfo = new UserInfo(user.Id, user.Email, user.Pseudo, user.Role.Label);
 
@@ -153,42 +136,101 @@ public async Task<Result<Unit>> ForgotPasswordAsync(ForgotPasswordRequest reques
             var normalizedEmail = request.Email.ToLowerInvariant().Trim();
             var normalizedPseudo = request.Pseudo.Trim();
 
-            var user = await _userRepository.GetByEmailAndPseudoAsync(normalizedEmail, normalizedPseudo, cancellationToken);
+            var user = await userRepository.GetByEmailAndPseudoAsync(normalizedEmail, normalizedPseudo, cancellationToken);
 
             if (user is null)
             {
-                _logger.LogWarning("Password reset failed: no user found for email {Email} and pseudo {Pseudo}", normalizedEmail, normalizedPseudo);
+                logger.LogWarning("Password reset failed: no user found for email {Email} and pseudo {Pseudo}", normalizedEmail, normalizedPseudo);
                 return Result<Unit>.Failure(UserNotFoundMessage, 404);
             }
 
             if (user.IsSuspended)
             {
-                _logger.LogWarning("Password reset failed: account suspended for user {UserId}", user.Id);
+                logger.LogWarning("Password reset failed: account suspended for user {UserId}", user.Id);
                 return Result<Unit>.Failure(AccountSuspendedMessage, 403);
             }
 
-            var temporaryPassword = _passwordGenerator.GenerateSecurePassword();
-            user.PasswordHash = _passwordHasher.Hash(temporaryPassword);
+            var temporaryPassword = passwordGenerator.GenerateSecurePassword();
+            user.PasswordHash = passwordHasher.Hash(temporaryPassword);
             user.MustChangePassword = true;
 
-            await _userRepository.UpdateAsync(user, cancellationToken);
+            await userRepository.UpdateAsync(user, cancellationToken);
 
             _ = Task.Run(async () =>
             {
                 try
                 {
-                    await _emailService.SendTemporaryPasswordEmailAsync(user.Email, user.Pseudo, temporaryPassword, CancellationToken.None);
-                    _logger.LogInformation("Temporary password email sent to {Email}", user.Email);
+                    await emailService.SendTemporaryPasswordEmailAsync(user.Email, user.Pseudo, temporaryPassword, CancellationToken.None);
+                    logger.LogInformation("Temporary password email sent to {Email}", user.Email);
                 }
                 catch (Exception ex)
                 {
-                    _logger.LogError(ex, "Failed to send temporary password email to {Email}", user.Email);
+                    logger.LogError(ex, "Failed to send temporary password email to {Email}", user.Email);
                 }
             }, CancellationToken.None);
 
-            _logger.LogInformation("Password reset successful for user {UserId} ({Email})", user.Id, user.Email);
+            logger.LogInformation("Password reset successful for user {UserId} ({Email})", user.Id, user.Email);
 
             return Result<Unit>.Success(Unit.Value);
         }
+
+        /// <inheritdoc />
+        public async Task<Result<ChangePasswordResponse>> ChangePasswordAsync(int userId, ChangePasswordRequest request, CancellationToken cancellationToken = default)
+        {
+            var user = await userRepository.GetByIdWithRoleAsync(userId, cancellationToken);
+
+            if (user is null)
+            {
+                logger.LogWarning("Change password failed: user not found for ID {UserId}", userId);
+                return Result<ChangePasswordResponse>.Failure(InvalidCredentialsMessage, 401);
+            }
+
+            if (user.IsSuspended)
+            {
+                logger.LogWarning("Change password failed: account suspended for user {UserId}", userId);
+                return Result<ChangePasswordResponse>.Failure(AccountSuspendedMessage, 403);
+            }
+
+            if (!passwordHasher.Verify(request.CurrentPassword, user.PasswordHash))
+            {
+                logger.LogWarning("Change password failed: invalid current password for user {UserId}", userId);
+                return Result<ChangePasswordResponse>.Failure("Le mot de passe actuel est incorrect.", 401);
+            }
+
+            if (request.NewPassword != request.ConfirmNewPassword)
+            {
+                return Result<ChangePasswordResponse>.Failure("Les nouveaux mots de passe ne correspondent pas.", 400);
+            }
+
+            var passwordValidation = PasswordValidator.Validate(request.NewPassword);
+            if (!passwordValidation.IsValid)
+            {
+                var errorMessage = string.Join(" ", passwordValidation.Errors);
+                return Result<ChangePasswordResponse>.Failure(errorMessage, 400);
+            }
+
+            if (passwordHasher.Verify(request.NewPassword, user.PasswordHash))
+            {
+                return Result<ChangePasswordResponse>.Failure("Le nouveau mot de passe doit être différent de l'ancien.", 400);
+            }
+
+            user.PasswordHash = passwordHasher.Hash(request.NewPassword);
+            user.MustChangePassword = false;
+
+            await userRepository.UpdateAsync(user, cancellationToken);
+
+            var token = jwtService.GenerateToken(user.Id, user.Email, user.Pseudo, user.Role.Label);
+            var expiresAt = jwtService.GetExpirationDate();
+
+            logger.LogInformation("Password changed successfully for user {UserId} ({Email})", user.Id, user.Email);
+
+            var userInfo = new UserInfo(user.Id, user.Email, user.Pseudo, user.Role.Label);
+
+            return Result<ChangePasswordResponse>.Success(new ChangePasswordResponse(
+                token,
+                expiresAt,
+                userInfo
+            ));
+        }
     }
 }
diff --git a/src/backend/src/FantasyRealm.Domain/Interfaces/.gitkeep b/src/backend/src/FantasyRealm.Domain/Interfaces/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/src/backend/src/FantasyRealm.Infrastructure/Data/.gitkeep b/src/backend/src/FantasyRealm.Infrastructure/Data/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/src/backend/src/FantasyRealm.Infrastructure/Email/EmailSettings.cs b/src/backend/src/FantasyRealm.Infrastructure/Email/EmailSettings.cs
index 72dce71..3a84836 100644
--- a/src/backend/src/FantasyRealm.Infrastructure/Email/EmailSettings.cs
+++ b/src/backend/src/FantasyRealm.Infrastructure/Email/EmailSettings.cs
@@ -44,5 +44,10 @@ public class EmailSettings
         /// Gets or sets the sender display name.
         /// </summary>
         public string FromName { get; set; } = string.Empty;
+
+        /// <summary>
+        /// Gets or sets the base URL for links in email templates.
+        /// </summary>
+        public string BaseUrl { get; set; } = string.Empty;
     }
 }
diff --git a/src/backend/src/FantasyRealm.Infrastructure/Email/EmailTemplates.cs b/src/backend/src/FantasyRealm.Infrastructure/Email/EmailTemplates.cs
index 66aae67..dd5b275 100644
--- a/src/backend/src/FantasyRealm.Infrastructure/Email/EmailTemplates.cs
+++ b/src/backend/src/FantasyRealm.Infrastructure/Email/EmailTemplates.cs
@@ -8,9 +8,6 @@ namespace FantasyRealm.Infrastructure.Email
     /// </summary>
     public static class EmailTemplates
     {
-        private const string BaseUrl = "https://fantasy-realm.com";
-
-        // Dark fantasy color palette - aligned with official style guide v3.0
         private const string DarkBg = "#0D0D0F";      // --dark-900
         private const string CardBg = "#121110";      // --dark-800
         private const string CardBorder = "#18181B";  // --dark-700
@@ -24,8 +21,9 @@ public static class EmailTemplates
         /// Generates a welcome email template for new users.
         /// </summary>
         /// <param name="pseudo">The user's display name.</param>
+        /// <param name="baseUrl">The base URL for links in the email.</param>
         /// <returns>The HTML email body.</returns>
-        public static string GetWelcomeTemplate(string pseudo)
+        public static string GetWelcomeTemplate(string pseudo, string baseUrl)
         {
             return WrapInLayout(
                 "Bienvenue dans FantasyRealm !",
@@ -74,7 +72,7 @@ Partager vos créations avec la communauté
                 </div>
 
                 <div style=""text-align: center; margin: 30px 0;"">
-                    {GetPrimaryButton("Créer mon premier personnage", $"{BaseUrl}/characters/create", "🛡️")}
+                    {GetPrimaryButton("Créer mon premier personnage", $"{baseUrl}/characters/create", "🛡️")}
                 </div>
 
                 <p style=""color: {TextMuted}; text-align: center; font-size: 14px; margin-top: 25px;"">
@@ -88,10 +86,11 @@ Partager vos créations avec la communauté
         /// </summary>
         /// <param name="pseudo">The user's display name.</param>
         /// <param name="resetToken">The password reset token.</param>
+        /// <param name="baseUrl">The base URL for links in the email.</param>
         /// <returns>The HTML email body.</returns>
-        public static string GetPasswordResetTemplate(string pseudo, string resetToken)
+        public static string GetPasswordResetTemplate(string pseudo, string resetToken, string baseUrl)
         {
-            var resetUrl = $"{BaseUrl}/reset-password?token={Uri.EscapeDataString(resetToken)}";
+            var resetUrl = $"{baseUrl}/reset-password?token={Uri.EscapeDataString(resetToken)}";
             return WrapInLayout(
                 "Réinitialisation de mot de passe",
                 $@"
@@ -130,8 +129,9 @@ Nous avons reçu une demande de réinitialisation de votre mot de passe.
         /// </summary>
         /// <param name="pseudo">The user's display name.</param>
         /// <param name="temporaryPassword">The generated temporary password.</param>
+        /// <param name="baseUrl">The base URL for links in the email.</param>
         /// <returns>The HTML email body.</returns>
-        public static string GetTemporaryPasswordTemplate(string pseudo, string temporaryPassword)
+        public static string GetTemporaryPasswordTemplate(string pseudo, string temporaryPassword, string baseUrl)
         {
             return WrapInLayout(
                 "Nouveau mot de passe temporaire",
@@ -172,7 +172,7 @@ Ce mot de passe est temporaire et ne devrait pas être réutilisé.
                 </div>
 
                 <div style=""text-align: center; margin: 30px 0;"">
-                    {GetPrimaryButton("Se connecter", $"{BaseUrl}/login", "🔑")}
+                    {GetPrimaryButton("Se connecter", $"{baseUrl}/login", "🔑")}
                 </div>
 
                 <div style=""background: rgba(212, 175, 55, 0.1); border: 1px solid {GoldDark}; border-radius: 8px; padding: 15px; margin-top: 25px;"">
@@ -188,8 +188,9 @@ Ce mot de passe est temporaire et ne devrait pas être réutilisé.
         /// </summary>
         /// <param name="pseudo">The user's display name.</param>
         /// <param name="characterName">The approved character's name.</param>
+        /// <param name="baseUrl">The base URL for links in the email.</param>
         /// <returns>The HTML email body.</returns>
-        public static string GetCharacterApprovedTemplate(string pseudo, string characterName)
+        public static string GetCharacterApprovedTemplate(string pseudo, string characterName, string baseUrl)
         {
             return WrapInLayout(
                 "Personnage approuvé !",
@@ -218,7 +219,7 @@ et approuvé par notre équipe de modération.
                 </div>
 
                 <div style=""text-align: center; margin: 30px 0;"">
-                    {GetPrimaryButton("Voir mes personnages", $"{BaseUrl}/characters", "👥")}
+                    {GetPrimaryButton("Voir mes personnages", $"{baseUrl}/characters", "👥")}
                 </div>
             ");
         }
@@ -229,8 +230,9 @@ et approuvé par notre équipe de modération.
         /// <param name="pseudo">The user's display name.</param>
         /// <param name="characterName">The rejected character's name.</param>
         /// <param name="reason">The rejection reason.</param>
+        /// <param name="baseUrl">The base URL for links in the email.</param>
         /// <returns>The HTML email body.</returns>
-        public static string GetCharacterRejectedTemplate(string pseudo, string characterName, string reason)
+        public static string GetCharacterRejectedTemplate(string pseudo, string characterName, string reason, string baseUrl)
         {
             return WrapInLayout(
                 "Personnage non approuvé",
@@ -266,7 +268,7 @@ Vous pouvez modifier votre personnage et le soumettre à nouveau pour examen.
                 </p>
 
                 <div style=""text-align: center; margin: 30px 0;"">
-                    {GetPrimaryButton("Modifier mon personnage", $"{BaseUrl}/characters", "✏️")}
+                    {GetPrimaryButton("Modifier mon personnage", $"{baseUrl}/characters", "✏️")}
                 </div>
             ");
         }
@@ -276,8 +278,9 @@ Vous pouvez modifier votre personnage et le soumettre à nouveau pour examen.
         /// </summary>
         /// <param name="pseudo">The user's display name.</param>
         /// <param name="characterName">The character's name that was commented on.</param>
+        /// <param name="baseUrl">The base URL for links in the email.</param>
         /// <returns>The HTML email body.</returns>
-        public static string GetCommentApprovedTemplate(string pseudo, string characterName)
+        public static string GetCommentApprovedTemplate(string pseudo, string characterName, string baseUrl)
         {
             return WrapInLayout(
                 "Commentaire publié !",
@@ -304,7 +307,7 @@ Commentaire publié !
                 </p>
 
                 <div style=""text-align: center; margin: 30px 0;"">
-                    {GetPrimaryButton("Explorer la galerie", $"{BaseUrl}/gallery", "🖼️")}
+                    {GetPrimaryButton("Explorer la galerie", $"{baseUrl}/gallery", "🖼️")}
                 </div>
             ");
         }
@@ -425,94 +428,94 @@ private static string GetPrimaryButton(string text, string url, string icon = ""
         private static string WrapInLayout(string title, string content)
         {
             return $@"
-<!DOCTYPE html>
-<html lang=""fr"">
-<head>
-    <meta charset=""UTF-8"">
-    <meta name=""viewport"" content=""width=device-width, initial-scale=1.0"">
-    <title>{Encode(title)} - FantasyRealm</title>
-    <!--[if mso]>
-    <noscript>
-        <xml>
-            <o:OfficeDocumentSettings>
-                <o:PixelsPerInch>96</o:PixelsPerInch>
-            </o:OfficeDocumentSettings>
-        </xml>
-    </noscript>
-    <![endif]-->
-</head>
-<body style=""margin: 0; padding: 0; background-color: {DarkBg}; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;"">
-
-    <!-- Wrapper table for full-width background -->
-    <table role=""presentation"" cellpadding=""0"" cellspacing=""0"" width=""100%"" style=""background-color: {DarkBg};"">
-        <tr>
-            <td align=""center"" style=""padding: 40px 20px;"">
-
-                <!-- Main container -->
-                <table role=""presentation"" cellpadding=""0"" cellspacing=""0"" width=""600"" style=""max-width: 600px; width: 100%;"">
-
-                    <!-- Header -->
-                    <tr>
-                        <td style=""padding-bottom: 30px;"">
-                            <table role=""presentation"" cellpadding=""0"" cellspacing=""0"" width=""100%"">
-                                <tr>
-                                    <td align=""center"" style=""padding: 25px 30px; background: linear-gradient(135deg, {CardBg} 0%, #16162A 100%); border: 1px solid {CardBorder}; border-radius: 16px 16px 0 0; border-bottom: 3px solid {GoldPrimary};"">
-                                        <table role=""presentation"" cellpadding=""0"" cellspacing=""0"">
-                                            <tr>
-                                                <td style=""font-size: 32px; padding-right: 12px;"">🏰</td>
-                                                <td>
-                                                    <span style=""font-size: 28px; font-weight: 800; color: {GoldPrimary}; letter-spacing: 1px;"">
-                                                        FANTASYREALM
-                                                    </span>
-                                                    <br>
-                                                    <span style=""font-size: 11px; color: {TextMuted}; letter-spacing: 3px; text-transform: uppercase;"">
-                                                        Character Manager
-                                                    </span>
-                                                </td>
-                                            </tr>
-                                        </table>
-                                    </td>
-                                </tr>
-                            </table>
-                        </td>
-                    </tr>
-
-                    <!-- Content -->
-                    <tr>
-                        <td style=""background: linear-gradient(180deg, {CardBg} 0%, #12121F 100%); border: 1px solid {CardBorder}; border-radius: 0 0 16px 16px; padding: 40px 35px;"">
-                            {content}
-                        </td>
-                    </tr>
-
-                    <!-- Footer -->
-                    <tr>
-                        <td style=""padding-top: 30px;"">
-                            <table role=""presentation"" cellpadding=""0"" cellspacing=""0"" width=""100%"">
-                                <tr>
-                                    <td align=""center"">
-                                        <!-- Decorative divider -->
-                                        <div style=""width: 60px; height: 2px; background: linear-gradient(90deg, transparent 0%, {GoldPrimary} 50%, transparent 100%); margin: 0 auto 20px auto;""></div>
-
-                                        <p style=""color: {TextMuted}; font-size: 12px; margin: 0 0 8px 0;"">
-                                            © {DateTime.UtcNow.Year} FantasyRealm par PixelVerse Studios
-                                        </p>
-                                        <p style=""color: #6B7280; font-size: 11px; margin: 0;"">
-                                            Ceci est un message automatique. Merci de ne pas répondre à cet email.
-                                        </p>
-                                    </td>
-                                </tr>
-                            </table>
-                        </td>
-                    </tr>
-
-                </table>
-
-            </td>
-        </tr>
-    </table>
-
-</body>
-</html>";
+                <!DOCTYPE html>
+                <html lang=""fr"">
+                <head>
+                    <meta charset=""UTF-8"">
+                    <meta name=""viewport"" content=""width=device-width, initial-scale=1.0"">
+                    <title>{Encode(title)} - FantasyRealm</title>
+                    <!--[if mso]>
+                    <noscript>
+                        <xml>
+                            <o:OfficeDocumentSettings>
+                                <o:PixelsPerInch>96</o:PixelsPerInch>
+                            </o:OfficeDocumentSettings>
+                        </xml>
+                    </noscript>
+                    <![endif]-->
+                </head>
+                <body style=""margin: 0; padding: 0; background-color: {DarkBg}; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;"">
+
+                    <!-- Wrapper table for full-width background -->
+                    <table role=""presentation"" cellpadding=""0"" cellspacing=""0"" width=""100%"" style=""background-color: {DarkBg};"">
+                        <tr>
+                            <td align=""center"" style=""padding: 40px 20px;"">
+
+                                <!-- Main container -->
+                                <table role=""presentation"" cellpadding=""0"" cellspacing=""0"" width=""600"" style=""max-width: 600px; width: 100%;"">
+
+                                    <!-- Header -->
+                                    <tr>
+                                        <td>
+                                            <table role=""presentation"" cellpadding=""0"" cellspacing=""0"" width=""100%"">
+                                                <tr>
+                                                    <td align=""center"" style=""padding: 25px 30px; background: linear-gradient(135deg, {CardBg} 0%, #16162A 100%); border: 1px solid {CardBorder}; border-radius: 16px 16px 0 0; border-bottom: 3px solid {GoldPrimary};"">
+                                                        <table role=""presentation"" cellpadding=""0"" cellspacing=""0"">
+                                                            <tr>
+                                                                <td style=""font-size: 32px; padding-right: 12px;"">🏰</td>
+                                                                <td>
+                                                                    <span style=""font-size: 28px; font-weight: 800; color: {GoldPrimary}; letter-spacing: 1px;"">
+                                                                        FANTASYREALM
+                                                                    </span>
+                                                                    <br>
+                                                                    <span style=""font-size: 11px; color: {TextMuted}; letter-spacing: 3px; text-transform: uppercase;"">
+                                                                        Character Manager
+                                                                    </span>
+                                                                </td>
+                                                            </tr>
+                                                        </table>
+                                                    </td>
+                                                </tr>
+                                            </table>
+                                        </td>
+                                    </tr>
+
+                                    <!-- Content -->
+                                    <tr>
+                                        <td style=""background: linear-gradient(180deg, {CardBg} 0%, #12121F 100%); border: 1px solid {CardBorder}; border-radius: 0 0 16px 16px; padding: 40px 35px;"">
+                                            {content}
+                                        </td>
+                                    </tr>
+
+                                    <!-- Footer -->
+                                    <tr>
+                                        <td style=""padding-top: 30px;"">
+                                            <table role=""presentation"" cellpadding=""0"" cellspacing=""0"" width=""100%"">
+                                                <tr>
+                                                    <td align=""center"">
+                                                        <!-- Decorative divider -->
+                                                        <div style=""width: 60px; height: 2px; background: linear-gradient(90deg, transparent 0%, {GoldPrimary} 50%, transparent 100%); margin: 0 auto 20px auto;""></div>
+
+                                                        <p style=""color: {TextMuted}; font-size: 12px; margin: 0 0 8px 0;"">
+                                                            © {DateTime.UtcNow.Year} FantasyRealm par PixelVerse Studios
+                                                        </p>
+                                                        <p style=""color: #6B7280; font-size: 11px; margin: 0;"">
+                                                            Ceci est un message automatique. Merci de ne pas répondre à cet email.
+                                                        </p>
+                                                    </td>
+                                                </tr>
+                                            </table>
+                                        </td>
+                                    </tr>
+
+                                </table>
+
+                            </td>
+                        </tr>
+                    </table>
+
+                </body>
+                </html>";
         }
     }
 }
diff --git a/src/backend/src/FantasyRealm.Infrastructure/Email/SmtpEmailService.cs b/src/backend/src/FantasyRealm.Infrastructure/Email/SmtpEmailService.cs
index 07928be..f92aeb5 100644
--- a/src/backend/src/FantasyRealm.Infrastructure/Email/SmtpEmailService.cs
+++ b/src/backend/src/FantasyRealm.Infrastructure/Email/SmtpEmailService.cs
@@ -1,5 +1,4 @@
 using FantasyRealm.Application.Interfaces;
-using MailKit.Net.Smtp;
 using MailKit.Security;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
@@ -10,33 +9,24 @@ namespace FantasyRealm.Infrastructure.Email
     /// <summary>
     /// SMTP-based implementation of the email service using MailKit.
     /// </summary>
-    public class SmtpEmailService : IEmailService
+    /// <remarks>
+    /// Initializes a new instance of the <see cref="SmtpEmailService"/> class.
+    /// </remarks>
+    /// <param name="settings">The email configuration settings.</param>
+    /// <param name="smtpClientFactory">The factory for creating SMTP clients.</param>
+    /// <param name="logger">The logger instance.</param>
+    public class SmtpEmailService(
+        IOptions<EmailSettings> settings,
+        ISmtpClientFactory smtpClientFactory,
+        ILogger<SmtpEmailService> logger) : IEmailService
     {
-        private readonly EmailSettings _settings;
-        private readonly ISmtpClientFactory _smtpClientFactory;
-        private readonly ILogger<SmtpEmailService> _logger;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="SmtpEmailService"/> class.
-        /// </summary>
-        /// <param name="settings">The email configuration settings.</param>
-        /// <param name="smtpClientFactory">The factory for creating SMTP clients.</param>
-        /// <param name="logger">The logger instance.</param>
-        public SmtpEmailService(
-            IOptions<EmailSettings> settings,
-            ISmtpClientFactory smtpClientFactory,
-            ILogger<SmtpEmailService> logger)
-        {
-            _settings = settings.Value;
-            _smtpClientFactory = smtpClientFactory;
-            _logger = logger;
-        }
+        private readonly EmailSettings _settings = settings.Value;
 
         /// <inheritdoc />
         public async Task SendWelcomeEmailAsync(string toEmail, string pseudo, CancellationToken cancellationToken = default)
         {
             var subject = "Welcome to FantasyRealm!";
-            var body = EmailTemplates.GetWelcomeTemplate(pseudo);
+            var body = EmailTemplates.GetWelcomeTemplate(pseudo, _settings.BaseUrl);
             await SendEmailAsync(toEmail, subject, body, cancellationToken);
         }
 
@@ -44,7 +34,7 @@ public async Task SendWelcomeEmailAsync(string toEmail, string pseudo, Cancellat
         public async Task SendPasswordResetEmailAsync(string toEmail, string pseudo, string resetToken, CancellationToken cancellationToken = default)
         {
             var subject = "Reset your FantasyRealm password";
-            var body = EmailTemplates.GetPasswordResetTemplate(pseudo, resetToken);
+            var body = EmailTemplates.GetPasswordResetTemplate(pseudo, resetToken, _settings.BaseUrl);
             await SendEmailAsync(toEmail, subject, body, cancellationToken);
         }
 
@@ -52,7 +42,7 @@ public async Task SendPasswordResetEmailAsync(string toEmail, string pseudo, str
         public async Task SendTemporaryPasswordEmailAsync(string toEmail, string pseudo, string temporaryPassword, CancellationToken cancellationToken = default)
         {
             var subject = "Votre nouveau mot de passe FantasyRealm";
-            var body = EmailTemplates.GetTemporaryPasswordTemplate(pseudo, temporaryPassword);
+            var body = EmailTemplates.GetTemporaryPasswordTemplate(pseudo, temporaryPassword, _settings.BaseUrl);
             await SendEmailAsync(toEmail, subject, body, cancellationToken);
         }
 
@@ -60,7 +50,7 @@ public async Task SendTemporaryPasswordEmailAsync(string toEmail, string pseudo,
         public async Task SendCharacterApprovedEmailAsync(string toEmail, string pseudo, string characterName, CancellationToken cancellationToken = default)
         {
             var subject = $"Your character {characterName} has been approved!";
-            var body = EmailTemplates.GetCharacterApprovedTemplate(pseudo, characterName);
+            var body = EmailTemplates.GetCharacterApprovedTemplate(pseudo, characterName, _settings.BaseUrl);
             await SendEmailAsync(toEmail, subject, body, cancellationToken);
         }
 
@@ -68,7 +58,7 @@ public async Task SendCharacterApprovedEmailAsync(string toEmail, string pseudo,
         public async Task SendCharacterRejectedEmailAsync(string toEmail, string pseudo, string characterName, string reason, CancellationToken cancellationToken = default)
         {
             var subject = $"Your character {characterName} was not approved";
-            var body = EmailTemplates.GetCharacterRejectedTemplate(pseudo, characterName, reason);
+            var body = EmailTemplates.GetCharacterRejectedTemplate(pseudo, characterName, reason, _settings.BaseUrl);
             await SendEmailAsync(toEmail, subject, body, cancellationToken);
         }
 
@@ -76,7 +66,7 @@ public async Task SendCharacterRejectedEmailAsync(string toEmail, string pseudo,
         public async Task SendCommentApprovedEmailAsync(string toEmail, string pseudo, string characterName, CancellationToken cancellationToken = default)
         {
             var subject = "Your comment has been approved!";
-            var body = EmailTemplates.GetCommentApprovedTemplate(pseudo, characterName);
+            var body = EmailTemplates.GetCommentApprovedTemplate(pseudo, characterName, _settings.BaseUrl);
             await SendEmailAsync(toEmail, subject, body, cancellationToken);
         }
 
@@ -111,7 +101,7 @@ private async Task SendEmailAsync(string toEmail, string subject, string htmlBod
 
             try
             {
-                using var client = _smtpClientFactory.Create();
+                using var client = smtpClientFactory.Create();
 
                 var secureSocketOptions = _settings.UseSsl
                     ? SecureSocketOptions.StartTls
@@ -122,11 +112,11 @@ private async Task SendEmailAsync(string toEmail, string subject, string htmlBod
                 await client.SendAsync(message, cancellationToken);
                 await client.DisconnectAsync(true, cancellationToken);
 
-                _logger.LogInformation("Email sent successfully to {Email} with subject '{Subject}'", toEmail, subject);
+                logger.LogInformation("Email sent successfully to {Email} with subject '{Subject}'", toEmail, subject);
             }
             catch (Exception ex)
             {
-                _logger.LogError(ex, "Failed to send email to {Email} with subject '{Subject}'", toEmail, subject);
+                logger.LogError(ex, "Failed to send email to {Email} with subject '{Subject}'", toEmail, subject);
                 throw;
             }
         }
diff --git a/src/backend/src/FantasyRealm.Infrastructure/Repositories/UserRepository.cs b/src/backend/src/FantasyRealm.Infrastructure/Repositories/UserRepository.cs
index 8834183..d90b85a 100644
--- a/src/backend/src/FantasyRealm.Infrastructure/Repositories/UserRepository.cs
+++ b/src/backend/src/FantasyRealm.Infrastructure/Repositories/UserRepository.cs
@@ -8,20 +8,13 @@ namespace FantasyRealm.Infrastructure.Repositories
     /// <summary>
     /// Repository implementation for User entity data access operations.
     /// </summary>
-    public sealed class UserRepository : IUserRepository
+    public sealed class UserRepository(FantasyRealmDbContext context) : IUserRepository
     {
-        private readonly FantasyRealmDbContext _context;
-
-        public UserRepository(FantasyRealmDbContext context)
-        {
-            _context = context;
-        }
-
         /// <inheritdoc />
         public async Task<bool> ExistsByEmailAsync(string email, CancellationToken cancellationToken = default)
         {
             var normalizedEmail = email.ToLowerInvariant().Trim();
-            return await _context.Users
+            return await context.Users
                 .AnyAsync(u => u.Email == normalizedEmail, cancellationToken);
         }
 
@@ -29,22 +22,22 @@ public async Task<bool> ExistsByEmailAsync(string email, CancellationToken cance
         public async Task<bool> ExistsByPseudoAsync(string pseudo, CancellationToken cancellationToken = default)
         {
             var normalizedPseudo = pseudo.Trim();
-            return await _context.Users
+            return await context.Users
                 .AnyAsync(u => u.Pseudo == normalizedPseudo, cancellationToken);
         }
 
         /// <inheritdoc />
         public async Task<User> CreateAsync(User user, CancellationToken cancellationToken = default)
         {
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync(cancellationToken);
+            context.Users.Add(user);
+            await context.SaveChangesAsync(cancellationToken);
             return user;
         }
 
         /// <inheritdoc />
         public async Task<Role?> GetRoleByLabelAsync(string label, CancellationToken cancellationToken = default)
         {
-            return await _context.Roles
+            return await context.Roles
                 .FirstOrDefaultAsync(r => r.Label == label, cancellationToken);
         }
 
@@ -52,17 +45,25 @@ public async Task<User> CreateAsync(User user, CancellationToken cancellationTok
         public async Task<User?> GetByEmailWithRoleAsync(string email, CancellationToken cancellationToken = default)
         {
             var normalizedEmail = email.ToLowerInvariant().Trim();
-            return await _context.Users
+            return await context.Users
                 .Include(u => u.Role)
                 .FirstOrDefaultAsync(u => u.Email == normalizedEmail, cancellationToken);
         }
 
+        /// <inheritdoc />
+        public async Task<User?> GetByIdWithRoleAsync(int id, CancellationToken cancellationToken = default)
+        {
+            return await context.Users
+                .Include(u => u.Role)
+                .FirstOrDefaultAsync(u => u.Id == id, cancellationToken);
+        }
+
         /// <inheritdoc />
         public async Task<User?> GetByEmailAndPseudoAsync(string email, string pseudo, CancellationToken cancellationToken = default)
         {
             var normalizedEmail = email.ToLowerInvariant().Trim();
             var normalizedPseudo = pseudo.Trim();
-            return await _context.Users
+            return await context.Users
                 .Include(u => u.Role)
                 .FirstOrDefaultAsync(u => u.Email == normalizedEmail && u.Pseudo == normalizedPseudo, cancellationToken);
         }
@@ -71,8 +72,8 @@ public async Task<User> CreateAsync(User user, CancellationToken cancellationTok
         public async Task<User> UpdateAsync(User user, CancellationToken cancellationToken = default)
         {
             user.UpdatedAt = DateTime.UtcNow;
-            _context.Users.Update(user);
-            await _context.SaveChangesAsync(cancellationToken);
+            context.Users.Update(user);
+            await context.SaveChangesAsync(cancellationToken);
             return user;
         }
     }
diff --git a/src/backend/tests/FantasyRealm.Tests.Integration/Controllers/AuthControllerIntegrationTests.cs b/src/backend/tests/FantasyRealm.Tests.Integration/Controllers/AuthControllerIntegrationTests.cs
index b2c2083..cd75ccb 100644
--- a/src/backend/tests/FantasyRealm.Tests.Integration/Controllers/AuthControllerIntegrationTests.cs
+++ b/src/backend/tests/FantasyRealm.Tests.Integration/Controllers/AuthControllerIntegrationTests.cs
@@ -408,6 +408,383 @@ public async Task Login_WithEmptyFields_ReturnsBadRequest(string email, string p
 
         #endregion
 
+        #region ChangePassword Tests
+
+        [Fact]
+        public async Task ChangePassword_WithValidData_ReturnsOkAndNewToken()
+        {
+            // Arrange - Register and login
+            var email = $"changepwd_{Guid.NewGuid():N}@example.com";
+            var oldPassword = "MySecure@Pass123";
+            var newPassword = "NewSecure@Pass456";
+            var pseudo = $"ChgPwd{Guid.NewGuid():N}"[..20];
+
+            await _client.PostAsJsonAsync("/api/auth/register", new
+            {
+                Email = email,
+                Pseudo = pseudo,
+                Password = oldPassword,
+                ConfirmPassword = oldPassword
+            });
+
+            var loginResponse = await _client.PostAsJsonAsync("/api/auth/login", new { Email = email, Password = oldPassword });
+            var loginResult = await loginResponse.Content.ReadFromJsonAsync<LoginResponse>();
+
+            var request = new
+            {
+                CurrentPassword = oldPassword,
+                NewPassword = newPassword,
+                ConfirmNewPassword = newPassword
+            };
+
+            using var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/change-password");
+            requestMessage.Headers.Add("Authorization", $"Bearer {loginResult!.Token}");
+            requestMessage.Content = JsonContent.Create(request);
+
+            // Act
+            var response = await _client.SendAsync(requestMessage);
+
+            // Assert
+            response.StatusCode.Should().Be(HttpStatusCode.OK);
+
+            var result = await response.Content.ReadFromJsonAsync<ChangePasswordResponse>();
+            result.Should().NotBeNull();
+            result!.Token.Should().NotBeNullOrEmpty();
+            result.Token.Should().NotBe(loginResult.Token);
+            result.ExpiresAt.Should().BeAfter(DateTime.UtcNow);
+            result.User.Email.Should().Be(email.ToLowerInvariant());
+        }
+
+        [Fact]
+        public async Task ChangePassword_WithNewToken_CanLoginWithNewPassword()
+        {
+            // Arrange - Register, login, and change password
+            var email = $"newlogin_{Guid.NewGuid():N}@example.com";
+            var oldPassword = "MySecure@Pass123";
+            var newPassword = "NewSecure@Pass456";
+            var pseudo = $"NewLog{Guid.NewGuid():N}"[..20];
+
+            await _client.PostAsJsonAsync("/api/auth/register", new
+            {
+                Email = email,
+                Pseudo = pseudo,
+                Password = oldPassword,
+                ConfirmPassword = oldPassword
+            });
+
+            var loginResponse = await _client.PostAsJsonAsync("/api/auth/login", new { Email = email, Password = oldPassword });
+            var loginResult = await loginResponse.Content.ReadFromJsonAsync<LoginResponse>();
+
+            using var changeRequest = new HttpRequestMessage(HttpMethod.Post, "/api/auth/change-password");
+            changeRequest.Headers.Add("Authorization", $"Bearer {loginResult!.Token}");
+            changeRequest.Content = JsonContent.Create(new
+            {
+                CurrentPassword = oldPassword,
+                NewPassword = newPassword,
+                ConfirmNewPassword = newPassword
+            });
+
+            await _client.SendAsync(changeRequest);
+
+            // Act - Try to login with new password
+            var newLoginResponse = await _client.PostAsJsonAsync("/api/auth/login", new { Email = email, Password = newPassword });
+
+            // Assert
+            newLoginResponse.StatusCode.Should().Be(HttpStatusCode.OK);
+        }
+
+        [Fact]
+        public async Task ChangePassword_WithoutAuthentication_ReturnsUnauthorized()
+        {
+            // Arrange
+            var request = new
+            {
+                CurrentPassword = "OldPassword@123",
+                NewPassword = "NewPassword@456",
+                ConfirmNewPassword = "NewPassword@456"
+            };
+
+            // Act
+            var response = await _client.PostAsJsonAsync("/api/auth/change-password", request);
+
+            // Assert
+            response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
+        }
+
+        [Fact]
+        public async Task ChangePassword_WithInvalidToken_ReturnsUnauthorized()
+        {
+            // Arrange
+            var request = new
+            {
+                CurrentPassword = "OldPassword@123",
+                NewPassword = "NewPassword@456",
+                ConfirmNewPassword = "NewPassword@456"
+            };
+
+            using var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/change-password");
+            requestMessage.Headers.Add("Authorization", "Bearer invalid.token.here");
+            requestMessage.Content = JsonContent.Create(request);
+
+            // Act
+            var response = await _client.SendAsync(requestMessage);
+
+            // Assert
+            response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
+        }
+
+        [Fact]
+        public async Task ChangePassword_WithWrongCurrentPassword_ReturnsUnauthorized()
+        {
+            // Arrange
+            var email = $"wrongcur_{Guid.NewGuid():N}@example.com";
+            var password = "MySecure@Pass123";
+            var pseudo = $"WrngCur{Guid.NewGuid():N}"[..20];
+
+            await _client.PostAsJsonAsync("/api/auth/register", new
+            {
+                Email = email,
+                Pseudo = pseudo,
+                Password = password,
+                ConfirmPassword = password
+            });
+
+            var loginResponse = await _client.PostAsJsonAsync("/api/auth/login", new { Email = email, Password = password });
+            var loginResult = await loginResponse.Content.ReadFromJsonAsync<LoginResponse>();
+
+            var request = new
+            {
+                CurrentPassword = "WrongPassword@123",
+                NewPassword = "NewSecure@Pass456",
+                ConfirmNewPassword = "NewSecure@Pass456"
+            };
+
+            using var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/change-password");
+            requestMessage.Headers.Add("Authorization", $"Bearer {loginResult!.Token}");
+            requestMessage.Content = JsonContent.Create(request);
+
+            // Act
+            var response = await _client.SendAsync(requestMessage);
+
+            // Assert
+            response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
+            var error = await response.Content.ReadFromJsonAsync<ErrorResponse>();
+            error?.Message.Should().Contain("mot de passe actuel");
+        }
+
+        [Fact]
+        public async Task ChangePassword_WithMismatchedNewPasswords_ReturnsBadRequest()
+        {
+            // Arrange
+            var email = $"mismatch_{Guid.NewGuid():N}@example.com";
+            var password = "MySecure@Pass123";
+            var pseudo = $"MisMat{Guid.NewGuid():N}"[..20];
+
+            await _client.PostAsJsonAsync("/api/auth/register", new
+            {
+                Email = email,
+                Pseudo = pseudo,
+                Password = password,
+                ConfirmPassword = password
+            });
+
+            var loginResponse = await _client.PostAsJsonAsync("/api/auth/login", new { Email = email, Password = password });
+            var loginResult = await loginResponse.Content.ReadFromJsonAsync<LoginResponse>();
+
+            var request = new
+            {
+                CurrentPassword = password,
+                NewPassword = "NewSecure@Pass456",
+                ConfirmNewPassword = "DifferentPass@789"
+            };
+
+            using var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/change-password");
+            requestMessage.Headers.Add("Authorization", $"Bearer {loginResult!.Token}");
+            requestMessage.Content = JsonContent.Create(request);
+
+            // Act
+            var response = await _client.SendAsync(requestMessage);
+
+            // Assert
+            response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+            var error = await response.Content.ReadFromJsonAsync<ErrorResponse>();
+            error?.Message.Should().Contain("correspondent");
+        }
+
+        [Fact]
+        public async Task ChangePassword_WithWeakNewPassword_ReturnsBadRequest()
+        {
+            // Arrange
+            var email = $"weaknew_{Guid.NewGuid():N}@example.com";
+            var password = "MySecure@Pass123";
+            var pseudo = $"WeakNw{Guid.NewGuid():N}"[..20];
+
+            await _client.PostAsJsonAsync("/api/auth/register", new
+            {
+                Email = email,
+                Pseudo = pseudo,
+                Password = password,
+                ConfirmPassword = password
+            });
+
+            var loginResponse = await _client.PostAsJsonAsync("/api/auth/login", new { Email = email, Password = password });
+            var loginResult = await loginResponse.Content.ReadFromJsonAsync<LoginResponse>();
+
+            var request = new
+            {
+                CurrentPassword = password,
+                NewPassword = "weak",
+                ConfirmNewPassword = "weak"
+            };
+
+            using var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/change-password");
+            requestMessage.Headers.Add("Authorization", $"Bearer {loginResult!.Token}");
+            requestMessage.Content = JsonContent.Create(request);
+
+            // Act
+            var response = await _client.SendAsync(requestMessage);
+
+            // Assert
+            response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+        }
+
+        [Fact]
+        public async Task ChangePassword_WithSameAsOldPassword_ReturnsBadRequest()
+        {
+            // Arrange
+            var email = $"sameold_{Guid.NewGuid():N}@example.com";
+            var password = "MySecure@Pass123";
+            var pseudo = $"SameOl{Guid.NewGuid():N}"[..20];
+
+            await _client.PostAsJsonAsync("/api/auth/register", new
+            {
+                Email = email,
+                Pseudo = pseudo,
+                Password = password,
+                ConfirmPassword = password
+            });
+
+            var loginResponse = await _client.PostAsJsonAsync("/api/auth/login", new { Email = email, Password = password });
+            var loginResult = await loginResponse.Content.ReadFromJsonAsync<LoginResponse>();
+
+            var request = new
+            {
+                CurrentPassword = password,
+                NewPassword = password,
+                ConfirmNewPassword = password
+            };
+
+            using var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/change-password");
+            requestMessage.Headers.Add("Authorization", $"Bearer {loginResult!.Token}");
+            requestMessage.Content = JsonContent.Create(request);
+
+            // Act
+            var response = await _client.SendAsync(requestMessage);
+
+            // Assert
+            response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+            var error = await response.Content.ReadFromJsonAsync<ErrorResponse>();
+            error?.Message.Should().Contain("différent");
+        }
+
+        [Fact]
+        public async Task ChangePassword_WithSuspendedAccount_ReturnsForbidden()
+        {
+            // Arrange
+            var email = $"suspchg_{Guid.NewGuid():N}@example.com";
+            var password = "MySecure@Pass123";
+            var pseudo = $"SusChg{Guid.NewGuid():N}"[..20];
+
+            await _client.PostAsJsonAsync("/api/auth/register", new
+            {
+                Email = email,
+                Pseudo = pseudo,
+                Password = password,
+                ConfirmPassword = password
+            });
+
+            var loginResponse = await _client.PostAsJsonAsync("/api/auth/login", new { Email = email, Password = password });
+            var loginResult = await loginResponse.Content.ReadFromJsonAsync<LoginResponse>();
+
+            // Suspend the user directly in DB
+            using var scope = _factory.Services.CreateScope();
+            var context = scope.ServiceProvider.GetRequiredService<FantasyRealmDbContext>();
+            var user = await context.Users.FirstAsync(u => u.Email == email.ToLowerInvariant());
+            user.IsSuspended = true;
+            await context.SaveChangesAsync();
+
+            var request = new
+            {
+                CurrentPassword = password,
+                NewPassword = "NewSecure@Pass456",
+                ConfirmNewPassword = "NewSecure@Pass456"
+            };
+
+            using var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/change-password");
+            requestMessage.Headers.Add("Authorization", $"Bearer {loginResult!.Token}");
+            requestMessage.Content = JsonContent.Create(request);
+
+            // Act
+            var response = await _client.SendAsync(requestMessage);
+
+            // Assert
+            response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
+            var error = await response.Content.ReadFromJsonAsync<ErrorResponse>();
+            error?.Message.Should().Contain("suspendu");
+        }
+
+        [Fact]
+        public async Task ChangePassword_SetsMustChangePasswordToFalse()
+        {
+            // Arrange
+            var email = $"mustchg_{Guid.NewGuid():N}@example.com";
+            var password = "MySecure@Pass123";
+            var pseudo = $"MustCh{Guid.NewGuid():N}"[..20];
+
+            await _client.PostAsJsonAsync("/api/auth/register", new
+            {
+                Email = email,
+                Pseudo = pseudo,
+                Password = password,
+                ConfirmPassword = password
+            });
+
+            // Set MustChangePassword to true in DB
+            using (var scope = _factory.Services.CreateScope())
+            {
+                var context = scope.ServiceProvider.GetRequiredService<FantasyRealmDbContext>();
+                var user = await context.Users.FirstAsync(u => u.Email == email.ToLowerInvariant());
+                user.MustChangePassword = true;
+                await context.SaveChangesAsync();
+            }
+
+            var loginResponse = await _client.PostAsJsonAsync("/api/auth/login", new { Email = email, Password = password });
+            var loginResult = await loginResponse.Content.ReadFromJsonAsync<LoginResponse>();
+            loginResult!.MustChangePassword.Should().BeTrue();
+
+            var request = new
+            {
+                CurrentPassword = password,
+                NewPassword = "NewSecure@Pass456",
+                ConfirmNewPassword = "NewSecure@Pass456"
+            };
+
+            using var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/change-password");
+            requestMessage.Headers.Add("Authorization", $"Bearer {loginResult.Token}");
+            requestMessage.Content = JsonContent.Create(request);
+
+            // Act
+            await _client.SendAsync(requestMessage);
+
+            // Assert - Check DB
+            using var verifyScope = _factory.Services.CreateScope();
+            var verifyContext = verifyScope.ServiceProvider.GetRequiredService<FantasyRealmDbContext>();
+            var updatedUser = await verifyContext.Users.FirstAsync(u => u.Email == email.ToLowerInvariant());
+            updatedUser.MustChangePassword.Should().BeFalse();
+        }
+
+        #endregion
+
         private record ErrorResponse(string Message);
     }
 }
diff --git a/src/backend/tests/FantasyRealm.Tests.Unit/Email/EmailTemplatesTests.cs b/src/backend/tests/FantasyRealm.Tests.Unit/Email/EmailTemplatesTests.cs
index 209da21..7ddb3a1 100644
--- a/src/backend/tests/FantasyRealm.Tests.Unit/Email/EmailTemplatesTests.cs
+++ b/src/backend/tests/FantasyRealm.Tests.Unit/Email/EmailTemplatesTests.cs
@@ -4,6 +4,8 @@ namespace FantasyRealm.Tests.Unit.Email
 {
     public class EmailTemplatesTests
     {
+        private const string TestBaseUrl = "https://test.fantasy-realm.com";
+
         [Fact]
         public void GetWelcomeTemplate_ContainsPseudo()
         {
@@ -11,7 +13,7 @@ public void GetWelcomeTemplate_ContainsPseudo()
             var pseudo = "TestPlayer";
 
             // Act
-            var result = EmailTemplates.GetWelcomeTemplate(pseudo);
+            var result = EmailTemplates.GetWelcomeTemplate(pseudo, TestBaseUrl);
 
             // Assert
             Assert.Contains(pseudo, result);
@@ -24,19 +26,30 @@ public void GetWelcomeTemplate_EscapesHtmlCharacters()
         {
             var pseudo = "<script>alert('xss')</script>";
 
-            var result = EmailTemplates.GetWelcomeTemplate(pseudo);
+            var result = EmailTemplates.GetWelcomeTemplate(pseudo, TestBaseUrl);
 
             Assert.DoesNotContain("<script>", result);
             Assert.Contains("&lt;script&gt;", result);
         }
 
+        [Fact]
+        public void GetWelcomeTemplate_ContainsBaseUrl()
+        {
+            var pseudo = "TestPlayer";
+
+            var result = EmailTemplates.GetWelcomeTemplate(pseudo, TestBaseUrl);
+
+            Assert.Contains(TestBaseUrl, result);
+            Assert.Contains($"{TestBaseUrl}/characters/create", result);
+        }
+
         [Fact]
         public void GetPasswordResetTemplate_ContainsTokenInUrl()
         {
             var pseudo = "TestPlayer";
             var resetToken = "abc123token";
 
-            var result = EmailTemplates.GetPasswordResetTemplate(pseudo, resetToken);
+            var result = EmailTemplates.GetPasswordResetTemplate(pseudo, resetToken, TestBaseUrl);
 
             Assert.Contains(pseudo, result);
             Assert.Contains(resetToken, result);
@@ -50,19 +63,30 @@ public void GetPasswordResetTemplate_UrlEncodesSpecialCharacters()
             var pseudo = "TestPlayer";
             var resetToken = "abc+def/ghi=jkl";
 
-            var result = EmailTemplates.GetPasswordResetTemplate(pseudo, resetToken);
+            var result = EmailTemplates.GetPasswordResetTemplate(pseudo, resetToken, TestBaseUrl);
 
             Assert.Contains("token=abc%2Bdef%2Fghi%3Djkl", result);
             Assert.DoesNotContain("token=abc+def", result);
         }
 
+        [Fact]
+        public void GetPasswordResetTemplate_ContainsBaseUrl()
+        {
+            var pseudo = "TestPlayer";
+            var resetToken = "abc123token";
+
+            var result = EmailTemplates.GetPasswordResetTemplate(pseudo, resetToken, TestBaseUrl);
+
+            Assert.Contains($"{TestBaseUrl}/reset-password?token=", result);
+        }
+
         [Fact]
         public void GetTemporaryPasswordTemplate_ContainsPseudo()
         {
             var pseudo = "TestPlayer";
             var temporaryPassword = "TempPass@123!";
 
-            var result = EmailTemplates.GetTemporaryPasswordTemplate(pseudo, temporaryPassword);
+            var result = EmailTemplates.GetTemporaryPasswordTemplate(pseudo, temporaryPassword, TestBaseUrl);
 
             Assert.Contains(pseudo, result);
             Assert.Contains(temporaryPassword, result);
@@ -75,7 +99,7 @@ public void GetTemporaryPasswordTemplate_ContainsChangePasswordWarning()
             var pseudo = "TestPlayer";
             var temporaryPassword = "TempPass@123!";
 
-            var result = EmailTemplates.GetTemporaryPasswordTemplate(pseudo, temporaryPassword);
+            var result = EmailTemplates.GetTemporaryPasswordTemplate(pseudo, temporaryPassword, TestBaseUrl);
 
             Assert.Contains("changer ce mot de passe", result.ToLower());
             Assert.Contains("prochaine connexion", result.ToLower());
@@ -87,25 +111,47 @@ public void GetTemporaryPasswordTemplate_EscapesHtmlCharacters()
             var pseudo = "<script>alert('xss')</script>";
             var temporaryPassword = "TempPass@123!";
 
-            var result = EmailTemplates.GetTemporaryPasswordTemplate(pseudo, temporaryPassword);
+            var result = EmailTemplates.GetTemporaryPasswordTemplate(pseudo, temporaryPassword, TestBaseUrl);
 
             Assert.DoesNotContain("<script>", result);
             Assert.Contains("&lt;script&gt;", result);
         }
 
+        [Fact]
+        public void GetTemporaryPasswordTemplate_ContainsBaseUrl()
+        {
+            var pseudo = "TestPlayer";
+            var temporaryPassword = "TempPass@123!";
+
+            var result = EmailTemplates.GetTemporaryPasswordTemplate(pseudo, temporaryPassword, TestBaseUrl);
+
+            Assert.Contains($"{TestBaseUrl}/login", result);
+        }
+
         [Fact]
         public void GetCharacterApprovedTemplate_ContainsCharacterName()
         {
             var pseudo = "TestPlayer";
             var characterName = "Thorin";
 
-            var result = EmailTemplates.GetCharacterApprovedTemplate(pseudo, characterName);
+            var result = EmailTemplates.GetCharacterApprovedTemplate(pseudo, characterName, TestBaseUrl);
 
             Assert.Contains(pseudo, result);
             Assert.Contains(characterName, result);
             Assert.Contains("approuvé", result.ToLower());
         }
 
+        [Fact]
+        public void GetCharacterApprovedTemplate_ContainsBaseUrl()
+        {
+            var pseudo = "TestPlayer";
+            var characterName = "Thorin";
+
+            var result = EmailTemplates.GetCharacterApprovedTemplate(pseudo, characterName, TestBaseUrl);
+
+            Assert.Contains($"{TestBaseUrl}/characters", result);
+        }
+
         [Fact]
         public void GetCharacterRejectedTemplate_ContainsReason()
         {
@@ -113,7 +159,7 @@ public void GetCharacterRejectedTemplate_ContainsReason()
             var characterName = "Thorin";
             var reason = "Inappropriate content";
 
-            var result = EmailTemplates.GetCharacterRejectedTemplate(pseudo, characterName, reason);
+            var result = EmailTemplates.GetCharacterRejectedTemplate(pseudo, characterName, reason, TestBaseUrl);
 
             Assert.Contains(pseudo, result);
             Assert.Contains(characterName, result);
@@ -121,19 +167,42 @@ public void GetCharacterRejectedTemplate_ContainsReason()
             Assert.Contains("non approuvé", result.ToLower());
         }
 
+        [Fact]
+        public void GetCharacterRejectedTemplate_ContainsBaseUrl()
+        {
+            var pseudo = "TestPlayer";
+            var characterName = "Thorin";
+            var reason = "Inappropriate content";
+
+            var result = EmailTemplates.GetCharacterRejectedTemplate(pseudo, characterName, reason, TestBaseUrl);
+
+            Assert.Contains($"{TestBaseUrl}/characters", result);
+        }
+
         [Fact]
         public void GetCommentApprovedTemplate_ContainsCharacterName()
         {
             var pseudo = "TestPlayer";
             var characterName = "Thorin";
 
-            var result = EmailTemplates.GetCommentApprovedTemplate(pseudo, characterName);
+            var result = EmailTemplates.GetCommentApprovedTemplate(pseudo, characterName, TestBaseUrl);
 
             Assert.Contains(pseudo, result);
             Assert.Contains(characterName, result);
             Assert.Contains("Commentaire publié", result);
         }
 
+        [Fact]
+        public void GetCommentApprovedTemplate_ContainsBaseUrl()
+        {
+            var pseudo = "TestPlayer";
+            var characterName = "Thorin";
+
+            var result = EmailTemplates.GetCommentApprovedTemplate(pseudo, characterName, TestBaseUrl);
+
+            Assert.Contains($"{TestBaseUrl}/gallery", result);
+        }
+
         [Fact]
         public void GetCommentRejectedTemplate_ContainsReason()
         {
@@ -174,12 +243,12 @@ public void AllTemplates_ContainHtmlStructure(string templateMethod)
         {
             var result = templateMethod switch
             {
-                "GetWelcomeTemplate" => EmailTemplates.GetWelcomeTemplate("Test"),
-                "GetPasswordResetTemplate" => EmailTemplates.GetPasswordResetTemplate("Test", "token"),
-                "GetTemporaryPasswordTemplate" => EmailTemplates.GetTemporaryPasswordTemplate("Test", "TempPass123!"),
-                "GetCharacterApprovedTemplate" => EmailTemplates.GetCharacterApprovedTemplate("Test", "Character"),
-                "GetCharacterRejectedTemplate" => EmailTemplates.GetCharacterRejectedTemplate("Test", "Character", "Reason"),
-                "GetCommentApprovedTemplate" => EmailTemplates.GetCommentApprovedTemplate("Test", "Character"),
+                "GetWelcomeTemplate" => EmailTemplates.GetWelcomeTemplate("Test", TestBaseUrl),
+                "GetPasswordResetTemplate" => EmailTemplates.GetPasswordResetTemplate("Test", "token", TestBaseUrl),
+                "GetTemporaryPasswordTemplate" => EmailTemplates.GetTemporaryPasswordTemplate("Test", "TempPass123!", TestBaseUrl),
+                "GetCharacterApprovedTemplate" => EmailTemplates.GetCharacterApprovedTemplate("Test", "Character", TestBaseUrl),
+                "GetCharacterRejectedTemplate" => EmailTemplates.GetCharacterRejectedTemplate("Test", "Character", "Reason", TestBaseUrl),
+                "GetCommentApprovedTemplate" => EmailTemplates.GetCommentApprovedTemplate("Test", "Character", TestBaseUrl),
                 "GetCommentRejectedTemplate" => EmailTemplates.GetCommentRejectedTemplate("Test", "Character", "Reason"),
                 "GetAccountSuspendedTemplate" => EmailTemplates.GetAccountSuspendedTemplate("Test", "Reason"),
                 _ => throw new ArgumentException($"Unknown template: {templateMethod}")
@@ -199,12 +268,12 @@ public void AllTemplates_ContainCurrentYear()
 
             var templates = new[]
             {
-                EmailTemplates.GetWelcomeTemplate("Test"),
-                EmailTemplates.GetPasswordResetTemplate("Test", "token"),
-                EmailTemplates.GetTemporaryPasswordTemplate("Test", "TempPass123!"),
-                EmailTemplates.GetCharacterApprovedTemplate("Test", "Character"),
-                EmailTemplates.GetCharacterRejectedTemplate("Test", "Character", "Reason"),
-                EmailTemplates.GetCommentApprovedTemplate("Test", "Character"),
+                EmailTemplates.GetWelcomeTemplate("Test", TestBaseUrl),
+                EmailTemplates.GetPasswordResetTemplate("Test", "token", TestBaseUrl),
+                EmailTemplates.GetTemporaryPasswordTemplate("Test", "TempPass123!", TestBaseUrl),
+                EmailTemplates.GetCharacterApprovedTemplate("Test", "Character", TestBaseUrl),
+                EmailTemplates.GetCharacterRejectedTemplate("Test", "Character", "Reason", TestBaseUrl),
+                EmailTemplates.GetCommentApprovedTemplate("Test", "Character", TestBaseUrl),
                 EmailTemplates.GetCommentRejectedTemplate("Test", "Character", "Reason"),
                 EmailTemplates.GetAccountSuspendedTemplate("Test", "Reason")
             };
diff --git a/src/backend/tests/FantasyRealm.Tests.Unit/Services/AuthServiceTests.cs b/src/backend/tests/FantasyRealm.Tests.Unit/Services/AuthServiceTests.cs
index eec41db..15eb9a9 100644
--- a/src/backend/tests/FantasyRealm.Tests.Unit/Services/AuthServiceTests.cs
+++ b/src/backend/tests/FantasyRealm.Tests.Unit/Services/AuthServiceTests.cs
@@ -679,5 +679,273 @@ public async Task Given_WrongEmailForPseudo_When_ForgotPassword_Should_ReturnNot
         }
 
         #endregion
+
+        #region ChangePassword Tests
+
+        [Fact]
+        public async Task Given_ValidRequest_When_ChangePassword_Should_ReturnSuccessWithNewToken()
+        {
+            // Arrange
+            var userId = 1;
+            var request = new ChangePasswordRequest("OldPassword@123!", "NewPassword@456!", "NewPassword@456!");
+            var role = new Role { Id = 1, Label = "User" };
+            var user = new User
+            {
+                Id = userId,
+                Email = "test@example.com",
+                Pseudo = "TestUser",
+                PasswordHash = "oldHash",
+                RoleId = 1,
+                Role = role,
+                IsSuspended = false,
+                MustChangePassword = true
+            };
+
+            _userRepositoryMock.Setup(r => r.GetByIdWithRoleAsync(userId, It.IsAny<CancellationToken>()))
+                .ReturnsAsync(user);
+            _passwordHasherMock.Setup(h => h.Verify("OldPassword@123!", "oldHash"))
+                .Returns(true);
+            _passwordHasherMock.Setup(h => h.Verify("NewPassword@456!", "oldHash"))
+                .Returns(false);
+            _passwordHasherMock.Setup(h => h.Hash("NewPassword@456!"))
+                .Returns("newHash");
+            _userRepositoryMock.Setup(r => r.UpdateAsync(It.IsAny<User>(), It.IsAny<CancellationToken>()))
+                .ReturnsAsync(user);
+            _jwtServiceMock.Setup(j => j.GenerateToken(userId, "test@example.com", "TestUser", "User"))
+                .Returns("new-jwt-token");
+            _jwtServiceMock.Setup(j => j.GetExpirationDate())
+                .Returns(DateTime.UtcNow.AddHours(24));
+
+            // Act
+            var result = await _authService.ChangePasswordAsync(userId, request);
+
+            // Assert
+            result.IsSuccess.Should().BeTrue();
+            result.Value.Should().NotBeNull();
+            result.Value!.Token.Should().Be("new-jwt-token");
+            result.Value.User.Id.Should().Be(userId);
+            _userRepositoryMock.Verify(r => r.UpdateAsync(It.Is<User>(u => u.MustChangePassword == false && u.PasswordHash == "newHash"), It.IsAny<CancellationToken>()), Times.Once);
+        }
+
+        [Fact]
+        public async Task Given_NonExistentUser_When_ChangePassword_Should_ReturnUnauthorized()
+        {
+            // Arrange
+            var userId = 999;
+            var request = new ChangePasswordRequest("OldPassword@123!", "NewPassword@456!", "NewPassword@456!");
+
+            _userRepositoryMock.Setup(r => r.GetByIdWithRoleAsync(userId, It.IsAny<CancellationToken>()))
+                .ReturnsAsync((User?)null);
+
+            // Act
+            var result = await _authService.ChangePasswordAsync(userId, request);
+
+            // Assert
+            result.IsFailure.Should().BeTrue();
+            result.Error.Should().Be("Identifiants incorrects.");
+            result.ErrorCode.Should().Be(401);
+        }
+
+        [Fact]
+        public async Task Given_SuspendedAccount_When_ChangePassword_Should_ReturnForbidden()
+        {
+            // Arrange
+            var userId = 1;
+            var request = new ChangePasswordRequest("OldPassword@123!", "NewPassword@456!", "NewPassword@456!");
+            var role = new Role { Id = 1, Label = "User" };
+            var user = new User
+            {
+                Id = userId,
+                Email = "test@example.com",
+                Pseudo = "TestUser",
+                PasswordHash = "oldHash",
+                RoleId = 1,
+                Role = role,
+                IsSuspended = true
+            };
+
+            _userRepositoryMock.Setup(r => r.GetByIdWithRoleAsync(userId, It.IsAny<CancellationToken>()))
+                .ReturnsAsync(user);
+
+            // Act
+            var result = await _authService.ChangePasswordAsync(userId, request);
+
+            // Assert
+            result.IsFailure.Should().BeTrue();
+            result.Error.Should().Be("Votre compte a été suspendu.");
+            result.ErrorCode.Should().Be(403);
+        }
+
+        [Fact]
+        public async Task Given_WrongCurrentPassword_When_ChangePassword_Should_ReturnUnauthorized()
+        {
+            // Arrange
+            var userId = 1;
+            var request = new ChangePasswordRequest("WrongPassword!", "NewPassword@456!", "NewPassword@456!");
+            var role = new Role { Id = 1, Label = "User" };
+            var user = new User
+            {
+                Id = userId,
+                Email = "test@example.com",
+                Pseudo = "TestUser",
+                PasswordHash = "oldHash",
+                RoleId = 1,
+                Role = role,
+                IsSuspended = false
+            };
+
+            _userRepositoryMock.Setup(r => r.GetByIdWithRoleAsync(userId, It.IsAny<CancellationToken>()))
+                .ReturnsAsync(user);
+            _passwordHasherMock.Setup(h => h.Verify("WrongPassword!", "oldHash"))
+                .Returns(false);
+
+            // Act
+            var result = await _authService.ChangePasswordAsync(userId, request);
+
+            // Assert
+            result.IsFailure.Should().BeTrue();
+            result.Error.Should().Be("Le mot de passe actuel est incorrect.");
+            result.ErrorCode.Should().Be(401);
+        }
+
+        [Fact]
+        public async Task Given_MismatchedNewPasswords_When_ChangePassword_Should_ReturnBadRequest()
+        {
+            // Arrange
+            var userId = 1;
+            var request = new ChangePasswordRequest("OldPassword@123!", "NewPassword@456!", "DifferentPassword@789!");
+            var role = new Role { Id = 1, Label = "User" };
+            var user = new User
+            {
+                Id = userId,
+                Email = "test@example.com",
+                Pseudo = "TestUser",
+                PasswordHash = "oldHash",
+                RoleId = 1,
+                Role = role,
+                IsSuspended = false
+            };
+
+            _userRepositoryMock.Setup(r => r.GetByIdWithRoleAsync(userId, It.IsAny<CancellationToken>()))
+                .ReturnsAsync(user);
+            _passwordHasherMock.Setup(h => h.Verify("OldPassword@123!", "oldHash"))
+                .Returns(true);
+
+            // Act
+            var result = await _authService.ChangePasswordAsync(userId, request);
+
+            // Assert
+            result.IsFailure.Should().BeTrue();
+            result.Error.Should().Be("Les nouveaux mots de passe ne correspondent pas.");
+            result.ErrorCode.Should().Be(400);
+        }
+
+        [Fact]
+        public async Task Given_WeakNewPassword_When_ChangePassword_Should_ReturnBadRequest()
+        {
+            // Arrange
+            var userId = 1;
+            var request = new ChangePasswordRequest("OldPassword@123!", "weak", "weak");
+            var role = new Role { Id = 1, Label = "User" };
+            var user = new User
+            {
+                Id = userId,
+                Email = "test@example.com",
+                Pseudo = "TestUser",
+                PasswordHash = "oldHash",
+                RoleId = 1,
+                Role = role,
+                IsSuspended = false
+            };
+
+            _userRepositoryMock.Setup(r => r.GetByIdWithRoleAsync(userId, It.IsAny<CancellationToken>()))
+                .ReturnsAsync(user);
+            _passwordHasherMock.Setup(h => h.Verify("OldPassword@123!", "oldHash"))
+                .Returns(true);
+
+            // Act
+            var result = await _authService.ChangePasswordAsync(userId, request);
+
+            // Assert
+            result.IsFailure.Should().BeTrue();
+            result.ErrorCode.Should().Be(400);
+        }
+
+        [Fact]
+        public async Task Given_SameAsOldPassword_When_ChangePassword_Should_ReturnBadRequest()
+        {
+            // Arrange
+            var userId = 1;
+            var request = new ChangePasswordRequest("OldPassword@123!", "OldPassword@123!", "OldPassword@123!");
+            var role = new Role { Id = 1, Label = "User" };
+            var user = new User
+            {
+                Id = userId,
+                Email = "test@example.com",
+                Pseudo = "TestUser",
+                PasswordHash = "oldHash",
+                RoleId = 1,
+                Role = role,
+                IsSuspended = false
+            };
+
+            _userRepositoryMock.Setup(r => r.GetByIdWithRoleAsync(userId, It.IsAny<CancellationToken>()))
+                .ReturnsAsync(user);
+            _passwordHasherMock.Setup(h => h.Verify("OldPassword@123!", "oldHash"))
+                .Returns(true);
+
+            // Act
+            var result = await _authService.ChangePasswordAsync(userId, request);
+
+            // Assert
+            result.IsFailure.Should().BeTrue();
+            result.Error.Should().Be("Le nouveau mot de passe doit être différent de l'ancien.");
+            result.ErrorCode.Should().Be(400);
+        }
+
+        [Fact]
+        public async Task Given_ValidRequest_When_ChangePassword_Should_SetMustChangePasswordToFalse()
+        {
+            // Arrange
+            var userId = 1;
+            var request = new ChangePasswordRequest("OldPassword@123!", "NewPassword@456!", "NewPassword@456!");
+            var role = new Role { Id = 1, Label = "User" };
+            var user = new User
+            {
+                Id = userId,
+                Email = "test@example.com",
+                Pseudo = "TestUser",
+                PasswordHash = "oldHash",
+                RoleId = 1,
+                Role = role,
+                IsSuspended = false,
+                MustChangePassword = true
+            };
+
+            _userRepositoryMock.Setup(r => r.GetByIdWithRoleAsync(userId, It.IsAny<CancellationToken>()))
+                .ReturnsAsync(user);
+            _passwordHasherMock.Setup(h => h.Verify("OldPassword@123!", "oldHash"))
+                .Returns(true);
+            _passwordHasherMock.Setup(h => h.Verify("NewPassword@456!", "oldHash"))
+                .Returns(false);
+            _passwordHasherMock.Setup(h => h.Hash("NewPassword@456!"))
+                .Returns("newHash");
+            _userRepositoryMock.Setup(r => r.UpdateAsync(It.IsAny<User>(), It.IsAny<CancellationToken>()))
+                .ReturnsAsync(user);
+            _jwtServiceMock.Setup(j => j.GenerateToken(It.IsAny<int>(), It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()))
+                .Returns("new-jwt-token");
+            _jwtServiceMock.Setup(j => j.GetExpirationDate())
+                .Returns(DateTime.UtcNow.AddHours(24));
+
+            // Act
+            await _authService.ChangePasswordAsync(userId, request);
+
+            // Assert
+            _userRepositoryMock.Verify(r => r.UpdateAsync(
+                It.Is<User>(u => u.MustChangePassword == false),
+                It.IsAny<CancellationToken>()), Times.Once);
+        }
+
+        #endregion
     }
 }
diff --git a/src/frontend/src/components/auth/ChangePasswordModal.test.tsx b/src/frontend/src/components/auth/ChangePasswordModal.test.tsx
new file mode 100644
index 0000000..9fc144a
--- /dev/null
+++ b/src/frontend/src/components/auth/ChangePasswordModal.test.tsx
@@ -0,0 +1,388 @@
+import { render, screen, waitFor } from '@testing-library/react';
+import userEvent from '@testing-library/user-event';
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { axe, toHaveNoViolations } from 'jest-axe';
+import { ChangePasswordModal } from './ChangePasswordModal';
+import { authService } from '../../services/authService';
+
+expect.extend(toHaveNoViolations);
+
+vi.mock('../../services/authService', () => ({
+  authService: {
+    changePassword: vi.fn(),
+  },
+}));
+
+const mockChangePassword = vi.mocked(authService.changePassword);
+
+describe('ChangePasswordModal', () => {
+  const mockOnSuccess = vi.fn();
+  const mockToken = 'test-jwt-token';
+
+  const validFormData = {
+    currentPassword: 'OldPassword@123',
+    newPassword: 'NewSecure@Pass456',
+    confirmNewPassword: 'NewSecure@Pass456',
+  };
+
+  const mockChangePasswordResponse = {
+    token: 'new-jwt-token',
+    expiresAt: '2024-12-31T23:59:59Z',
+    user: {
+      id: 1,
+      email: 'test@example.com',
+      pseudo: 'TestUser',
+      role: 'User',
+    },
+  };
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe('rendering', () => {
+    it('should render modal title', () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      expect(screen.getByText(/changement de mot de passe obligatoire/i)).toBeInTheDocument();
+    });
+
+    it('should render explanatory message', () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      expect(screen.getByText(/pour des raisons de sécurité/i)).toBeInTheDocument();
+    });
+
+    it('should render all password fields', () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      expect(screen.getByLabelText(/mot de passe actuel/i)).toBeInTheDocument();
+      expect(screen.getByLabelText(/^nouveau mot de passe$/i)).toBeInTheDocument();
+      expect(screen.getByLabelText(/confirmer le nouveau mot de passe/i)).toBeInTheDocument();
+    });
+
+    it('should render submit button', () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      expect(screen.getByRole('button', { name: /changer mon mot de passe/i })).toBeInTheDocument();
+    });
+
+    it('should not render close button', () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      expect(screen.queryByRole('button', { name: /fermer/i })).not.toBeInTheDocument();
+    });
+
+    it('should not render when isOpen is false', () => {
+      render(<ChangePasswordModal isOpen={false} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      expect(screen.queryByText(/changement de mot de passe obligatoire/i)).not.toBeInTheDocument();
+    });
+  });
+
+  describe('validation', () => {
+    it('should show error when current password is empty', async () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/le mot de passe actuel est requis/i)).toBeInTheDocument();
+      });
+    });
+
+    it('should show error when new password is empty', async () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.currentPassword);
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/le nouveau mot de passe est requis/i)).toBeInTheDocument();
+      });
+    });
+
+    it('should show error when confirmation is empty', async () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.currentPassword);
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), validFormData.newPassword);
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/la confirmation est requise/i)).toBeInTheDocument();
+      });
+    });
+
+    it('should show error when passwords do not match', async () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.currentPassword);
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), validFormData.newPassword);
+      await userEvent.type(screen.getByLabelText(/confirmer le nouveau mot de passe/i), 'DifferentPass@789');
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/les mots de passe ne correspondent pas/i)).toBeInTheDocument();
+      });
+    });
+
+    it('should show error when new password is weak', async () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.currentPassword);
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), 'weak');
+      await userEvent.type(screen.getByLabelText(/confirmer le nouveau mot de passe/i), 'weak');
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/ne respecte pas les critères de sécurité/i)).toBeInTheDocument();
+      });
+    });
+
+    it('should show error when new password is same as current', async () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.newPassword);
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), validFormData.newPassword);
+      await userEvent.type(screen.getByLabelText(/confirmer le nouveau mot de passe/i), validFormData.newPassword);
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/doit être différent de l'ancien/i)).toBeInTheDocument();
+      });
+    });
+
+    it('should clear field error when user starts typing', async () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/le mot de passe actuel est requis/i)).toBeInTheDocument();
+      });
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), 'a');
+
+      await waitFor(() => {
+        expect(screen.queryByText(/le mot de passe actuel est requis/i)).not.toBeInTheDocument();
+      });
+    });
+  });
+
+  describe('submission', () => {
+    it('should call changePassword with correct data on valid submission', async () => {
+      mockChangePassword.mockResolvedValueOnce(mockChangePasswordResponse);
+
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.currentPassword);
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), validFormData.newPassword);
+      await userEvent.type(screen.getByLabelText(/confirmer le nouveau mot de passe/i), validFormData.confirmNewPassword);
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(mockChangePassword).toHaveBeenCalledWith(validFormData, mockToken);
+      });
+    });
+
+    it('should call onSuccess after successful submission', async () => {
+      mockChangePassword.mockResolvedValueOnce(mockChangePasswordResponse);
+
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.currentPassword);
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), validFormData.newPassword);
+      await userEvent.type(screen.getByLabelText(/confirmer le nouveau mot de passe/i), validFormData.confirmNewPassword);
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(mockOnSuccess).toHaveBeenCalledWith(mockChangePasswordResponse);
+      });
+    });
+
+    it('should show loading state while submitting', async () => {
+      let resolvePromise: (value: typeof mockChangePasswordResponse) => void;
+      mockChangePassword.mockImplementation(() => new Promise((resolve) => {
+        resolvePromise = resolve;
+      }));
+
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.currentPassword);
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), validFormData.newPassword);
+      await userEvent.type(screen.getByLabelText(/confirmer le nouveau mot de passe/i), validFormData.confirmNewPassword);
+
+      const button = screen.getByRole('button', { name: /changer mon mot de passe/i });
+      await userEvent.click(button);
+
+      await waitFor(() => {
+        expect(button).toHaveAttribute('disabled');
+      });
+
+      resolvePromise!(mockChangePasswordResponse);
+    });
+
+    it('should display API error message on failure', async () => {
+      mockChangePassword.mockRejectedValueOnce({
+        message: 'Le mot de passe actuel est incorrect.',
+        status: 401,
+      });
+
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.currentPassword);
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), validFormData.newPassword);
+      await userEvent.type(screen.getByLabelText(/confirmer le nouveau mot de passe/i), validFormData.confirmNewPassword);
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/le mot de passe actuel est incorrect/i)).toBeInTheDocument();
+      });
+    });
+
+    it('should display generic error message when API returns no message', async () => {
+      mockChangePassword.mockRejectedValueOnce({
+        status: 500,
+      });
+
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.currentPassword);
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), validFormData.newPassword);
+      await userEvent.type(screen.getByLabelText(/confirmer le nouveau mot de passe/i), validFormData.confirmNewPassword);
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/une erreur est survenue/i)).toBeInTheDocument();
+      });
+    });
+
+    it('should clear API error when user starts typing', async () => {
+      mockChangePassword.mockRejectedValueOnce({
+        message: 'Erreur serveur',
+        status: 500,
+      });
+
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.currentPassword);
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), validFormData.newPassword);
+      await userEvent.type(screen.getByLabelText(/confirmer le nouveau mot de passe/i), validFormData.confirmNewPassword);
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/erreur serveur/i)).toBeInTheDocument();
+      });
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), 'a');
+
+      await waitFor(() => {
+        expect(screen.queryByText(/erreur serveur/i)).not.toBeInTheDocument();
+      });
+    });
+
+    it('should not call onSuccess when submission fails', async () => {
+      mockChangePassword.mockRejectedValueOnce({
+        message: 'Erreur',
+        status: 400,
+      });
+
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.currentPassword);
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), validFormData.newPassword);
+      await userEvent.type(screen.getByLabelText(/confirmer le nouveau mot de passe/i), validFormData.confirmNewPassword);
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/erreur/i)).toBeInTheDocument();
+      });
+
+      expect(mockOnSuccess).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('password strength indicator', () => {
+    it('should display password strength indicator when typing new password', async () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), 'Test');
+
+      await waitFor(() => {
+        expect(screen.getByText(/12 caractères min/i)).toBeInTheDocument();
+      });
+    });
+
+    it('should update strength indicator as password changes', async () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), 'MySecure@Pass123');
+
+      await waitFor(() => {
+        expect(screen.getByRole('progressbar')).toBeInTheDocument();
+      });
+    });
+  });
+
+  describe('accessibility (RGAA/WCAG)', () => {
+    it('should have no accessibility violations', async () => {
+      const { container } = render(
+        <ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />
+      );
+
+      const results = await axe(container);
+      expect(results).toHaveNoViolations();
+    });
+
+    it('should have no accessibility violations with validation errors', async () => {
+      const { container } = render(
+        <ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />
+      );
+
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/le mot de passe actuel est requis/i)).toBeInTheDocument();
+      });
+
+      const results = await axe(container);
+      expect(results).toHaveNoViolations();
+    });
+
+    it('should have no accessibility violations with API error', async () => {
+      mockChangePassword.mockRejectedValueOnce({
+        message: 'Erreur serveur',
+        status: 500,
+      });
+
+      const { container } = render(
+        <ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />
+      );
+
+      await userEvent.type(screen.getByLabelText(/mot de passe actuel/i), validFormData.currentPassword);
+      await userEvent.type(screen.getByLabelText(/^nouveau mot de passe$/i), validFormData.newPassword);
+      await userEvent.type(screen.getByLabelText(/confirmer le nouveau mot de passe/i), validFormData.confirmNewPassword);
+      await userEvent.click(screen.getByRole('button', { name: /changer mon mot de passe/i }));
+
+      await waitFor(() => {
+        expect(screen.getByText(/erreur serveur/i)).toBeInTheDocument();
+      });
+
+      const results = await axe(container);
+      expect(results).toHaveNoViolations();
+    });
+
+    it('should have dialog role', () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      expect(screen.getByRole('dialog')).toBeInTheDocument();
+    });
+
+    it('should have aria-modal attribute', () => {
+      render(<ChangePasswordModal isOpen={true} token={mockToken} onSuccess={mockOnSuccess} />);
+
+      expect(screen.getByRole('dialog')).toHaveAttribute('aria-modal', 'true');
+    });
+  });
+});
diff --git a/src/frontend/src/components/auth/ChangePasswordModal.tsx b/src/frontend/src/components/auth/ChangePasswordModal.tsx
new file mode 100644
index 0000000..c87523c
--- /dev/null
+++ b/src/frontend/src/components/auth/ChangePasswordModal.tsx
@@ -0,0 +1,161 @@
+import { useState, type FormEvent } from 'react';
+import { Modal, ModalHeader, ModalBody, ModalFooter } from '../ui/Modal/Modal';
+import { PasswordInput, Button, Alert } from '../ui';
+import { PasswordStrengthIndicator } from './PasswordStrengthIndicator';
+import { authService, type ChangePasswordResponse, type ApiError } from '../../services/authService';
+import { validatePassword } from '../../utils/passwordValidation';
+
+interface ChangePasswordModalProps {
+  isOpen: boolean;
+  token: string;
+  onSuccess: (response: ChangePasswordResponse) => void;
+}
+
+const ChangePasswordModal = ({ isOpen, token, onSuccess }: ChangePasswordModalProps) => {
+  const [formData, setFormData] = useState({
+    currentPassword: '',
+    newPassword: '',
+    confirmNewPassword: '',
+  });
+  const [errors, setErrors] = useState<Record<string, string>>({});
+  const [apiError, setApiError] = useState<string | null>(null);
+  const [isLoading, setIsLoading] = useState(false);
+
+  const validateForm = (): boolean => {
+    const newErrors: Record<string, string> = {};
+
+    if (!formData.currentPassword) {
+      newErrors.currentPassword = 'Le mot de passe actuel est requis';
+    }
+
+    if (!formData.newPassword) {
+      newErrors.newPassword = 'Le nouveau mot de passe est requis';
+    } else {
+      const validation = validatePassword(formData.newPassword);
+      if (!validation.isValid) {
+        newErrors.newPassword = 'Le mot de passe ne respecte pas les critères de sécurité';
+      }
+    }
+
+    if (!formData.confirmNewPassword) {
+      newErrors.confirmNewPassword = 'La confirmation est requise';
+    } else if (formData.newPassword !== formData.confirmNewPassword) {
+      newErrors.confirmNewPassword = 'Les mots de passe ne correspondent pas';
+    }
+
+    if (formData.currentPassword && formData.newPassword && formData.currentPassword === formData.newPassword) {
+      newErrors.newPassword = 'Le nouveau mot de passe doit être différent de l\'ancien';
+    }
+
+    setErrors(newErrors);
+    return Object.keys(newErrors).length === 0;
+  };
+
+  const handleSubmit = async (e: FormEvent) => {
+    e.preventDefault();
+    setApiError(null);
+
+    if (!validateForm()) {
+      return;
+    }
+
+    setIsLoading(true);
+
+    try {
+      const response = await authService.changePassword(formData, token);
+      onSuccess(response);
+    } catch (error) {
+      const apiErr = error as ApiError;
+      setApiError(apiErr.message || 'Une erreur est survenue lors du changement de mot de passe');
+    } finally {
+      setIsLoading(false);
+    }
+  };
+
+  const handleChange = (field: string) => (e: React.ChangeEvent<HTMLInputElement>) => {
+    setFormData((prev) => ({ ...prev, [field]: e.target.value }));
+    if (errors[field]) {
+      setErrors((prev) => ({ ...prev, [field]: '' }));
+    }
+    if (apiError) {
+      setApiError(null);
+    }
+  };
+
+  return (
+    <Modal
+      isOpen={isOpen}
+      onClose={() => {}}
+      size="md"
+      closeOnOverlay={false}
+      closeOnEscape={false}
+    >
+      <ModalHeader showCloseButton={false}>
+        Changement de mot de passe obligatoire
+      </ModalHeader>
+
+      <form onSubmit={handleSubmit} noValidate>
+        <ModalBody>
+          <p className="text-cream-300 mb-6">
+            Pour des raisons de sécurité, vous devez définir un nouveau mot de passe avant de continuer.
+          </p>
+
+          {apiError && (
+            <Alert variant="error" className="mb-6" onClose={() => setApiError(null)}>
+              {apiError}
+            </Alert>
+          )}
+
+          <div className="space-y-5">
+            <PasswordInput
+              label="Mot de passe actuel"
+              placeholder="Votre mot de passe temporaire"
+              value={formData.currentPassword}
+              onChange={handleChange('currentPassword')}
+              error={errors.currentPassword}
+              autoComplete="current-password"
+              required
+            />
+
+            <div>
+              <PasswordInput
+                label="Nouveau mot de passe"
+                placeholder="Votre nouveau mot de passe"
+                value={formData.newPassword}
+                onChange={handleChange('newPassword')}
+                error={errors.newPassword}
+                autoComplete="new-password"
+                required
+              />
+              <PasswordStrengthIndicator password={formData.newPassword} />
+            </div>
+
+            <PasswordInput
+              label="Confirmer le nouveau mot de passe"
+              placeholder="Confirmez votre nouveau mot de passe"
+              value={formData.confirmNewPassword}
+              onChange={handleChange('confirmNewPassword')}
+              error={errors.confirmNewPassword}
+              autoComplete="new-password"
+              required
+            />
+          </div>
+        </ModalBody>
+
+        <ModalFooter>
+          <Button
+            type="submit"
+            variant="primary"
+            size="lg"
+            fullWidth
+            isLoading={isLoading}
+          >
+            Changer mon mot de passe
+          </Button>
+        </ModalFooter>
+      </form>
+    </Modal>
+  );
+};
+
+export { ChangePasswordModal };
diff --git a/src/frontend/src/components/auth/LoginForm.test.tsx b/src/frontend/src/components/auth/LoginForm.test.tsx
index 9050956..1ef5fd0 100644
--- a/src/frontend/src/components/auth/LoginForm.test.tsx
+++ b/src/frontend/src/components/auth/LoginForm.test.tsx
@@ -295,7 +295,7 @@ describe('LoginForm', () => {
   });
 
   describe('MustChangePassword handling', () => {
-    it('should display message when mustChangePassword is true', async () => {
+    it('should display change password modal when mustChangePassword is true', async () => {
       mockAuthLogin.mockResolvedValueOnce({
         ...mockLoginResponse,
         mustChangePassword: true,
@@ -308,7 +308,7 @@ describe('LoginForm', () => {
       await userEvent.click(screen.getByRole('button', { name: /se connecter/i }));
 
       await waitFor(() => {
-        expect(screen.getByText(/vous devez changer votre mot de passe/i)).toBeInTheDocument();
+        expect(screen.getByText(/changement de mot de passe obligatoire/i)).toBeInTheDocument();
       });
     });
 
@@ -325,7 +325,7 @@ describe('LoginForm', () => {
       await userEvent.click(screen.getByRole('button', { name: /se connecter/i }));
 
       await waitFor(() => {
-        expect(screen.getByText(/vous devez changer votre mot de passe/i)).toBeInTheDocument();
+        expect(screen.getByText(/changement de mot de passe obligatoire/i)).toBeInTheDocument();
       });
 
       expect(mockOnSuccess).not.toHaveBeenCalled();
@@ -344,7 +344,7 @@ describe('LoginForm', () => {
       await userEvent.click(screen.getByRole('button', { name: /se connecter/i }));
 
       await waitFor(() => {
-        expect(screen.getByText(/vous devez changer votre mot de passe/i)).toBeInTheDocument();
+        expect(screen.getByText(/changement de mot de passe obligatoire/i)).toBeInTheDocument();
       });
 
       expect(mockLogin).not.toHaveBeenCalled();
diff --git a/src/frontend/src/components/auth/LoginForm.tsx b/src/frontend/src/components/auth/LoginForm.tsx
index 8fd0140..3ebb0f1 100644
--- a/src/frontend/src/components/auth/LoginForm.tsx
+++ b/src/frontend/src/components/auth/LoginForm.tsx
@@ -1,7 +1,8 @@
 import { useState, type FormEvent } from 'react';
 import { Link } from 'react-router-dom';
 import { Input, PasswordInput, Button, Alert } from '../ui';
-import { authService, type ApiError } from '../../services/authService';
+import { ChangePasswordModal } from './ChangePasswordModal';
+import { authService, type ApiError, type ChangePasswordResponse } from '../../services/authService';
 import { useAuth } from '../../context/AuthContext';
 
 interface LoginFormProps {
@@ -17,6 +18,8 @@ const LoginForm = ({ onSuccess }: LoginFormProps) => {
   const [errors, setErrors] = useState<Record<string, string>>({});
   const [apiError, setApiError] = useState<string | null>(null);
   const [isLoading, setIsLoading] = useState(false);
+  const [showChangePasswordModal, setShowChangePasswordModal] = useState(false);
+  const [temporaryToken, setTemporaryToken] = useState<string | null>(null);
 
   const validateForm = (): boolean => {
     const newErrors: Record<string, string> = {};
@@ -49,7 +52,8 @@ const LoginForm = ({ onSuccess }: LoginFormProps) => {
       const response = await authService.login(formData);
 
       if (response.mustChangePassword) {
-        setApiError('Vous devez changer votre mot de passe. Cette fonctionnalité sera disponible prochainement.');
+        setTemporaryToken(response.token);
+        setShowChangePasswordModal(true);
         return;
       }
 
@@ -73,7 +77,25 @@ const LoginForm = ({ onSuccess }: LoginFormProps) => {
     }
   };
 
+  const handlePasswordChangeSuccess = (response: ChangePasswordResponse) => {
+    setShowChangePasswordModal(false);
+    setTemporaryToken(null);
+    login({
+      token: response.token,
+      expiresAt: response.expiresAt,
+      user: response.user,
+      mustChangePassword: false,
+    });
+    onSuccess();
+  };
+
   return (
+    <>
+      <ChangePasswordModal
+        isOpen={showChangePasswordModal}
+        token={temporaryToken || ''}
+        onSuccess={handlePasswordChangeSuccess}
+      />
     <form onSubmit={handleSubmit} noValidate>
       {apiError && (
         <Alert variant="error" className="mb-6" onClose={() => setApiError(null)}>
@@ -124,6 +146,7 @@ const LoginForm = ({ onSuccess }: LoginFormProps) => {
         Se connecter
       </Button>
     </form>
+    </>
   );
 };
 
diff --git a/src/frontend/src/components/auth/index.ts b/src/frontend/src/components/auth/index.ts
index bbcbb01..28dbf94 100644
--- a/src/frontend/src/components/auth/index.ts
+++ b/src/frontend/src/components/auth/index.ts
@@ -2,3 +2,4 @@ export { RegisterForm } from './RegisterForm';
 export { LoginForm } from './LoginForm';
 export { ForgotPasswordForm } from './ForgotPasswordForm';
 export { PasswordStrengthIndicator } from './PasswordStrengthIndicator';
+export { ChangePasswordModal } from './ChangePasswordModal';
diff --git a/src/frontend/src/pages/LoginPage.test.tsx b/src/frontend/src/pages/LoginPage.test.tsx
index 8c9006f..dc6b396 100644
--- a/src/frontend/src/pages/LoginPage.test.tsx
+++ b/src/frontend/src/pages/LoginPage.test.tsx
@@ -146,7 +146,7 @@ describe('LoginPage', () => {
       await userEvent.click(screen.getByRole('button', { name: /se connecter/i }));
 
       await waitFor(() => {
-        expect(screen.getByText(/vous devez changer votre mot de passe/i)).toBeInTheDocument();
+        expect(screen.getByText(/changement de mot de passe obligatoire/i)).toBeInTheDocument();
       });
 
       expect(mockNavigate).not.toHaveBeenCalled();
diff --git a/src/frontend/src/services/api.ts b/src/frontend/src/services/api.ts
index a89eddf..9678ad1 100644
--- a/src/frontend/src/services/api.ts
+++ b/src/frontend/src/services/api.ts
@@ -45,6 +45,41 @@ class ApiClient {
     return response.json();
   }
 
+  async postAuthenticated<TRequest, TResponse>(
+    endpoint: string,
+    data: TRequest,
+    token: string
+  ): Promise<TResponse> {
+    let response: Response;
+
+    try {
+      response = await fetch(`${this.baseUrl}${endpoint}`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Authorization': `Bearer ${token}`,
+        },
+        body: JSON.stringify(data),
+      });
+    } catch {
+      throw {
+        message: 'Impossible de contacter le serveur. Vérifiez votre connexion internet.',
+        status: 0,
+      } as ApiError;
+    }
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      const error: ApiError = {
+        message: errorData.message || 'Une erreur est survenue',
+        status: response.status,
+      };
+      throw error;
+    }
+
+    return response.json();
+  }
+
   async get<TResponse>(endpoint: string): Promise<TResponse> {
     let response: Response;
 
diff --git a/src/frontend/src/services/authService.ts b/src/frontend/src/services/authService.ts
index 54ed0dd..b694faf 100644
--- a/src/frontend/src/services/authService.ts
+++ b/src/frontend/src/services/authService.ts
@@ -43,6 +43,18 @@ interface ForgotPasswordResponse {
   message: string;
 }
 
+interface ChangePasswordRequest {
+  currentPassword: string;
+  newPassword: string;
+  confirmNewPassword: string;
+}
+
+interface ChangePasswordResponse {
+  token: string;
+  expiresAt: string;
+  user: UserInfo;
+}
+
 const authService = {
   register: async (data: RegisterRequest): Promise<RegisterResponse> => {
     return apiClient.post<RegisterRequest, RegisterResponse>('/auth/register', data);
@@ -55,7 +67,11 @@ const authService = {
   forgotPassword: async (data: ForgotPasswordRequest): Promise<ForgotPasswordResponse> => {
     return apiClient.post<ForgotPasswordRequest, ForgotPasswordResponse>('/auth/forgot-password', data);
   },
+
+  changePassword: async (data: ChangePasswordRequest, token: string): Promise<ChangePasswordResponse> => {
+    return apiClient.postAuthenticated<ChangePasswordRequest, ChangePasswordResponse>('/auth/change-password', data, token);
+  },
 };
 
 export { authService };
-export type { RegisterRequest, RegisterResponse, LoginRequest, LoginResponse, ForgotPasswordRequest, ForgotPasswordResponse, UserInfo, ApiError };
+export type { RegisterRequest, RegisterResponse, LoginRequest, LoginResponse, ForgotPasswordRequest, ForgotPasswordResponse, ChangePasswordRequest, ChangePasswordResponse, UserInfo, ApiError };