<?php

declare(strict_types=1);

namespace App\Infrastructure\Http\Controller;

use App\Domain\Auth\Repository\UserRepositoryInterface;
use App\Domain\Auth\User;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;

#[IsGranted('ROLE_USER')]
final class ChangePasswordController extends AbstractController
{
    public function __construct(
        private readonly UserRepositoryInterface $users,
        private readonly UserPasswordHasherInterface $hasher,
    ) {
    }

    #[Route('/account/password', name: 'app_change_password', methods: ['GET', 'POST'])]
    public function __invoke(Request $request): Response
    {
        /** @var User $user */
        $user = $this->getUser();

        $error = null;

        if ($request->isMethod('POST')) {
            $token = $request->request->getString('_csrf_token');
            if (!$this->isCsrfTokenValid('change_password', $token)) {
                $error = 'Ungültiges Formular-Token. Bitte erneut versuchen.';
            } else {
                $current = $request->request->getString('current_password');
                $new = $request->request->getString('new_password');
                $confirm = $request->request->getString('confirm_password');

                if (!$this->hasher->isPasswordValid($user, $current)) {
                    $error = 'Das aktuelle Passwort ist falsch.';
                } elseif (mb_strlen($new) < 8) {
                    $error = 'Das neue Passwort muss mindestens 8 Zeichen lang sein.';
                } elseif ($new !== $confirm) {
                    $error = 'Die neuen Passwörter stimmen nicht überein.';
                } else {
                    $user->setPasswordHash($this->hasher->hashPassword($user, $new));
                    $this->users->save($user);

                    $this->addFlash('success', 'Passwort erfolgreich geändert.');

                    return $this->redirectToRoute('app_change_password');
                }
            }
        }

        return $this->render('security/change_password.html.twig', [
            'error' => $error,
        ]);
    }
}