Merge branch 'main' of https://git.azuze.fr/kawa/SharepointToolbox-Web

Services/Auth/IUserService.cs

@@ -6,11 +6,26 @@ namespace SharepointToolbox.Web.Services.Auth;
 public interface IUserService
 {
     /// <summary>Auto-provision on first OIDC login; update LastLogin on subsequent logins.
-    /// First user ever becomes Admin automatically.</summary>
+    /// First user ever becomes Admin automatically. Tags the user as <see cref="AuthProvider.Entra"/>.</summary>
     Task<AppUser> ProvisionAsync(ClaimsPrincipal principal);
 
     Task<AppUser?> GetByEmailAsync(string email);
     Task<IReadOnlyList<AppUser>> GetAllAsync();
     Task UpdateRoleAsync(string userId, UserRole role);
     Task DeleteAsync(string userId);
+
+    /// <summary>Create a local password-based account. First user ever becomes Admin.</summary>
+    /// <exception cref="InvalidOperationException">Email already in use.</exception>
+    Task<AppUser> CreateLocalUserAsync(string email, string displayName, UserRole role, string password);
+
+    /// <summary>Validate local credentials. Returns the user and updates LastLogin on success; null otherwise.
+    /// Only matches <see cref="AuthProvider.Local"/> accounts.</summary>
+    Task<AppUser?> ValidateLocalCredentialsAsync(string email, string password);
+
+    /// <summary>Admin reset — set a local user's password without knowing the current one.</summary>
+    Task SetPasswordAsync(string userId, string newPassword);
+
+    /// <summary>Self-service — change own password after verifying the current one.</summary>
+    /// <returns>true if the current password matched and the change was saved.</returns>
+    Task<bool> ChangePasswordAsync(string userId, string currentPassword, string newPassword);
 }