@page "/account/change-password"
@attribute [Microsoft.AspNetCore.Authorization.Authorize]
@inject IUserService UserService
@inject IUserContextAccessor UserContext
@inject IAuditService Audit
@rendermode InteractiveServer
@using SharepointToolbox.Web.Core.Models
@using SharepointToolbox.Web.Services.Audit
@using SharepointToolbox.Web.Services.Auth
@using SharepointToolbox.Web.Services.Session

<h1 class="page-title">Change Password</h1>

@if (!UserContext.IsAuthenticated)
{
    <div class="alert alert-error">You must be signed in.</div>
    return;
}

@if (_user is null)
{
    <p class="page-subtitle">Loading…</p>
}
else if (_user.Provider != AuthProvider.Local)
{
    <div class="alert alert-info">
        Your account signs in with Microsoft (Entra). Manage its password in your Microsoft account.
    </div>
}
else
{
    @if (!string.IsNullOrEmpty(_message))
    {
        <div class="alert @(_isError ? "alert-error" : "alert-success")">@_message</div>
    }
    <div class="card" style="max-width:420px">
        <label class="form-label" for="cur">Current password</label>
        <input id="cur" class="form-input" type="password" @bind="_current" autocomplete="current-password" />

        <label class="form-label" for="new" style="margin-top:12px">New password</label>
        <input id="new" class="form-input" type="password" @bind="_new" autocomplete="new-password" />

        <label class="form-label" for="confirm" style="margin-top:12px">Confirm new password</label>
        <input id="confirm" class="form-input" type="password" @bind="_confirm" autocomplete="new-password" />

        <div style="margin-top:14px">
            <button class="btn btn-primary" @onclick="SubmitAsync">Change password</button>
        </div>
    </div>
}

@code {
    private AppUser? _user;
    private string _current = string.Empty;
    private string _new     = string.Empty;
    private string _confirm = string.Empty;
    private string _message = string.Empty;
    private bool   _isError;

    protected override async Task OnInitializedAsync()
    {
        if (UserContext.IsAuthenticated)
            _user = await UserService.GetByEmailAsync(UserContext.Email);
    }

    private async Task SubmitAsync()
    {
        if (_user is null) return;
        if (string.IsNullOrWhiteSpace(_new) || _new != _confirm)
        {
            _message = "New passwords do not match.";
            _isError = true;
            return;
        }

        var ok = await UserService.ChangePasswordAsync(_user.Id, _current, _new);
        if (ok)
        {
            await Audit.LogAsync("PasswordChanged", "", Array.Empty<string>(),
                $"Changed own password ({_user.Email}).");
            _message = "Password changed.";
            _isError = false;
            _current = _new = _confirm = string.Empty;
        }
        else
        {
            _message = "Current password is incorrect.";
            _isError = true;
        }
    }
}