<?php

declare(strict_types=1);

namespace Tests\Feature\Api\V1;

use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Hash;
use Tests\TestCase;

class PasswordChangeTest extends TestCase
{
    use RefreshDatabase;

    public function test_user_can_change_password(): void
    {
        $user = User::factory()->create([
            'password' => bcrypt('OudWachtwoord1'),
        ]);

        $response = $this->actingAs($user)->postJson('/api/v1/me/change-password', [
            'current_password' => 'OudWachtwoord1',
            'password' => 'NieuwWachtwoord1',
            'password_confirmation' => 'NieuwWachtwoord1',
        ]);

        $response->assertOk();

        $user->refresh();
        $this->assertTrue(Hash::check('NieuwWachtwoord1', $user->password));
    }

    public function test_password_change_requires_correct_current_password(): void
    {
        $user = User::factory()->create([
            'password' => bcrypt('OudWachtwoord1'),
        ]);

        $response = $this->actingAs($user)->postJson('/api/v1/me/change-password', [
            'current_password' => 'FoutWachtwoord1',
            'password' => 'NieuwWachtwoord1',
            'password_confirmation' => 'NieuwWachtwoord1',
        ]);

        $response->assertStatus(422);
        $response->assertJsonValidationErrors('current_password');
    }

    public function test_password_change_revokes_other_tokens(): void
    {
        $user = User::factory()->create([
            'password' => bcrypt('OudWachtwoord1'),
        ]);

        // Create two tokens
        $currentToken = $user->createToken('current-session');
        $otherToken = $user->createToken('other-session');

        $this->assertCount(2, $user->tokens()->get());

        // Act as user with the current token
        $response = $this->withHeaders([
            'Authorization' => 'Bearer ' . $currentToken->plainTextToken,
        ])->postJson('/api/v1/me/change-password', [
            'current_password' => 'OudWachtwoord1',
            'password' => 'NieuwWachtwoord1',
            'password_confirmation' => 'NieuwWachtwoord1',
        ]);

        $response->assertOk();

        // Only the current session token should remain
        $this->assertCount(1, $user->tokens()->get());
    }

    public function test_password_change_requires_confirmation(): void
    {
        $user = User::factory()->create([
            'password' => bcrypt('OudWachtwoord1'),
        ]);

        $response = $this->actingAs($user)->postJson('/api/v1/me/change-password', [
            'current_password' => 'OudWachtwoord1',
            'password' => 'NieuwWachtwoord1',
        ]);

        $response->assertStatus(422);
        $response->assertJsonValidationErrors('password');
    }

    public function test_password_change_requires_authentication(): void
    {
        $response = $this->postJson('/api/v1/me/change-password', [
            'current_password' => 'OudWachtwoord1',
            'password' => 'NieuwWachtwoord1',
            'password_confirmation' => 'NieuwWachtwoord1',
        ]);

        $response->assertStatus(401);
    }

    public function test_password_change_enforces_password_rules(): void
    {
        $user = User::factory()->create([
            'password' => bcrypt('OudWachtwoord1'),
        ]);

        $response = $this->actingAs($user)->postJson('/api/v1/me/change-password', [
            'current_password' => 'OudWachtwoord1',
            'password' => 'short',
            'password_confirmation' => 'short',
        ]);

        $response->assertStatus(422);
        $response->assertJsonValidationErrors('password');
    }
}