<?php

namespace Tests\Feature\Tenant;

use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Notification;

class ProfileApiTest extends TenantTestCase
{
    public function test_profile_endpoint_returns_current_user_details(): void
    {
        $response = $this->authenticatedRequest('GET', '/api/v1/tenant/profile');

        $response->assertOk();
        $payload = $response->json('data');

        $this->assertSame($this->tenantUser->id, $payload['id']);
        $this->assertSame($this->tenantUser->email, $payload['email']);
        $this->assertSame($this->tenantUser->name, $payload['name']);
        $this->assertTrue($payload['email_verified']);
    }

    public function test_profile_update_allows_name_and_email_changes(): void
    {
        Notification::fake();

        $newEmail = 'updated-'.$this->tenantUser->id.'@example.com';

        $response = $this->authenticatedRequest('PUT', '/api/v1/tenant/profile', [
            'name' => 'Updated Name',
            'email' => $newEmail,
            'preferred_locale' => 'en',
        ]);

        $response->assertOk();

        $payload = $response->json('data');
        $this->assertSame('Updated Name', $payload['name']);
        $this->assertSame($newEmail, $payload['email']);
        $this->assertFalse($payload['email_verified']);
        $this->assertSame('en', $payload['preferred_locale']);

        $this->assertDatabaseHas(User::class, [
            'id' => $this->tenantUser->id,
            'name' => 'Updated Name',
            'email' => $newEmail,
            'preferred_locale' => 'en',
        ]);

        Notification::assertSentToTimes($this->tenantUser->fresh(), \Illuminate\Auth\Notifications\VerifyEmail::class, 1);
    }

    public function test_profile_update_requires_current_password_for_password_change(): void
    {
        $response = $this->authenticatedRequest('PUT', '/api/v1/tenant/profile', [
            'name' => $this->tenantUser->name,
            'email' => $this->tenantUser->email,
            'current_password' => 'wrong-password',
            'password' => 'new-secure-password',
            'password_confirmation' => 'new-secure-password',
        ]);

        $response->assertStatus(422);
        $response->assertJson([
            'error' => [
                'code' => 'profile.invalid_current_password',
            ],
        ]);
    }

    public function test_profile_update_allows_password_change_with_correct_current_password(): void
    {
        $newPassword = 'NewStrongPassword123!';

        $response = $this->authenticatedRequest('PUT', '/api/v1/tenant/profile', [
            'name' => $this->tenantUser->name,
            'email' => $this->tenantUser->email,
            'current_password' => 'password',
            'password' => $newPassword,
            'password_confirmation' => $newPassword,
        ]);

        $response->assertOk();

        $this->tenantUser->refresh();
        $this->assertTrue(Hash::check($newPassword, $this->tenantUser->password));
    }
}