package com.social.media.application.user.handler;

import com.social.media.application.user.command.ChangePasswordCommand;
import com.social.media.domain.user.aggregate.User;
import com.social.media.domain.user.repository.UserRepository;
import com.social.media.domain.shared.exception.BusinessRuleViolationException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
public class ChangePasswordCommandHandler {
    
    private final UserRepository userRepository;
    private final PasswordEncoder passwordEncoder;
    
    public ChangePasswordCommandHandler(UserRepository userRepository, PasswordEncoder passwordEncoder) {
        this.userRepository = userRepository;
        this.passwordEncoder = passwordEncoder;
    }
    
    @Transactional
    public void handle(ChangePasswordCommand command) {
        User user = userRepository.findById(command.userId())
            .orElseThrow(() -> new BusinessRuleViolationException("User not found with ID: " + command.userId()));
        
        // Verify current password
        if (!passwordEncoder.matches(command.currentPassword(), user.getPasswordHash())) {
            throw new BusinessRuleViolationException("Current password is incorrect");
        }
        
        // Encode new password and update
        String encodedNewPassword = passwordEncoder.encode(command.newPassword());
        user.changePassword(encodedNewPassword);
        
        userRepository.save(user);
    }
}

