<?php

declare(strict_types=1);

namespace Netig\Netslim\Identity\Application\UseCase;

use Netig\Netslim\Identity\Application\Command\ResetPasswordCommand;
use Netig\Netslim\Identity\Domain\Exception\InvalidResetTokenException;
use Netig\Netslim\Identity\Domain\Policy\PasswordPolicy;
use Netig\Netslim\Identity\Domain\Repository\PasswordResetRepositoryInterface;
use Netig\Netslim\Identity\Domain\Repository\UserRepositoryInterface;
use Netig\Netslim\Kernel\Persistence\Application\TransactionManagerInterface;

/**
 * Use case de consommation atomique d'un token de réinitialisation.
 */
final readonly class ResetPassword
{
    public function __construct(
        private PasswordResetRepositoryInterface $passwordResetRepository,
        private UserRepositoryInterface $userRepository,
        private TransactionManagerInterface $transactionManager,
        private PasswordPolicy $passwordPolicy,
    ) {}

    /**
     * @throws InvalidResetTokenException
     */
    public function handle(ResetPasswordCommand $command): void
    {
        $this->passwordPolicy->assert($command->newPassword);

        $usedAt = date('Y-m-d H:i:s');
        $newHash = $this->passwordPolicy->hash($command->newPassword);

        $this->transactionManager->run(function () use ($command, $usedAt, $newHash): void {
            $row = $this->passwordResetRepository->consumeActiveToken(hash('sha256', $command->tokenRaw), $usedAt);

            if ($row === null) {
                throw new InvalidResetTokenException();
            }

            $user = $this->userRepository->findById((int) $row['user_id']);

            if ($user === null) {
                throw new InvalidResetTokenException();
            }

            $this->userRepository->updatePassword($user->getId(), $newHash);
        });
    }
}