defmodule PhilomenaWeb.Registration.PasswordController do
  use PhilomenaWeb, :controller

  alias Philomena.Users
  alias PhilomenaWeb.UserAuth

  plug PhilomenaWeb.CompromisedPasswordCheckPlug when action in [:update]

  def update(conn, %{"current_password" => password, "user" => user_params}) do
    user = conn.assigns.current_user

    case Users.update_user_password(user, password, user_params) do
      {:ok, user} ->
        conn
        |> put_flash(:info, "Password updated successfully.")
        |> put_session(:user_return_to, Routes.registration_path(conn, :edit))
        |> UserAuth.log_in_user(user)

      {:error, _changeset} ->
        conn
        |> put_flash(:error, "Failed to update password.")
        |> redirect(to: Routes.registration_path(conn, :edit))
    end
  end
end