package main

import (
	"biukop.com/sfm/loan"
	"encoding/json"
	log "github.com/sirupsen/logrus"
	"net/http"
)

type changePass struct {
	OldPassword string
	NewPass     string
	NewPass1    string
}

func decodeJsonChangePass(r *http.Request) (ret changePass, e error) {
	decoder := json.NewDecoder(r.Body)
	//decoder.DisallowUnknownFields()
	e = decoder.Decode(&ret)
	if e != nil {
		log.Error("failed decoding json change password ", e.Error())
		return
	}
	return
}

func apiV1ChangePass(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
	id := r.URL.Path[len(apiV1Prefix+"change-pass/"):]

	u := loan.User{}
	e := u.Read(id)

	if e != nil {
		log.Error("cannot change pass for user ", id, e.Error())
		apiV1Client403Error(w, r, ss)
		return
	}

	input, e := decodeJsonChangePass(r)
	if e != nil {
		log.Error("cannot decode json for change password ", id, e.Error())
		apiV1Client403Error(w, r, ss)
		return
	}

	if ss.GetRole() != "admin" {
		e = u.VerifyPass(input.OldPassword)
		if e != nil {
			log.Error("wrong old password ", id, e.Error())
			apiV1Client403Error(w, r, ss)
			return
		}
	}

	u.SetPass(input.NewPass)
	e = u.Write()
	if e != nil {
		log.Error("fail to update new pass ", id, e.Error())
		apiV1Server500Error(w, r)
		return
	}

	apiV1SendJson(true, w, r, ss)
}