defmodule MvWeb.Helpers.UserHelpers do
  @moduledoc """
  Helper functions for user-related display in the web layer.

  Provides utilities for showing authentication status without exposing
  sensitive attributes (e.g. hashed_password).
  """

  @doc """
  Returns whether the user has password authentication set.

  Only returns true when `hashed_password` is a non-empty string. This avoids
  treating `nil`, empty string, or forbidden/redacted values (e.g. when the
  attribute is not visible to the actor) as "has password".

  ## Examples

      iex> user = %{hashed_password: nil}
      iex> MvWeb.Helpers.UserHelpers.has_password?(user)
      false

      iex> user = %{hashed_password: "$2b$12$..."}
      iex> MvWeb.Helpers.UserHelpers.has_password?(user)
      true

      iex> user = %{hashed_password: ""}
      iex> MvWeb.Helpers.UserHelpers.has_password?(user)
      false
  """
  @spec has_password?(map() | struct()) :: boolean()
  def has_password?(user) when is_map(user) do
    case Map.get(user, :hashed_password) do
      hash when is_binary(hash) and byte_size(hash) > 0 -> true
      _ -> false
    end
  end

  @doc """
  Returns whether the user is linked via OIDC/SSO (has a non-empty oidc_id).

  ## Examples

      iex> user = %{oidc_id: nil}
      iex> MvWeb.Helpers.UserHelpers.has_oidc?(user)
      false

      iex> user = %{oidc_id: "sub-from-rauthy"}
      iex> MvWeb.Helpers.UserHelpers.has_oidc?(user)
      true
  """
  @spec has_oidc?(map() | struct()) :: boolean()
  def has_oidc?(user) when is_map(user) do
    case Map.get(user, :oidc_id) do
      id when is_binary(id) and byte_size(id) > 0 -> true
      _ -> false
    end
  end
end