// Journey: TOTP enrolled → change password without step-up must fail (403)
import { post, checkError } from '../lib/http.js';
import { registerAndConfirm } from '../lib/auth.js';
import { enrollTOTP } from '../lib/member.js';

export const options = {
  vus: 1,
  iterations: 1,
  thresholds: { checks: ['rate==1.0'] },
};

export default function () {
  const { identity, tokens } = registerAndConfirm();
  const bearer = { Authorization: `Bearer ${tokens.access_token}` };

  enrollTOTP(bearer);

  checkError(
    post(
      '/api/v1/members/me/password',
      {
        current_password: identity.password,
        new_password: 'K6-NewPass-9!',
      },
      bearer,
    ),
    'POST /me/password without step-up (totp enrolled)',
    403,
    29505000,
  );
}