frasermolyneux
diff --git a/‎src/XtremeIdiots.Portal.Web.Tests/Controllers/ProfileControllerTests.cs‎
Lines changed: 168 additions & 0 deletions b/‎src/XtremeIdiots.Portal.Web.Tests/Controllers/ProfileControllerTests.cs‎
Lines changed: 168 additions & 0 deletions
diff --git a/‎src/XtremeIdiots.Portal.Web/Controllers/ProfileController.cs‎
Lines changed: 104 additions & 1 deletion b/‎src/XtremeIdiots.Portal.Web/Controllers/ProfileController.cs‎
Lines changed: 104 additions & 1 deletion
diff --git a/‎src/XtremeIdiots.Portal.Web/Models/ProfileManageViewModel.cs‎
Lines changed: 29 additions & 0 deletions b/‎src/XtremeIdiots.Portal.Web/Models/ProfileManageViewModel.cs‎
Lines changed: 29 additions & 0 deletions
@@ -0,0 +1,168 @@
+using System.Net;
+using System.Security.Claims;
+
+using Microsoft.ApplicationInsights;
+using Microsoft.ApplicationInsights.Extensibility;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ViewFeatures;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
+
+using Moq;
+using MX.Api.Abstractions;
+using MX.Observability.ApplicationInsights.Auditing;
+using Newtonsoft.Json;
+
+using XtremeIdiots.Portal.Repository.Abstractions.Constants.V1;
+using XtremeIdiots.Portal.Repository.Abstractions.Models.V1.ConnectedPlayers;
+using XtremeIdiots.Portal.Repository.Abstractions.Models.V1.UserProfiles;
+using XtremeIdiots.Portal.Repository.Api.Client.V1;
+using XtremeIdiots.Portal.Web.Controllers;
+using XtremeIdiots.Portal.Web.Models;
+
+namespace XtremeIdiots.Portal.Web.Tests.Controllers;
+
+public class ProfileControllerTests
+{
+    private readonly Mock<IRepositoryApiClient> mockRepositoryApiClient = new(MockBehavior.Default) { DefaultValue = DefaultValue.Mock };
+    private readonly TelemetryClient telemetryClient = new(new TelemetryConfiguration());
+    private readonly Mock<ILogger<ProfileController>> mockLogger = new();
+    private readonly Mock<IConfiguration> mockConfiguration = new();
+    private readonly IAuditLogger auditLogger = new Mock<IAuditLogger>().Object;
+
+    private ProfileController CreateSut(ClaimsPrincipal? user = null)
+    {
+        var controller = new ProfileController(
+            mockRepositoryApiClient.Object,
+            telemetryClient,
+            mockLogger.Object,
+            mockConfiguration.Object,
+            auditLogger);
+
+        var httpContext = new DefaultHttpContext
+        {
+            User = user ?? new ClaimsPrincipal(new ClaimsIdentity("TestAuth"))
+        };
+
+        controller.ControllerContext = new ControllerContext { HttpContext = httpContext };
+        controller.TempData = new TempDataDictionary(httpContext, Mock.Of<ITempDataProvider>());
+
+        return controller;
+    }
+
+    [Fact]
+    public async Task Manage_WhenUserClaimMissing_ReturnsEmptyProfileModel()
+    {
+        // Arrange
+        var sut = CreateSut();
+
+        // Act
+        var result = await sut.Manage();
+
+        // Assert
+        var viewResult = Assert.IsType<ViewResult>(result);
+        var model = Assert.IsType<ProfileManageViewModel>(viewResult.Model);
+
+        Assert.Null(model.UserProfileId);
+        Assert.Null(model.ActiveActivationCode);
+        Assert.Empty(model.LinkedPlayers);
+        Assert.Equal(0, model.TotalLinkedPlayers);
+        Assert.False(model.IsLinkedPlayersCapped);
+    }
+
+    [Fact]
+    public async Task ActivateConnectedPlayerCode_WhenProfileNotFound_DoesNotCallActivationEndpoint()
+    {
+        // Arrange
+        mockRepositoryApiClient
+            .Setup(x => x.UserProfiles.V1.GetUserProfileByXtremeIdiotsId(It.IsAny<string>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync(new ApiResult<UserProfileDto>(HttpStatusCode.NotFound));
+
+        var user = new ClaimsPrincipal(
+            new ClaimsIdentity([
+                new Claim(UserProfileClaimType.XtremeIdiotsId, "123456")
+            ], "TestAuth"));
+
+        var sut = CreateSut(user);
+
+        // Act
+        var result = await sut.ActivateConnectedPlayerCode();
+
+        // Assert
+        var redirectResult = Assert.IsType<RedirectToActionResult>(result);
+        Assert.Equal(nameof(ProfileController.Manage), redirectResult.ActionName);
+
+        mockRepositoryApiClient
+            .Verify(x => x.ConnectedPlayers.V1.ActivateConnectedPlayerActivationCode(
+                It.IsAny<ActivateConnectedPlayerActivationCodeDto>(),
+                It.IsAny<CancellationToken>()), Times.Never);
+    }
+
+    [Fact]
+    public async Task ActivateConnectedPlayerCode_WhenProfileFound_CallsActivationEndpoint()
+    {
+        // Arrange
+        var userProfileId = Guid.NewGuid();
+        var userProfile = CreateUserProfileDto(userProfileId);
+
+        mockRepositoryApiClient
+            .Setup(x => x.UserProfiles.V1.GetUserProfileByXtremeIdiotsId(It.IsAny<string>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync(new ApiResult<UserProfileDto>(HttpStatusCode.OK, new ApiResponse<UserProfileDto>(userProfile)));
+
+        var activationDto = CreateActivationCodeDto(userProfileId, "ABC123");
+
+        mockRepositoryApiClient
+            .Setup(x => x.ConnectedPlayers.V1.ActivateConnectedPlayerActivationCode(It.IsAny<ActivateConnectedPlayerActivationCodeDto>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync(new ApiResult<ConnectedPlayerActivationCodeDto>(HttpStatusCode.OK, new ApiResponse<ConnectedPlayerActivationCodeDto>(activationDto)));
+
+        var user = new ClaimsPrincipal(
+            new ClaimsIdentity([
+                new Claim(UserProfileClaimType.XtremeIdiotsId, "123456")
+            ], "TestAuth"));
+
+        var sut = CreateSut(user);
+
+        // Act
+        var result = await sut.ActivateConnectedPlayerCode();
+
+        // Assert
+        var redirectResult = Assert.IsType<RedirectToActionResult>(result);
+        Assert.Equal(nameof(ProfileController.Manage), redirectResult.ActionName);
+
+        mockRepositoryApiClient
+            .Verify(x => x.ConnectedPlayers.V1.ActivateConnectedPlayerActivationCode(
+                It.Is<ActivateConnectedPlayerActivationCodeDto>(dto => dto.UserProfileId == userProfileId),
+                It.IsAny<CancellationToken>()), Times.Once);
+    }
+
+    private static UserProfileDto CreateUserProfileDto(Guid userProfileId)
+    {
+        var json = JsonConvert.SerializeObject(new
+        {
+            UserProfileId = userProfileId,
+            XtremeIdiotsForumId = "123456",
+            DisplayName = "Test User",
+            UserProfileClaims = Array.Empty<object>()
+        });
+
+        return JsonConvert.DeserializeObject<UserProfileDto>(json)!;
+    }
+
+    private static ConnectedPlayerActivationCodeDto CreateActivationCodeDto(Guid userProfileId, string code)
+    {
+        var json = JsonConvert.SerializeObject(new
+        {
+            ConnectedPlayerActivationCodeId = Guid.NewGuid(),
+            UserProfileId = userProfileId,
+            Code = code,
+            ExpiresAtUtc = DateTime.UtcNow.AddMinutes(5),
+            AttemptCount = 0,
+            MaxAttempts = 3,
+            IsActive = true,
+            ActivatedAtUtc = DateTime.UtcNow
+        });
+
+        return JsonConvert.DeserializeObject<ConnectedPlayerActivationCodeDto>(json)!;
+    }
+}
@@ -2,6 +2,7 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
+using XtremeIdiots.Portal.Repository.Abstractions.Models.V1.ConnectedPlayers;
 using XtremeIdiots.Portal.Repository.Abstractions.Models.V1.Notifications;
 using XtremeIdiots.Portal.Repository.Api.Client.V1;
 using XtremeIdiots.Portal.Web.Auth.Constants;
@@ -37,7 +38,48 @@ public class ProfileController(
     [HttpGet]
     public async Task<IActionResult> Manage(CancellationToken cancellationToken = default)
     {
-        return await ExecuteWithErrorHandlingAsync(() => Task.FromResult<IActionResult>(View()), nameof(Manage)).ConfigureAwait(false);
+        return await ExecuteWithErrorHandlingAsync(async () =>
+        {
+            var model = await BuildProfileManageViewModel(cancellationToken).ConfigureAwait(false);
+            return View(model);
+        }, nameof(Manage)).ConfigureAwait(false);
+    }
+
+    /// <summary>
+    /// Creates a new active connected-player activation code for the current profile.
+    /// </summary>
+    [HttpPost]
+    [ValidateAntiForgeryToken]
+    public async Task<IActionResult> ActivateConnectedPlayerCode(CancellationToken cancellationToken = default)
+    {
+        return await ExecuteWithErrorHandlingAsync(async () =>
+        {
+            var userProfile = await GetCurrentUserProfile(cancellationToken).ConfigureAwait(false);
+            if (userProfile is null)
+            {
+                this.AddAlertDanger("Unable to resolve your profile. Please sign in again and retry.");
+                return RedirectToAction(nameof(Manage));
+            }
+
+            var activationResponse = await repositoryApiClient.ConnectedPlayers.V1
+                .ActivateConnectedPlayerActivationCode(new ActivateConnectedPlayerActivationCodeDto
+                {
+                    UserProfileId = userProfile.UserProfileId
+                }, cancellationToken)
+                .ConfigureAwait(false);
+
+            var activationCode = activationResponse.Result?.Data?.Code;
+            if (activationResponse.IsSuccess && !string.IsNullOrWhiteSpace(activationCode))
+            {
+                this.AddAlertSuccess($"Activation code generated: {activationCode}");
+            }
+            else
+            {
+                this.AddAlertDanger("Failed to generate activation code. Please try again.");
+            }
+
+            return RedirectToAction(nameof(Manage));
+        }, nameof(ActivateConnectedPlayerCode)).ConfigureAwait(false);
     }
 
     /// <summary>
@@ -203,4 +245,65 @@ public async Task<IActionResult> AllNotifications(int page = 1, CancellationToke
         }, nameof(AllNotifications)).ConfigureAwait(false);
     }
 
+    private async Task<ProfileManageViewModel> BuildProfileManageViewModel(CancellationToken cancellationToken)
+    {
+        var userProfile = await GetCurrentUserProfile(cancellationToken).ConfigureAwait(false);
+        if (userProfile is null)
+            return new ProfileManageViewModel(null, null, [], 0, false);
+
+        const int linkedPlayersPageSize = 100;
+
+        var activeCodeResult = await repositoryApiClient.ConnectedPlayers.V1
+            .GetActiveConnectedPlayerActivationCode(userProfile.UserProfileId, cancellationToken)
+            .ConfigureAwait(false);
+
+        var linkedPlayersResult = await repositoryApiClient.ConnectedPlayers.V1
+            .GetConnectedPlayersByUserProfile(userProfile.UserProfileId, 0, linkedPlayersPageSize, cancellationToken)
+            .ConfigureAwait(false);
+
+        var linkedPlayers = (linkedPlayersResult.Result?.Data?.Items ?? [])
+            .Select(x => new ProfileLinkedPlayerViewModel(
+                x.GameType.ToString(),
+                x.Username,
+                x.LinkMethod.ToString(),
+                x.LinkedAtUtc,
+                x.UnlinkedAtUtc,
+                x.IsActive))
+            .ToList();
+
+        var activeCodeData = activeCodeResult.IsNotFound ? null : activeCodeResult.Result?.Data;
+        var activeCode = activeCodeData is null
+            ? null
+            : new ProfileActivationCodeViewModel(
+                activeCodeData.Code,
+                activeCodeData.ExpiresAtUtc,
+                activeCodeData.IsActive);
+
+        var totalLinkedPlayers = linkedPlayersResult.Result?.Pagination?.TotalCount ?? linkedPlayers.Count;
+        var isLinkedPlayersCapped = totalLinkedPlayers > linkedPlayers.Count;
+
+        return new ProfileManageViewModel(
+            userProfile.UserProfileId,
+            activeCode,
+            linkedPlayers,
+            totalLinkedPlayers,
+            isLinkedPlayersCapped);
+    }
+
+    private async Task<XtremeIdiots.Portal.Repository.Abstractions.Models.V1.UserProfiles.UserProfileDto?> GetCurrentUserProfile(CancellationToken cancellationToken)
+    {
+        var xtremeIdiotsId = User.XtremeIdiotsId();
+        if (string.IsNullOrEmpty(xtremeIdiotsId))
+            return null;
+
+        var userProfileResponse = await repositoryApiClient.UserProfiles.V1
+            .GetUserProfileByXtremeIdiotsId(xtremeIdiotsId, cancellationToken)
+            .ConfigureAwait(false);
+
+        if (userProfileResponse.IsNotFound || userProfileResponse.Result?.Data is null)
+            return null;
+
+        return userProfileResponse.Result.Data;
+    }
+
 }
@@ -0,0 +1,29 @@
+namespace XtremeIdiots.Portal.Web.Models;
+
+/// <summary>
+/// View model for the profile manage page with connected-player linking state.
+/// </summary>
+/// <param name="UserProfileId">Current portal user profile id, if available</param>
+/// <param name="ActiveActivationCode">Current active activation code, if available</param>
+/// <param name="LinkedPlayers">Connected player links for the current profile</param>
+/// <param name="TotalLinkedPlayers">Total linked players reported by the API for this profile</param>
+/// <param name="IsLinkedPlayersCapped">Indicates whether the linked players list shown in UI is capped</param>
+public record ProfileManageViewModel(
+    Guid? UserProfileId,
+    ProfileActivationCodeViewModel? ActiveActivationCode,
+    IList<ProfileLinkedPlayerViewModel> LinkedPlayers,
+    int TotalLinkedPlayers,
+    bool IsLinkedPlayersCapped);
+
+public record ProfileActivationCodeViewModel(
+    string Code,
+    DateTime ExpiresAtUtc,
+    bool IsActive);
+
+public record ProfileLinkedPlayerViewModel(
+    string GameType,
+    string Username,
+    string LinkMethod,
+    DateTime LinkedAtUtc,
+    DateTime? UnlinkedAtUtc,
+    bool IsActive);