<?php

namespace App\Http\Controllers\Api;

use Illuminate\Http\Request;
use Illuminate\Cookie\CookieJar;
use Illuminate\Http\JsonResponse;
use Illuminate\Routing\Redirector;
use Source\Authorization\Authorizer;
use Illuminate\Http\RedirectResponse;
use Source\Exceptions\AuthenticationException;
use Source\Exceptions\EntityNotFoundException;
use Source\UseCases\Users\Authenticate\APIPresenter;
use Source\UseCases\Users\Authenticate\AuthenticateUseCase;
use Source\UseCases\Users\Authenticate\UserCreationException;

/**
 * @group Authentication
 *
 * This set of routes deals with authentication with the application through SAML and application login.
 */
class AuthController extends ApiController
{
    protected CookieJar $cookieJar;

    /**
     * @param \Illuminate\Http\Request         $request
     * @param \Source\Authorization\Authorizer $authorizer
     * @param \Illuminate\Cookie\CookieJar     $cookieJar
     */
    public function __construct(Request $request, Authorizer $authorizer, CookieJar $cookieJar)
    {
        parent::__construct($request, $authorizer);

        $this->cookieJar = $cookieJar;
    }

    /**
     * Welcome
     *
     * This endpoint requires no auth and is the welcome page for any API user.
     *
     * @unauthenticated
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function welcome(): JsonResponse
    {
        return new JsonResponse(['welcome' => 'Welcome to the elock API.']);
    }

    /**
     * Login request to application
     *
     * This endpoint returns a token that can be used in other endpoints as well as setting a cookie.
     * One does not need to make a request to this if they have a valid token.
     *
     * @unauthenticated
     * @bodyParam email string required The email of the login user. Example: sithL0rd@senate.com
     * @bodyParam password string required The password of the user to login as. Example: I am the senate
     *
     * @response 422 {"message":"The given data was invalid.","errors":{"email":["The email field is required."],"password":["The password field is required."]}}
     *
     * @param AuthenticateUseCase $authenticateUseCase
     * @return JsonResponse
     * @throws AuthenticationException
     * @throws EntityNotFoundException
     * @throws \Illuminate\Validation\ValidationException
     */
    public function login(AuthenticateUseCase $authenticateUseCase): JsonResponse
    {
        $this->validate($this->request, [
            'email' => 'required|string|email',
            'password' => 'required|string',
        ]);

        $presenter = new APIPresenter();

        $authenticateUseCase->attempt($presenter, $this->request->all());

        return $this->respondWithData($presenter->getViewModel())->withCookie(
            $this->cookieJar->make(
                'api_token',
                $presenter->getViewModel()['token']['value'],
                $presenter->getViewModel()['token']['minutes']
            )
        );
    }

    /**
     * Start a saml login request
     *
     * This route redirects the user to the running SAML authentication instance to start authentication with SAML
     *
     * @unauthenticated
     * @urlParam intended The url to redirect back to once authentication is successful.
     *
     * @param \Illuminate\Routing\Redirector                          $redirector
     * @param \Source\UseCases\Users\Authenticate\AuthenticateUseCase $authenticateUseCase
     * @return \Illuminate\Http\RedirectResponse
     */
    public function samlLogin(Redirector $redirector, AuthenticateUseCase $authenticateUseCase): RedirectResponse
    {
        if ($this->request->has('intended')) {
            $redirector->setIntendedUrl($this->request->input('intended'));
        }

        return $redirector->to($authenticateUseCase->handToSaml());
    }

    /**
     * Handle SAML login
     *
     * This API is only meant to be used by SAML after a return from a login.
     *
     * @unauthenticated
     *
     * @param AuthenticateUseCase $authenticateUseCase
     * @return mixed
     * @throws EntityNotFoundException
     * @throws \Source\Exceptions\EntityExistsException
     * @throws \Source\Exceptions\AuthorizationException
     */
    public function handle(AuthenticateUseCase $authenticateUseCase)
    {
        $presenter = new APIPresenter();

        try {
            $authenticateUseCase->handleSamlLogin($presenter);
        } catch (UserCreationException $e) {
            $this->setStatusCode(400);
            return $this->respondWithError(
                'Invalid SAML user given. If you believe this is in error, please contact an administrator.'
            );
        }

        return redirect()->intended(url(config('saml.home_page')))->withCookie(
            $this->cookieJar->make(
                'api_token',
                $presenter->getViewModel()['token']['value'],
                $presenter->getViewModel()['token']['minutes']
            )
        );
    }

    /**
     * Log out
     *
     * This endpoint logs out of saml and expires the associated api/login token and cookie.
     *
     * @unauthenticated
     *
     * @param AuthenticateUseCase $authenticateUseCase
     * @return RedirectResponse
     */
    public function samlLogout(AuthenticateUseCase $authenticateUseCase): RedirectResponse
    {
        $this->cookieJar->queue($this->cookieJar->forget('api_token'));

        $logout = $authenticateUseCase->samlLogout($this->request->cookie('api_token'));

        if ($this->request->has('intended')) {
            $logout = $this->request->input('intended');
        }

        return redirect($logout);
    }
}