<?php
namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
use Doctrine\Persistence\ManagerRegistry;

use App\Service\ApiService;
use App\Service\PasswordEncoder;
use App\Service\LdapService;

use App\Form\LoginType;


class HydraController extends AbstractController
{

    private $apiservice;
    private $passwordencoder;
    private $ldapservice;

    public function __construct(ApiService $apiservice,LdapService $ldapservice,PasswordEncoder $passwordencoder)
    {
        $this->apiservice = $apiservice;
        $this->passwordencoder = $passwordencoder;
        $this->ldapservice = $ldapservice;
    }

    public function loginsql(Request $request): Response
    {       

        $challenge = $request->query->get('login_challenge');

        // S'il n'y a pas de challenge, on déclenche une bad request
        if (!$challenge) {
            throw new BadRequestException('pas de challenge');
        }
        
        // On vérifie que la requête d'identification provient bien de hydra
        $response = $this->apiservice->run("GET",$this->getParameter('hydraLoginchallenge').$challenge,null);
        if(!$response) 
            throw new BadRequestException('challenge invalide');

        // si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect
        $request->getSession()->set('hydraChallenge', $challenge);

        // Création du formulaire
        $form = $this->createForm(LoginType::class);

        // Récupération des data du formulaire
        $form->handleRequest($request);
        

        // Affichage du formulaire
        return $this->render("Home/loginHYDRA.html.twig", [
            "useheader"=>false,
            "usemenu"=>false,
            "usesidebar"=>false,
            "form"=>$form->createView(),
            "mode"=>"SQL",
        ]);
    }

    public function checkloginsql(Request $request,ManagerRegistry $em) {
        $username=$request->get('login')["username"];
        $password=$request->get('login')["password"];

        // user exist ?
        $user=$em->getRepository("App\Entity\User")->findOneBy(["username"=>$username]);
        if(!$user) return $this->redirect($this->generateUrl('app_hydra_loginsql',["login_challenge"=>$request->getSession()->get("hydraChallenge")]));

        $islogin=$this->passwordencoder->verify($user->getPassword(),$password,$user->getSalt());
        if(!$islogin) return $this->redirect($this->generateUrl('app_hydra_loginsql',["login_challenge"=>$request->getSession()->get("hydraChallenge")]));

        $response = $this->apiservice->run("PUT",$this->getParameter('hydraLoginchallengeaccept').$request->getSession()->get('hydraChallenge'),["subject"=>$user->getEmail(),"acr"=>"string"]);
        if(!$response||$response->code!="200") 
            throw new BadRequestException('login accept invalide');

        $datas=[
            "username"=>$user->getUsername(),
            "email"=>$user->getEmail(),
            "firstname"=>$user->getFirstname(),
            "lastname"=>$user->getLastname()
        ];
        $request->getSession()->set("datas",$datas);

        $redirect=$response->body->redirect_to;
        return $this->redirect($redirect, 301);

    }

    public function loginldap(Request $request): Response
    {       

        $challenge = $request->query->get('login_challenge');

        // S'il n'y a pas de challenge, on déclenche une bad request
        if (!$challenge) {
            throw new BadRequestException('pas de challenge');
        }
        
        // On vérifie que la requête d'identification provient bien de hydra
        $response = $this->apiservice->run("GET",$this->getParameter('hydraLoginchallenge').$challenge,null);
        if(!$response) 
            throw new BadRequestException('challenge invalide');

        // si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect
        $request->getSession()->set('hydraChallenge', $challenge);

        // Création du formulaire
        $form = $this->createForm(LoginType::class);

        // Récupération des data du formulaire
        $form->handleRequest($request);
        

        // Affichage du formulaire
        return $this->render("Home/loginHYDRA.html.twig", [
            "useheader"=>false,
            "usemenu"=>false,
            "usesidebar"=>false,
            "form"=>$form->createView(),
            "mode"=>"LDAP",
        ]);
    }

    public function checkloginldap(Request $request,ManagerRegistry $em) {
        $username=$request->get('login')["username"];
        $password=$request->get('login')["password"];

        // L'utilisateur se co à l'annuaire ?
        $userldap=$this->ldapservice->userconnect($username,$password);
        if(!$userldap)
            return $this->redirect($this->generateUrl('app_hydra_loginldap',["login_challenge"=>$request->getSession()->get("hydraChallenge")]));

        $userldap=$userldap[0];

        // Init
        $email = "$username@nomail.fr";
        $lastname = $username;
        $firstname = " ";

        // Rechercher l'utilisateur
        if(isset($userldap[$this->getParameter('ldapFirstname')]))
            $firstname = $userldap[$this->getParameter('ldapFirstname')];
        
        if(isset($userldap[$this->getParameter('ldapLastname')]))
            $lastname = $userldap[$this->getParameter('ldapLastname')];
        
        if(isset($userldap[$this->getParameter('ldapEmail')]))
            $email = $userldap[$this->getParameter('ldapEmail')];

        $response = $this->apiservice->run("PUT",$this->getParameter('hydraLoginchallengeaccept').$request->getSession()->get('hydraChallenge'),["subject"=>$email,"acr"=>"string"]);
        if(!$response||$response->code!="200") 
            throw new BadRequestException('login accept invalide');

        $datas=[
            "username"=>$username,
            "email"=>$email,
            "firstname"=>$firstname,
            "lastname"=>$lastname
        ];
        $request->getSession()->set("datas",$datas);

        $redirect=$response->body->redirect_to;
        return $this->redirect($redirect, 301);

    }


    public function consent(Request $request)
    {
        $challenge = $request->query->get('consent_challenge');
        if (!$challenge) {
            throw new BadRequestException("Le challenge n'est pas disponible");
        }

        // On vérifie que la requête d'identification provient bien de hydra
        $response = $this->apiservice->run("GET",$this->getParameter('hydraConsentchallenge').$challenge,null);
        if(!$response) 
            throw new BadRequestException('challenge invalide');

        $response = $this->apiservice->run("PUT",$this->getParameter('hydraConsentchallengeaccept').$challenge,[
            'grant_scope' => ['openid', 'offline_access'],
            'session' => ['id_token' => $request->getSession()->get('datas')]
        ]);

        if(!$response) 
            throw new BadRequestException('challenge not accept');

        $redirect=$response->body->redirect_to;
        return $this->redirect($redirect, 301);
    }    

}