<?php

namespace App\Controller;

use App\Entity\User;
use App\Entity\Group;
use App\Service\ldapService as ldapService; 
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
use Symfony\Component\EventDispatcher\EventDispatcher;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Ramsey\Uuid\Uuid;
use App\Service\giteaService;

class SecurityController extends AbstractController
{
    public function __construct(giteaService $giteaservice) { $this->giteaservice = $giteaservice; }

    public function login(Request $request, AuthenticationUtils $authenticationUtils)
    {

        $auth_mode=$this->getParameter("appAuth");
        switch($auth_mode) {
            case "SQL":
                return $this->loginMYSQL($request,$authenticationUtils);
            break;

            case "OAUTH":
                return $this->loginOAUTH($request,$authenticationUtils);
            break;

            case "CAS":
                return $this->loginCAS($request,$authenticationUtils);
            break;
        }
    }           

    public function loginMYSQL(Request $request, AuthenticationUtils $authenticationUtils) {
        return $this->render('Home/login.html.twig', array(
            'last_username' =>  $authenticationUtils->getLastUsername(),
            'error' => $authenticationUtils->getLastAuthenticationError(),
        ));

    }

    public function loginCAS(Request $request, AuthenticationUtils $authenticationUtils)
    {
        // Récupération de la cible de navigation        
        $redirect = $this->get('session')->get("_security.main.target_path");

        // Init Client CAS
        \phpCAS::client(CAS_VERSION_2_0, $this->getParameter('casHost'), intval($this->getParameter('casPort')), is_null($this->getParameter('casPath')) ? '' : $this->getParameter('casPath'), false);
        \phpCAS::setNoCasServerValidation();
        

        // Authentification
        \phpCAS::forceAuthentication();

        // Récupération UID
        $username = \phpCAS::getUser();

        // Récupération Attribut
        $attributes = \phpCAS::getAttributes();      

        // Init
        $email = "";
        $lastname = "";
        $firstname = "";

        // Rechercher l'utilisateur
        $em = $this->getDoctrine()->getManager();
        if(isset($attributes[$this->getParameter('casUsername')]))
            $username = $attributes[$this->getParameter('casUsername')];
        
        if(isset($attributes[$this->getParameter('casEmail')]))
            $email = $attributes[$this->getParameter('casEmail')];
        
        if(isset($attributes[$this->getParameter('casLastname')]))
            $lastname = $attributes[$this->getParameter('casLastname')];
        
        if(isset($attributes[$this->getParameter('casFirstname')]))
            $firstname = $attributes[$this->getParameter('casFirstname')];

        $user = $em->getRepository('App:User')->findOneBy(array("username"=>$username));
        $exists = $user ? true : false;

        if (!$exists) {
            if(empty($email)) $email = $username."@nomail.com";

            $user = new User();
            $key = Uuid::uuid4();

            $user->setUsername($username);
            $user->setLastname($lastname);
            $user->setFirstname($firstname);
            $user->setEmail($email);
            $user->setApiKey($key);

            $user->setPassword("CASPWD-".$username);
            $user->setSalt("CASPWD-".$username);
                        
            $em->persist($user);
            $em->flush();
        }
        else {
            if(isset($lastname)) $user->setLastname($lastname);
            if(isset($firstname)) $user->setFirstname($firstname);
            if(isset($email)) $user->setEmail($email);
            
            $em->persist($user);
            $em->flush();
        }

        // Sauvegarde des attributes en session
        $this->get('session')->set('attributes', $attributes);

        // Autoconnexion
        // Récupérer le token de l'utilisateur
        $token = new UsernamePasswordToken($user, null, "main", $user->getRoles());
        $this->get("security.token_storage")->setToken($token);

        // Simuler l'evenement de connexion
        $event = new InteractiveLoginEvent($request, $token);
        $dispatcher = new EventDispatcher();
        $dispatcher->dispatch($event);

        // Redirection
        if($redirect)
            return $this->redirect($redirect);
        else
            return $this->redirect($this->generateUrl('app_home'));
    }

    public function loginOAUTH() {
        $callback=$this->generateUrl('app_login_callback', array(), UrlGeneratorInterface::ABSOLUTE_URL);
        $callback=str_replace("http://",$this->getParameter("appProtocol")."://",$callback);
        $this->get('session')->set('giteacallback', $callback);
        $url=$this->getParameter("oauthLoginurl")."?client_id=".$this->getParameter("oauthClientid")."&redirect_uri=".$callback."&response_type=code&state=STATE";
        return $this->redirect($url);
    }

    public function callback(Request $request) {
        $this->get('session')->set('giteacode', $request->get("code"));
        $token=$this->giteaservice->gettoken();

        // Rechercher l'utilisateur associé au token
        $giteauser=$this->giteaservice->getuser();
        if(!$giteauser) die("Problème d'accès avec GITEA - no user");

        // Sauvegarde du user gitea en session
        $this->get('session')->set('giteauser', json_decode(json_encode($giteauser), true));

        // Recherche du user gitea dans ninegitea
        $em = $this->getDoctrine()->getManager();
        $user = $em->getRepository('App:User')->findOneBy(array("username"=>$giteauser->login));
        $exists = $user ? true : false;

        if (!$exists) {
            if(empty($giteauser->email)) $email = $giteauser->login."@nomail.com";

            $user = new User();
            $key = Uuid::uuid4();

            $user->setUsername($giteauser->login);
            $user->setEmail($giteauser->email);
            $user->setApiKey($key);
            $user->setRoles(["ROLE_USER"]);
            $user->setAvatar("noavatar.png");

            $user->setPassword("OAUTH-".$giteauser->login);
            $user->setSalt("OAUTH-".$giteauser->login);
            
            if(in_array($giteauser->login,$this->getParameter("appAdmins")))
                $user->setRoles(["ROLE_ADMIN"]);

            $em->persist($user);
            $em->flush();
        }
        else {
            if(isset($email)) $user->setEmail($giteauser->email);
            if(in_array($giteauser->login,$this->getParameter("appAdmins")))
                $user->setRoles(["ROLE_ADMIN"]);
            
            $em->persist($user);
            $em->flush();
        }

        // Autoconnexion
        // Récupérer le token de l'utilisateur
        $token = new UsernamePasswordToken($user, null, "main", $user->getRoles());
        $this->get("security.token_storage")->setToken($token);

        // Simuler l'evenement de connexion
        $event = new InteractiveLoginEvent($request, $token);
        $dispatcher = new EventDispatcher();
        $dispatcher->dispatch($event);

        // Redirection
        $redirect = $this->get('session')->get("_security.main.target_path");
        if($redirect)
            return $this->redirect($redirect);
        else
            return $this->redirect($this->generateUrl('app_home'));        

    }

    public function logout() {
        $auth_mode=$this->getParameter("appAuth");
        switch($auth_mode) {
            case "SQL":
                return $this->logoutMYSQL();
            break;

            case "CAS":
                return $this->logoutCAS();
            break;
        }

    }

    public function logoutMYSQL() {
        $this->get('security.token_storage')->setToken(null);
        $this->get('session')->invalidate();

        return $this->redirect($this->generateUrl("app_home"));   
    }

    public function logoutcas() {
        $this->get('security.token_storage')->setToken(null);
        $this->get('session')->invalidate();

        // Init Client CAS
        \phpCAS::client(CAS_VERSION_2_0, $this->getParameter('casHost'), intval($this->getParameter('casPort')), is_null($this->getParameter('casPath')) ? '' : $this->getParameter('casPath'), false);
        \phpCAS::setNoCasServerValidation();


        // Logout
        $url=$this->generateUrl('app_home', array(), UrlGeneratorInterface::ABSOLUTE_URL);
        \phpCAS::logout(array("service"=>$url));
        
        return true;
    }

    public function casdebug() {
        $attributes = $this->get('session')->get('attributes');

        return $this->render('Home/casdebug.html.twig',[
            "useheader"     => true,
            "usesidebar"    => false,
            "attributes"    => $attributes,
        ]);        
    }
}