<?php

namespace AuthBundle\Security;

use Buzz\Listener\BasicAuthListener;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;

class OAuthProxyAuthenticator implements SimplePreAuthenticatorInterface, AuthenticationFailureHandlerInterface
{

    /**
     * @var string
     */
    private $client_id;

    /**
     * @var string
     */
    private $client_secret;

    /**
     * @var string
     */
    private $access_token_url;

    /**
     * @var string
     */
    private $user_info_url;


    /**
     * @param string $client_id
     * @param string $client_secret
     * @param string $access_token_url
     * @param string $user_info_url
     */
    public function __construct($client_id, $client_secret, $access_token_url, $user_info_url)
    {
        $this->client_id = $client_id;
        $this->client_secret = $client_secret;
        $this->access_token_url = $access_token_url;
        $this->user_info_url = $user_info_url;
    }

    /**
     * @param Request $request
     * @param string $providerKey
     * 
     * @return AnonymousToken|PreAuthenticatedToken
     */
    public function createToken(Request $request, $providerKey)
    {
        if ($request->headers->has("php-auth-user") and $request->headers->has("php-auth-pw")) {
            return new PreAuthenticatedToken($request->headers->get("php-auth-user"), $request->headers->get("php-auth-pw"), $providerKey);
        }

        return new AnonymousToken("anon.", "anon.");
    }

    /**
     * @param TokenInterface $token
     * @param string $providerKey
     * 
     * @return boolean
     */
    public function supportsToken(TokenInterface $token, $providerKey)
    {
        return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
    }

    /**
     * @param TokenInterface $token
     * @param UserProviderInterface $userProvider
     * @param string $providerKey
     * 
     * @return PreAuthenticatedToken
     */
    public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
    {
        $password = $token->getCredentials();
        $username = $token->getUsername();

        $browser = new \Buzz\Browser();
        $token = @json_decode(file_get_contents("/tmp/." . base64_encode($username . ":" . $password)), true);
        if (!isset($token["access_token"])) {
            $listener = new BasicAuthListener($this->client_id, $this->client_secret);
            $browser->addListener($listener);
            $body = ['grant_type' => 'password',
                'username' => $username,
                'password' => $password,
            ];

            $response = $browser->post($this->access_token_url, ['Content-Type' => 'application/x-www-form-urlencoded'], http_build_query($body));
            $token = json_decode($response->getContent(), true);
            if ($token['expires_in']) {
                $token["expires_at"] = time() + $token['expires_in'];
            } else {
                $token["expires_at"] = time() + 3600;
            }

            file_put_contents("/tmp/." . base64_encode($username . ":" . $password), json_encode($token));
        }

        if (isset($token["expires_at"]) and $token["expires_at"] >= time()) {
            $listener = new BasicAuthListener($this->client_id, $this->client_secret);
            $browser->addListener($listener);
            $body = [
                'grant_type' => 'refresh_token',
                'refresh_token' => $token['refresh_token'],
            ];

            $response = $browser->post($this->access_token_url, ['Content-Type' => 'application/x-www-form-urlencoded'], http_build_query($body));
            $token = json_decode($response->getContent(), true);
            if ($token['expires_in']) {
                $token["expires_at"] = time() + $token['expires_in'];
            } else {
                $token["expires_at"] = time() + 3600;
            }

            file_put_contents("/tmp/." . base64_encode($username . ":" . $password), json_encode($token));
        }

        if (!isset($token["user_info"])) {
            $oauth_headers = [
                "Authorization" => ucfirst($token["token_type"]) . " " . $token["access_token"],
            ];
            $response = $browser->get($this->user_info_url, $oauth_headers);
            $auth_info = json_decode($response->getContent(), true);
            $token["user_info"] = $auth_info;

            file_put_contents("/tmp/." . base64_encode($username . ":" . $password), json_encode($token));
        } else {
            $auth_info = $token["user_info"];
        }

        $user = $userProvider->loadUserByUsername($auth_info["username"]);
        $user->setRoles($auth_info["roles"]);
        $user->setTenancyCurrent($auth_info["tenancyCurrent"]);

        return new PreAuthenticatedToken($user, array(), $providerKey, $user->getRoles());
    }

    /**
     * @param Request $request
     * @param AuthenticationException $exception
     * 
     * @return Response
     */
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        return new Response(
                // this contains information about *why* authentication failed
                // use it, or return your own message
                strtr($exception->getMessageKey(), $exception->getMessageData()), 401);
    }

}