<?php

namespace AuthBundle\Security\Firewall;

use AuthBundle\Services\AccessTokenService;
use Base\OAuthClientBundle\Security\Core\User\CustomOAuthUser;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Firewall\ListenerInterface;

class OAuthProxyListener implements ListenerInterface
{

    /**
     * @var TokenStorageInterface 
     */
    protected $tokenStorage;

    /**
     * @var AuthenticationManagerInterface 
     */
    protected $authenticationManager;
    
    /**
     * @var AccessTokenService
     */
    protected $accessTokenService;


    /**
     * @param TokenStorageInterface $tokenStorage
     * @param AuthenticationManagerInterface $authenticationManager
     * @param AccessTokenService $accessTokenService
     */
    public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, AccessTokenService $accessTokenService)
    {
        $this->tokenStorage = $tokenStorage;
        $this->authenticationManager = $authenticationManager;
        $this->accessTokenService = $accessTokenService;
    }

    /**
     * Se crea el User y Token mediante alguno de los métodos
     * 
     * 1. Http Basic
     * 2. Authorization
     * 3. Client Ip
     * 
     * @param GetResponseEvent $event
     * 
     * @return type
     */
    public function handle(GetResponseEvent $event)
    {
        $request = $event->getRequest();
        $auth_info = array();
        if ($request->headers->has("php-auth-user") && $request->headers->has("php-auth-pw")) {
            $username = $request->headers->get("php-auth-user");
            $password = $request->headers->get("php-auth-pw");
            $token = $this->accessTokenService->getToken($username, $password);
            $auth_info = $this->accessTokenService->getUserInfo($username, $password);
        } elseif ($request->headers->has("authorization")) {
            $authorization = $request->headers->get("authorization");
            $auth_info = $this->accessTokenService->requestUserInfo($authorization);
            if (isset($auth_info['username'])) {
                $username = $auth_info['username'];
            } else {
                return;
            }
        } elseif ($request->getClientIp()) {
            $username = $clientIp = $request->getClientIp();
            if (\AuthBundle\Utils\IpUtils::checkIp($clientIp) === false) {
                return;
            }
            $auth_info['roles'] = array('ROLE_USER');
            // @TODO: Traer la tenencia Base de la app Base
            $tenancy = array(
                'id' => 1,
                'name' => 'Tenencia Base',
            );
            $auth_info['tenancies'] = $auth_info['tenancyCurrent'] = $tenancy;
        } else {
            return;
        }
                
        $user = new CustomOAuthUser($username);
        $user->setRoles($auth_info['roles']);
        $user->setTenancies($auth_info['tenancies']);
        $user->setTenancyCurrent($auth_info['tenancyCurrent']);
        
        $token = new UsernamePasswordToken($user, null, "api", $user->getRoles());
        
        try {
            $authToken = $this->authenticationManager->authenticate($token);
            $this->tokenStorage->setToken($authToken);
            
            return;
        } catch (AuthenticationException $failed) {
            // ... you might log something here
            // To deny the authentication clear the token. This will redirect to the login page.
            // Make sure to only clear your token, not those of other authentication listeners.
             $token = $this->tokenStorage->getToken();
             if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) {
                 $this->tokenStorage->setToken(null);
             }

             return;
        }

        // By default deny authorization
        $response = new Response();
        $response->setStatusCode(Response::HTTP_FORBIDDEN);
        $event->setResponse($response);
    }

}