<?php
namespace Base\OAuthClientBundle\Security;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface;

use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;

use Buzz\Listener\BasicAuthListener;
use Buzz\Message;

use Symfony\Component\HttpFoundation\Session\Session;

class OAuthProxyAuthenticator implements SimplePreAuthenticatorInterface, AuthenticationFailureHandlerInterface
{
    public function __construct($client_id, $client_secret, $access_token_url, $user_info_url)
    {
	    $this->client_id  = $client_id;
	    $this->client_secret = $client_secret;
	    $this->access_token_url = $access_token_url;
	    $this->user_info_url = $user_info_url;
    }

    public function createToken(Request $request, $providerKey)
    {
        return new PreAuthenticatedToken($request->headers->get("php-auth-user"), $request->headers->get("php-auth-pw"), $providerKey);
    }

    public function supportsToken(TokenInterface $token, $providerKey)
    {
        return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
    }

    public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
    {
 	$password = $token->getCredentials();
	$username = $token->getUsername();

	
	$token = @json_decode(file_get_contents("/tmp/.".base64_encode($username. ":" . $password)), true);
	
	if(!isset($token["access_token"])){
		$browser = new \Buzz\Browser();

		$listener = new BasicAuthListener($this->client_id, $this->client_secret);
		$browser->addListener($listener);
		$body = ['grant_type' => 'password',
			'username' => $username,
			'password' => $password,
			];

		$response = $browser->post($this->access_token_url, ['Content-Type' => 'application/x-www-form-urlencoded'], http_build_query($body));
		$token = json_decode($response->getContent(), true);
		if($token['expires_in'])
			$token["expires_at"] = time() + $token['expires_in'];
		else
			$token["expires_at"] = time() + 3600;

		file_put_contents("/tmp/.".base64_encode($username. ":" . $password), json_encode($token));
	}

	$oauth_headers = [
		"Authorization" => ucfirst($token["token_type"])." ".$token["access_token"],
	];

	$browser = new \Buzz\Browser();

	$listener = new BasicAuthListener($this->client_id, $this->client_secret);
	$response = $browser->get($this->user_info_url, $oauth_headers);
	$auth_info = json_decode($response->getContent(), true);

        return new PreAuthenticatedToken( $auth_info["username"], "", $providerKey, $auth_info["roles"]);
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
	 return new Response(
	// this contains information about *why* authentication failed
	// use it, or return your own message
		strtr($exception->getMessageKey(), $exception->getMessageData()), 401);
    }
}