<?php
namespace Base\OAuthClientBundle\Security;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface;

use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;

use Buzz\Listener\BasicAuthListener;
use Buzz\Message;

use HWI\Bundle\OAuthBundle\OAuth\Response\UserResponseInterface;

use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;

class OAuthProxyAuthenticator implements SimplePreAuthenticatorInterface, AuthenticationFailureHandlerInterface
{
    public function __construct($client_id, $client_secret, $access_token_url, $user_info_url)
    {
	    $this->client_id  = $client_id;
	    $this->client_secret = $client_secret;
	    $this->access_token_url = $access_token_url;
	    $this->user_info_url = $user_info_url;
    }

    public function createToken(Request $request, $providerKey)
    {
	if($request->headers->has("php-auth-user") and $request->headers->has("php-auth-pw"))
		return new PreAuthenticatedToken($request->headers->get("php-auth-user"), $request->headers->get("php-auth-pw"), $providerKey);
	return new AnonymousToken("anon.", "anon.");

    }

    public function supportsToken(TokenInterface $token, $providerKey)
    {
        return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
    }

    public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
    {
 	$password = $token->getCredentials();
	$username = $token->getUsername();

	
	$token = @json_decode(file_get_contents("/tmp/.".base64_encode($username. ":" . $password)), true);
	
	if(!isset($token["access_token"])){
		$browser = new \Buzz\Browser();

		$listener = new BasicAuthListener($this->client_id, $this->client_secret);
		$browser->addListener($listener);
		$body = ['grant_type' => 'password',
			'username' => $username,
			'password' => $password,
			];

		$response = $browser->post($this->access_token_url, ['Content-Type' => 'application/x-www-form-urlencoded'], http_build_query($body));
		$token = json_decode($response->getContent(), true);
		if($token['expires_in'])
			$token["expires_at"] = time() + $token['expires_in'];
		else
			$token["expires_at"] = time() + 3600;

		file_put_contents("/tmp/.".base64_encode($username. ":" . $password), json_encode($token));
	}

	if(isset($token["expires_at"]) and $token["expires_at"] >= time()){
		$browser = new \Buzz\Browser();

		$listener = new BasicAuthListener($this->client_id, $this->client_secret);
		$browser->addListener($listener);

		$body = ['grant_type' => 'refresh_token',
			 'refresh_token' => $token['refresh_token']
			];


		$response = $browser->post($this->access_token_url, ['Content-Type' => 'application/x-www-form-urlencoded'], http_build_query($body));
		$token = json_decode($response->getContent(), true);
		if($token['expires_in'])
			$token["expires_at"] = time() + $token['expires_in'];
		else
			$token["expires_at"] = time() + 3600;

		file_put_contents("/tmp/.".base64_encode($username. ":" . $password), json_encode($token));
	}

	if(!isset($token["user_info"])){

		$oauth_headers = [
			"Authorization" => ucfirst($token["token_type"])." ".$token["access_token"],
		];

		$browser = new \Buzz\Browser();

		$response = $browser->get($this->user_info_url, $oauth_headers);
		$auth_info = json_decode($response->getContent(), true);
		$token["user_info"] = $auth_info;

		file_put_contents("/tmp/.".base64_encode($username. ":" . $password), json_encode($token));
	}else{
		$auth_info = $token["user_info"];
	}

	$user = $userProvider->loadUserByUsername($auth_info["username"]);
	$user->setRoles($auth_info["roles"]);
	$user->setTenancyCurrent($auth_info["tenancyCurrent"]);
        return new PreAuthenticatedToken($user, array(), $providerKey, $user->getRoles());
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
	 return new Response(
	// this contains information about *why* authentication failed
	// use it, or return your own message
		strtr($exception->getMessageKey(), $exception->getMessageData()), 401);
    }
}