<?php

namespace TwoFAS\TwoFAS\Authentication;

use Exception;
use TwoFAS\Api\MobileSecretGenerator;
use TwoFAS\Api\QrCodeGenerator;
use TwoFAS\Api\TotpSecretGenerator;
use TwoFAS\TwoFAS\Codes\QR_Code_Message;
use TwoFAS\TwoFAS\Core\Legacy_Mode_Checker;
use TwoFAS\TwoFAS\Exceptions\User_Not_Found_Exception;
use TwoFAS\TwoFAS\Http\JSON_Response;
use TwoFAS\TwoFAS\Http\Redirection_Response;
use TwoFAS\TwoFAS\Http\Request;
use TwoFAS\TwoFAS\Http\View_Response;
use TwoFAS\TwoFAS\Integration\API_Wrapper;
use TwoFAS\TwoFAS\Storage\Authentication_Storage;
use TwoFAS\TwoFAS\Storage\Storage;
use TwoFAS\TwoFAS\Storage\Trusted_Devices_Storage;
use WP_Error;
use WP_User;

/**
 * This class is responsible for resetting TOTP configuration.
 */
final class Configuration_Reset extends Login_Handler {

	/**
	 * @var Authentication_Storage
	 */
	private $authentication_storage;

	/**
	 * @var Trusted_Devices_Storage
	 */
	private $trusted_devices_storage;

	/**
	 * @var API_Wrapper
	 */
	private $api_wrapper;

	/**
	 * @var QR_Code_Message
	 */
	private $qr_code_message;

	/**
	 * @var QrCodeGenerator
	 */
	private $qr_code_generator;

	/**
	 * @var Request
	 */
	private $request;

	/**
	 * @var Legacy_Mode_Checker
	 */
	private $legacy_mode_checker;

	/**
	 * @param Storage             $storage
	 * @param API_Wrapper         $api_wrapper
	 * @param QR_Code_Message     $qr_code_message
	 * @param QrCodeGenerator     $qr_code_generator
	 * @param Login_Support       $login_support
	 * @param Request             $request
	 * @param Legacy_Mode_Checker $legacy_mode_checker
	 */
	public function __construct(
		Storage $storage,
		API_Wrapper $api_wrapper,
		QR_Code_Message $qr_code_message,
		QrCodeGenerator $qr_code_generator,
		Login_Support $login_support,
		Request $request,
		Legacy_Mode_Checker $legacy_mode_checker
	) {
		parent::__construct( $login_support );
		$this->authentication_storage  = $storage->get_authentication_storage();
		$this->trusted_devices_storage = $storage->get_trusted_devices_storage();
		$this->api_wrapper             = $api_wrapper;
		$this->qr_code_message         = $qr_code_message;
		$this->qr_code_generator       = $qr_code_generator;
		$this->request                 = $request;
		$this->legacy_mode_checker     = $legacy_mode_checker;
	}

	/**
	 * @param null|WP_Error|WP_User $user
	 *
	 * @return bool
	 */
	public function supports( $user ) {
		if ( $this->login_support->has_final_response() ) {
			return false;
		}

		try {
			$this->get_wp_user();
		} catch ( User_Not_Found_Exception $e ) {
			return false;
		}

		if ( ! $this->legacy_mode_checker->totp_is_obligatory_or_legacy_mode_is_active() ) {
			return false;
		}

		if ( ! $this->is_wp_user( $user ) && $this->request->is_login_action_equal_to( Login_Action::TOTP_RESET ) ) {
			return ! $this->user_storage->is_totp_enabled()
				&& $this->user_storage->is_totp_configured();
		}

		return ! $this->user_storage->is_totp_configured();
	}

	/**
	 * @param null|WP_Error|WP_User $user
	 *
	 * @return bool|JSON_Response|Redirection_Response|View_Response
	 */
	protected function handle( $user ) {
		$totp_secret = TotpSecretGenerator::generate();

		try {
			$user_id          = $this->get_user_id();
			$integration_user = $this->api_wrapper->get_integration_user_by_external_id( $user_id );

			if ( is_null( $integration_user ) ) {
				$integration_user = $this->api_wrapper->create_integration_user( $user_id );
			} else {
				$integration_user->setTotpSecret( null );
				$integration_user->setMobileSecret( MobileSecretGenerator::generate() );
				$this->api_wrapper->update_integration_user( $integration_user );
			}

			$this->user_storage->delete_totp_configuration();
			$this->trusted_devices_storage->delete_trusted_devices( $user_id );
			$message = $this->qr_code_message->create( $totp_secret, $integration_user->getMobileSecret() );
			$qr_code = $this->qr_code_generator->generateBase64( $message );

			$this->authentication_storage->close_authentication();
			$authentication = $this->api_wrapper->request_auth_via_totp( $totp_secret );
			$this->authentication_storage->open_authentication( $authentication );

			$final_response = $this->view( 'login/configuration.html.twig', array(
				'qr_code'         => $qr_code,
				'qr_code_message' => $message,
				'totp_secret'     => $totp_secret,
			) );

			$this->login_support->set_final_response( $final_response );
		} catch ( Exception $e ) {
			$this->capture_exception( $e );
		}

		return $this->fallback( $user );
	}
}