<?php

namespace TwoFAS\TwoFAS\Authentication;

use Exception;
use TwoFAS\Api\Exception\ValidationException as API_Validation_Exception;
use TwoFAS\Api\QrCodeGenerator;
use TwoFAS\TwoFAS\Core\Legacy_Mode_Checker;
use TwoFAS\TwoFAS\Exceptions\Response\Errors;
use TwoFAS\TwoFAS\Exceptions\User_Not_Found_Exception;
use TwoFAS\TwoFAS\Helpers\Flash;
use TwoFAS\TwoFAS\Hooks\Authenticate_Filter;
use TwoFAS\TwoFAS\Http\JSON_Response;
use TwoFAS\TwoFAS\Http\Redirection_Response;
use TwoFAS\TwoFAS\Http\Request;
use TwoFAS\TwoFAS\Http\Session;
use TwoFAS\TwoFAS\Http\View_Response;
use TwoFAS\TwoFAS\Integration\API_Wrapper;
use TwoFAS\TwoFAS\Storage\Authentication_Storage;
use TwoFAS\TwoFAS\Storage\Storage;
use TwoFAS\TwoFAS\Storage\Trusted_Devices_Storage;
use WP_Error;
use WP_User;

/**
 * This class handles TOTP configuration request during login process.
 */
final class Login_Configuration extends Login_Handler {

	/**
	 * @var Request
	 */
	private $request;

	/**
	 * @var Session
	 */
	private $session;

	/**
	 * @var Flash
	 */
	private $flash;

	/**
	 * @var API_Wrapper
	 */
	private $api_wrapper;

	/**
	 * @var QrCodeGenerator
	 */
	private $qr_code_generator;

	/**
	 * @var Authentication_Storage
	 */
	private $authentication_storage;

	/**
	 * @var Trusted_Devices_Storage
	 */
	private $trusted_devices_storage;

	/**
	 * @var Legacy_Mode_Checker
	 */
	private $legacy_mode_checker;

	/**
	 * @param Request             $request
	 * @param Session             $session
	 * @param Flash               $flash
	 * @param Login_Support       $login_support
	 * @param API_Wrapper         $api_wrapper
	 * @param Storage             $storage
	 * @param QrCodeGenerator     $qr_code_generator ,
	 * @param Legacy_Mode_Checker $legacy_mode_checker
	 */
	public function __construct(
		Request $request,
		Session $session,
		Flash $flash,
		Login_Support $login_support,
		API_Wrapper $api_wrapper,
		Storage $storage,
		QrCodeGenerator $qr_code_generator,
		Legacy_Mode_Checker $legacy_mode_checker
	) {
		parent::__construct( $login_support );
		$this->request                 = $request;
		$this->session                 = $session;
		$this->flash                   = $flash;
		$this->api_wrapper             = $api_wrapper;
		$this->qr_code_generator       = $qr_code_generator;
		$this->authentication_storage  = $storage->get_authentication_storage();
		$this->trusted_devices_storage = $storage->get_trusted_devices_storage();
		$this->legacy_mode_checker     = $legacy_mode_checker;
	}

	/**
	 * @param null|WP_Error|WP_User $user
	 *
	 * @return bool
	 */
	public function supports( $user ) {
		if ( $this->is_wp_user( $user ) ) {
			return false;
		}

		try {
			$this->get_wp_user();
		} catch ( User_Not_Found_Exception $e ) {
			return false;
		}

		return $this->legacy_mode_checker->totp_is_obligatory_or_legacy_mode_is_active()
			&& $this->request->is_login_action_equal_to( Login_Action::CONFIGURE );
	}

	/**
	 * @param null|WP_Error|WP_User $user
	 *
	 * @return bool|JSON_Response|Redirection_Response|View_Response
	 */
	protected function handle( $user ) {
		$code   = $this->request->post( Authenticate_Filter::TWOFAS_CODE_KEY );
		$secret = $this->request->post( Authenticate_Filter::SECRET_FIELD );

		if ( empty( $code ) ) {
			$this->login_support->set_error( Errors::EMPTY_CODE );

			return $this->fallback( $user );
		}

		if ( empty( $secret ) ) {
			$this->login_support->set_error( Errors::EMPTY_PRIVATE_KEY );

			return $this->fallback( $user );
		}

		try {
			$user_id          = $this->get_user_id();
			$integration_user = $this->get_integration_user();

			if ( is_null( $integration_user ) ) {
				$final_response = $this->json_error( Errors::INTEGRATION_USER_ERROR, 404 );
				$this->login_support->set_final_response( $final_response );

				return $this->fallback( $user );
			}

			if ( $this->authentication_storage->is_authentication_expired() ) {
				$final_response = $this->json_error( Errors::AUTHENTICATION_EXPIRED_ERROR, 403 );
				$this->login_support->set_final_response( $final_response );

				return $this->fallback( $user );
			}

			$result = $this->api_wrapper->check_code( $this->authentication_storage->get_authentications(), $code );

			if ( $result->accepted() ) {
				$integration_user->setTotpSecret( $secret );
				$this->api_wrapper->update_integration_user( $integration_user );

				$this->user_storage->enable_totp();
				$this->user_storage->enable_2fa();
				$this->flash->add_message( 'success', 'totp-enabled' );
				$this->trusted_devices_storage->delete_trusted_devices( $user_id );
				$this->session->log_out_on_other_devices( $user_id );

				$response = $this->json( array( 'user_id' => $user_id ), 200 );
				$this->login_support->set_final_response( $response );

				return $this->fallback( $user );
			} elseif ( $result->canRetry() ) {
				$qr_code_message = $this->request->post( 'qr_code_message' );
				$qr_code         = $this->qr_code_generator->generateBase64( $qr_code_message );
				$final_response  = $this->view( 'login/configuration.html.twig', array(
					'qr_code'         => $qr_code,
					'qr_code_message' => $qr_code_message,
					'totp_secret'     => $secret
				) );
				$this->login_support->set_final_response( $final_response );
				$this->login_support->set_error( Errors::INVALID_CODE );

				return $this->fallback( $user );
			} else {
				$this->user_storage->block_user();
				$final_response = $this->json_error( Errors::AUTHENTICATION_LIMIT_ERROR, 403 );
				$this->login_support->set_final_response( $final_response );

				return $this->fallback( $user );
			}
		} catch ( API_Validation_Exception $e ) {
			$qr_code_message = $this->request->post( 'qr_code_message' );
			$qr_code         = $this->qr_code_generator->generateBase64( $qr_code_message );
			$final_response  = $this->view( 'login/configuration.html.twig', array(
				'qr_code'         => $qr_code,
				'qr_code_message' => $qr_code_message,
				'totp_secret'     => $secret
			) );

			$this->login_support->set_final_response( $final_response );
			$this->login_support->set_error( Errors::VALIDATION_ERROR );
		} catch ( Exception $e ) {
			$this->capture_exception( $e );
		}

		return $this->fallback( $user );
	}
}