<?php

namespace TwoFAS\TwoFAS\Authentication;

use Exception;
use TwoFAS\Api\Exception\ValidationException as API_Validation_Exception;
use TwoFAS\TwoFAS\Exceptions\Offline_Codes_Disabled_Exception;
use TwoFAS\TwoFAS\Exceptions\Response\Errors;
use TwoFAS\TwoFAS\Hooks\Authenticate_Filter;
use TwoFAS\TwoFAS\Http\JSON_Response;
use TwoFAS\TwoFAS\Http\Redirection_Response;
use TwoFAS\TwoFAS\Http\Request;
use TwoFAS\TwoFAS\Http\View_Response;
use WP_Error;
use WP_User;

/**
 * This class handles logging in if user manually enters a 2FA code.
 */
final class Standard_Login extends Login_Handler {

	/**
	 * @var Request
	 */
	private $request;

	/**
	 * @var Code_Check
	 */
	private $code_check;

	/**
	 * @param Login_Support $login_support
	 * @param Request       $request
	 * @param Code_Check    $code_check
	 */
	public function __construct( Login_Support $login_support, Request $request, Code_Check $code_check ) {
		parent::__construct( $login_support );
		$this->request    = $request;
		$this->code_check = $code_check;
	}

	/**
	 * @param null|WP_Error|WP_User $user
	 *
	 * @return bool
	 */
	public function supports( $user ) {
		if ( $this->is_wp_user( $user ) ) {
			return false;
		}

		if ( $this->login_support->has_final_response() ) {
			return false;
		}

		$totp_token = $this->request->post( 'totp_token' );
		$status_id  = $this->request->post( 'status_id' );

		return empty( $totp_token )
			&& empty( $status_id )
			&& ! is_null( $this->request->post( Authenticate_Filter::TWOFAS_CODE_KEY ) );
	}

	/**
	 * @param null|WP_Error|WP_User $user
	 *
	 * @return bool|JSON_Response|Redirection_Response|View_Response
	 */
	protected function handle( $user ) {
		try {
			$user_id          = $this->get_user_id();
			$integration_user = $this->get_integration_user();

			if ( is_null( $integration_user ) ) {
				$response = $this->json_error( Errors::INTEGRATION_USER_ERROR, 404 );

				$this->login_support->set_final_response( $response );

				return $this->fallback( $user );
			}

			$code = $this->request->post( Authenticate_Filter::TWOFAS_CODE_KEY );

			if ( empty( $code ) ) {
				$this->login_support->set_error( Errors::EMPTY_CODE );

				return $this->fallback( $user );
			}

			$result = $this->code_check->check( $this->request, $integration_user, $code );

			if ( $result->accepted() ) {
				$response = $this->json( array( 'user_id' => $user_id ), 200 );

				$this->login_support->set_final_response( $response );

				return $this->fallback( $user );
			}

			if ( ! $result->canRetry() ) {
				$this->user_storage->block_user();

				$response = $this->json_error( Errors::AUTHENTICATION_LIMIT_ERROR, 403 );

				$this->login_support->set_final_response( $response );

				return $this->fallback( $user );
			}

			$this->login_support->set_error( Errors::INVALID_CODE );
		} catch ( API_Validation_Exception $e ) {
			$this->login_support->set_error( Errors::CODE_INVALID_FORMAT );
		} catch ( Offline_Codes_Disabled_Exception $e ) {
			$response = $this->json_error( Errors::DISABLED_OFFLINE_CODES, 403 );
			$this->login_support->set_final_response( $response );
		} catch ( Exception $e ) {
			$this->capture_exception( $e );
		}

		return $this->fallback( $user );
	}
}