package com.pollex.pam.security.provider;

import com.pollex.pam.config.ApplicationProperties;
import com.pollex.pam.domain.Customer;
import com.pollex.pam.enums.CustomerDetailEnum;
import com.pollex.pam.repository.CustomerRepository;
import com.pollex.pam.security.token.OtpAuthenticationToken;
import com.pollex.pam.service.OtpWebService;
import com.pollex.pam.service.dto.OtpResponseDTO;
import com.pollex.pam.web.rest.vm.OtpAccount;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;

import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

@Component
public class OtpAuthenticationProvider {

    private static final Logger log = LoggerFactory.getLogger(OtpAuthenticationProvider.class);

    @Autowired
    ApplicationProperties applicationProperty;

    @Autowired
    OtpWebService otpWebService;

    @Autowired
    CustomerRepository customerRepository;

    public Authentication authenticate(OtpAuthenticationToken otpAuthenticationToken) throws AuthenticationException {
        OtpAccount otpAccount = otpAuthenticationToken.getPrincipal();
        String account = otpAccount.getAccount();
        String indexKey = otpAccount.getIndexKey();
        String otpCode = otpAuthenticationToken.getCredentials();

        if(applicationProperty.isMockLogin()){
            return getCustomerToken(account, otpCode);
        }

        try {
            OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode);
            if(otpResponseDTO.isSuccess()) {
                return getCustomerToken(account, otpCode);
            }
        } catch (Exception e) {
            log.error("Exception: ", e);
            throw new AuthenticationCredentialsNotFoundException("");
        }

        throw new AuthenticationCredentialsNotFoundException("");
    }

    private UsernamePasswordAuthenticationToken getCustomerToken(String account, String otpCode) {
        // todo 未存在於DB所屬正常現象，需用特殊message告知前端可進行註冊
        Customer customer = customerRepository.findOneByEmailEqualsOrPhoneEquals(account, account).orElseThrow(() -> new UsernameNotFoundException("this customer is not in db, account = " + account));

        List<GrantedAuthority> grantedAuths = Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"));
        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(account, otpCode, grantedAuths);

        Map<String, String> details = new HashMap<>();
        details.put(CustomerDetailEnum.ID.getValue(), customer.getId().toString());
        details.put(CustomerDetailEnum.NAME.getValue(), customer.getName());
        details.put(CustomerDetailEnum.ACCOUNT.getValue(), account);
        authenticationToken.setDetails(details);

        return authenticationToken;
    }
}