<?php 
namespace App\Security;

use App\Entity\User;
use Doctrine\ORM\EntityManagerInterface;
use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
use KnpU\OAuth2ClientBundle\Security\Authenticator\OAuth2Authenticator;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\RouterInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
use Symfony\Component\HttpFoundation\RequestStack;

class TrackManiaAuthenticator extends OAuth2Authenticator
{
    private $clientRegistry;
    private $entityManager;
    private $router;
    private $requestStack;

    public function __construct(ClientRegistry $clientRegistry, EntityManagerInterface $entityManager, RouterInterface $router, RequestStack $requestStack)
    {
        $this->clientRegistry = $clientRegistry;
        $this->entityManager = $entityManager;
        $this->router = $router;
        $this->requestStack = $requestStack;
    }

    public function supports(Request $request): ?bool
    {
        // continue ONLY if the current ROUTE matches the check ROUTE
        return $request->attributes->get('_route') === 'connect_trackmania_check';
    }

    public function authenticate(Request $request): Passport
    {
        $client = $this->clientRegistry->getClient('TrackMania');
        $accessToken = $this->fetchAccessToken($client);

        $selfvalidating = new SelfValidatingPassport(
            new UserBadge($accessToken->getToken(), function() use ($accessToken, $client) {
                /** @var Beu\TrackMania\OAuth2\Client\Provider\TrackManiaProviderOwner $user */
                $user = $client->fetchUserFromToken($accessToken);

                $existingUser = $this->entityManager->getRepository(User::class)->findOneBy(['AccountId' => $user->getId()]);

                if ($existingUser) {
                    /** @var User $existingUser */
                    if ($existingUser->getDisplayName() !== $user->getDisplayName()) {
                        $existingUser->setDisplayName($user->getDisplayName());
                        $this->entityManager->flush();
                    }
                    return $existingUser;
                }

                $newuser = new User();
                $newuser->setAccountId($user->getId());
                $newuser->setDisplayName($user->getDisplayName());

                $this->entityManager->persist($newuser);
                $this->entityManager->flush();
                return $newuser;
            })
        );

        return $selfvalidating;
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
    {
        $session = $this->requestStack->getSession();
        if ($session->has("PostLoginRedirect")) {
            $targetUrl = $session->get("PostLoginRedirect");
        } else {
            $targetUrl = $this->router->generate('homepage');
        }
        return new RedirectResponse($targetUrl);
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
    {
        $message = strtr($exception->getMessageKey(), $exception->getMessageData());

        return new Response($message, Response::HTTP_FORBIDDEN);
    }
}