package com.juick.service.security;

import com.juick.User;
import com.juick.service.security.entities.JuickUser;
import com.juick.service.UserService;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.RememberMeAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.WebUtils;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Created by aalexeev on 4/5/17.
 */
public class HashParamAuthenticationFilter extends OncePerRequestFilter {
    public static final String PARAM_NAME = "hash";

    private final UserService userService;
    private final RememberMeServices rememberMeServices;


    public HashParamAuthenticationFilter(
            final UserService userService,
            final RememberMeServices rememberMeServices) {
        Assert.notNull(userService, "userService should not be null");
        Assert.notNull(rememberMeServices, "rememberMeServices should not be null");

        this.userService = userService;
        this.rememberMeServices = rememberMeServices;
    }

    @Override
    protected void doFilterInternal(
            HttpServletRequest request,
            HttpServletResponse response,
            FilterChain filterChain) throws ServletException, IOException {

        String hash = getHashFromRequest(request);

        if (hash != null && authenticationIsRequired()) {
            User user = userService.getUserByHash(hash);

            if (!user.isAnonymous()) {
                Authentication authentication = new RememberMeAuthenticationToken(
                        hash, new JuickUser(user), JuickUser.USER_AUTHORITY);

                SecurityContextHolder.getContext().setAuthentication(authentication);

                rememberMeServices.loginSuccess(request, response, authentication);
            }
        }

        filterChain.doFilter(request, response);
    }

    private boolean authenticationIsRequired() {
        Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();

        return existingAuth == null ||
                !existingAuth.isAuthenticated() ||
                existingAuth instanceof AnonymousAuthenticationToken;
    }

    private String getHashFromRequest(HttpServletRequest request) {
        String paramHash = request.getParameter(PARAM_NAME);
        Cookie cookieHash = WebUtils.getCookie(request, PARAM_NAME);

        if (paramHash == null && cookieHash != null) {
            return cookieHash.getValue();
        }
        return paramHash;
    }
}