<?php
/*
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * This software consists of voluntary contributions made by many individuals
 * and is licensed under the MIT license.
 */

namespace ZfcUser\Controller;

use Zend\Form\Form;
use Zend\Mvc\Controller\AbstractActionController;
use Zend\Stdlib\ResponseInterface as Response;
use Zend\Stdlib\Parameters;
use Zend\View\Model\ViewModel;
use ZfcUser\Service\User as UserService;
use ZfcUser\Options\UserControllerOptionsInterface;
use Reservation\Model\Logs;
use Reservation\Model\Tables;
use Zend\Session\Container;
use Reservation\Helper\GlobalHelper;
use Reservation\Model\User;
use ZfcUser\Mapper\HydratorInterface as Hydrator;
use Reservation\Model\ConfigAccesTable;

use Zend\InputFilter\InputFilter;
use Zend\InputFilter\InputFilterAwareInterface;
use Zend\InputFilter\InputFilterInterface;

class UserController extends AbstractActionController
{
	const ROUTE_LOGIN        = 'zfcuser/login';
	const ROUTE_REGISTER     = 'zfcuser/register';

	const CONTROLLER_NAME    = 'zfcuser';

	/**
	 * @var UserService
	 */
	protected $userService;

	/**
	 * @var Form
	 */
	protected $loginForm;

	/**
	 * @var Form
	 */
	protected $registerForm;

	/**
	 * @todo Make this dynamic / translation-friendly
	 * @var string
	 */
	//protected $failedLoginMessage = 'Authentication failed. Please try again.';
	protected $failedLoginMessage = 'Authentification échouée. Merci de réessayer.';

	/**
	 * @var string
	 */
	protected $loginNamespace = 'zfcuser-login-form';

	/**
	 * @var UserControllerOptionsInterface
	 */
	protected $options;
	protected $logsTable;
	protected $globalHelper;
	protected $userTable;
	protected $formHydrator;
	protected $configAccesTable;

	public function __construct($userService, $options, $registerForm, $loginForm)
	{
		$this->userService = $userService;
		$this->options = $options;
		$this->registerForm = $registerForm;
		$this->loginForm = $loginForm;
	}

	/**
	 * User page
	 */
	public function indexAction()
	{
		if (!$this->zfcUserAuthentication()->hasIdentity()) {
			return $this->redirect()->toRoute(static::ROUTE_LOGIN);
		}
		return new ViewModel();
	}

	/**
	 * Login form
	 */
	public function loginAction()
	{
		syslog(LOG_INFO, __FILE__.".".__FUNCTION__.".".__LINE__."_$_SERVER[REMOTE_ADDR] ");
		if ($this->zfcUserAuthentication()->hasIdentity()) {
			return $this->redirect()->toRoute($this->options->getLoginRedirectRoute());
		}

		$paramForgetPwd = $this->params()->fromRoute('param', '');

		$request = $this->getRequest();
		$post    = $request->getPost();

		$form    = $this->loginForm;
		$fm = $this->flashMessenger()->setNamespace($this->loginNamespace)->getMessages();
		if (isset($fm[0])) {
			$this->loginForm->setMessages(
				array('identity' => array($fm[0]))
			);
		}

		if ($this->options->getUseRedirectParameterIfPresent()) {
			$redirect = $request->getQuery()->get('redirect', (!empty($post['redirect'])) ? $post['redirect'] : false);
		} else {
			$redirect = false;
		}

		$outside = false;
		if($request->isPost() && $request->getPost('outside') == '1') {
			$redirect = $request->getPost('redirect');
			$basePath = $this->getBaseUrl();

			if(substr($redirect, 0, 1) == '/' && substr($basePath, -1, 1) == '/') {
				$redirect = substr($redirect, 1);
			}

			$redirect = $basePath.$redirect;

			$outside = true;
		}

		if (!$request->isPost() || $outside) {
			return array(
				'loginForm' => $form,
				'redirect'  => $redirect,
				'enableRegistration' => $this->options->getEnableRegistration(),
				'outside' => $outside,
				'paramForgetPwd' => $paramForgetPwd,
			);
		}

		$form->setData($post);

		if (!$form->isValid()) {
			syslog(LOG_INFO, __FILE__.".".__FUNCTION__.".".__LINE__."_$_SERVER[REMOTE_ADDR] identity=$post[identity] / $post[credential] : INVALID");
			$this->flashMessenger()->setNamespace($this->loginNamespace)->addMessage($this->failedLoginMessage);
			return $this->redirect()->toUrl($this->url()->fromRoute(static::ROUTE_LOGIN).($redirect ? '?redirect='. rawurlencode($redirect) : ''));
		}
		syslog(LOG_INFO, __FILE__.".".__FUNCTION__.".".__LINE__."_$_SERVER[REMOTE_ADDR] identity=$post[identity] / $post[credential] : VALID");


		// clear adapters
		$this->zfcUserAuthentication()->getAuthAdapter()->resetAdapters();
		$this->zfcUserAuthentication()->getAuthService()->clearIdentity();

		return $this->forward()->dispatch(static::CONTROLLER_NAME, array('action' => 'authenticate'));
	}

	private function getBaseUrl()
	{
		$basePath = $this->getRequest()->getBasePath();
		$uri = new \Zend\Uri\Uri($this->getRequest()->getUri());
		$uri->setPath($basePath);
		$uri->setQuery(array());
		$uri->setFragment('');

		$helper = $this->getServiceLocator()->get('ViewHelperManager')->get('ServerUrl');
		$url = $helper->__invoke(false);
		$ds = '/';
		if(substr($uri->getPath(), 0, 1) == '/') {
			$ds = '';
		}


		$baseUrl = $url . $ds . $uri->getPath();
		return $baseUrl;
	}

	public function ssologinAction()
	{
		if ($_SERVER['IRIGA_SSO_NAME'] && $_SERVER['IRIGA_SSO_BO']) {
			$nomChampEmail	= $_SERVER['IRIGA_SSO_EMAIL'] ?: 'OIDC_CLAIM_email';
			$champEmail	= $_SERVER[$nomChampEmail];
			syslog(LOG_INFO, __FILE__.".".__FUNCTION__.".".__LINE__."_$_SERVER[REMOTE_ADDR] : $nomChampEmail=$champEmail");
		}

		// clear adapters
		$this->zfcUserAuthentication()->getAuthAdapter()->resetAdapters();
		$this->zfcUserAuthentication()->getAuthService()->clearIdentity();

		return $this->forward()->dispatch(static::CONTROLLER_NAME, array('action' => 'authenticate'));
	}

	/**
	 * Logout and clear the identity
	 */
	public function logoutAction()
	{
		syslog(LOG_INFO, __FILE__.".".__FUNCTION__.".".__LINE__."_$_SERVER[REMOTE_ADDR] ");
		$sessFB = new Container('filtreBandeau');
		$sessFB->filtres = null;

		$this->zfcUserAuthentication()->getAuthAdapter()->resetAdapters();
		$this->zfcUserAuthentication()->getAuthAdapter()->logoutAdapters();
		$this->zfcUserAuthentication()->getAuthService()->clearIdentity();

		$redirect = $this->params()->fromPost('redirect', $this->params()->fromQuery('redirect', false));

		if ($this->options->getUseRedirectParameterIfPresent() && $redirect) {
			return $this->redirect()->toRoute($redirect);
		}

		return $this->redirect()->toRoute($this->options->getLogoutRedirectRoute());
	}

	/**
	 * General-purpose authentication action
	 */
	public function authenticateAction()
	{
		if ($this->zfcUserAuthentication()->hasIdentity()) {
			return $this->redirect()->toRoute($this->options->getLoginRedirectRoute());
		}

		$adapter = $this->zfcUserAuthentication()->getAuthAdapter();
		$redirect = $this->params()->fromPost('redirect', false);
		$toUrl = $this->params()->fromPost('toUrl', $this->params()->fromQuery('toUrl', false));


		$result = $adapter->prepareForAuthentication($this->getRequest());

		// Return early if an adapter returned a response
		if ($result instanceof Response) {
			return $result;
		}

		$auth = $this->zfcUserAuthentication()->getAuthService()->authenticate($adapter);


		if (!$auth->isValid()) {
			syslog(LOG_INFO, __FILE__.".".__FUNCTION__.".".__LINE__."_$_SERVER[REMOTE_ADDR] auth=INVALID");
			$authMessages       = $auth->getMessages();
			if ($authMessages && substr($authMessages[0], 0, 9) == 'SSO_MSG1:') {
				$this->flashMessenger()->setNamespace($this->loginNamespace)->addMessage($_SERVER['IRIGA_SSO_ERROR1']);
			} else {
				$this->flashMessenger()->setNamespace($this->loginNamespace)->addMessage($this->failedLoginMessage);
			}
			$adapter->resetAdapters();
			return $this->redirect()->toUrl(
				$this->url()->fromRoute(static::ROUTE_LOGIN) .
				($redirect ? '?redirect='. rawurlencode($redirect) : '')
			);
		}

		if($auth->isValid()) {
			$authSM = $this->getServiceLocator()->get('zfcuser_auth_service');
			$user = $authSM->getIdentity();
			$gestId =  $user->getId();
			syslog(LOG_INFO, __FILE__.".".__FUNCTION__.".".__LINE__."_$_SERVER[REMOTE_ADDR] : gestId=$gestId email=".$user->getEmail()." userName=".$user->getUserName()." (".$user->getDisplayName().")");

			//vérification si le user a bien un profile
			try {
				$utilisateur = $this->getUserTable()->getUser($gestId);
				if($utilisateur->role_id == "guest") {
					$adapter->resetAdapters();
					$this->zfcUserAuthentication()->getAuthAdapter()->resetAdapters();
					$this->zfcUserAuthentication()->getAuthAdapter()->logoutAdapters();
					$this->zfcUserAuthentication()->getAuthService()->clearIdentity();

					$this->flashMessenger()->setNamespace($this->loginNamespace)->addMessage("Vous n'avez pas l'accès");
					return $this->redirect()->toUrl($this->url()->fromRoute(static::ROUTE_LOGIN).($redirect ? '?redirect='. rawurlencode($redirect) : ''));
				}
			} catch(\Exception $ex) {
				$adapter->resetAdapters();
				$this->zfcUserAuthentication()->getAuthAdapter()->resetAdapters();
				$this->zfcUserAuthentication()->getAuthAdapter()->logoutAdapters();
				$this->zfcUserAuthentication()->getAuthService()->clearIdentity();

				$this->flashMessenger()->setNamespace($this->loginNamespace)->addMessage("Vous n'avez pas de profil affecté");
				return $this->redirect()->toUrl($this->url()->fromRoute(static::ROUTE_LOGIN).($redirect ? '?redirect='. rawurlencode($redirect) : ''));
			}

			##Vérification du login PMS
			$checkMdpPMS = $this->getConfigAccesTable()->checkPMSPwdBO();
			$_SESSION['erreurLoginPMS'] = false;

			if($checkMdpPMS) {
				$ret = $this->checkLoginPMS($user);
				$isValidePMS = $ret['isValidePMS'];
				$msgPMS = $ret['msgPMS'];
				if(!$isValidePMS) {
					$_SESSION['erreurLoginPMS'] = true;
					/* if(!$msgPMS) $msgPMS = "Erreur login PMS";
					$adapter->resetAdapters();
					$this->zfcUserAuthentication()->getAuthAdapter()->resetAdapters();
					$this->zfcUserAuthentication()->getAuthAdapter()->logoutAdapters();
					$this->zfcUserAuthentication()->getAuthService()->clearIdentity();

					$this->flashMessenger()->setNamespace($this->loginNamespace)->addMessage($msgPMS);
					return $this->redirect()->toUrl($this->url()->fromRoute(static::ROUTE_LOGIN).($redirect ? '?redirect='. rawurlencode($redirect) : ''));
					*/

				}
			}

			$logs = new Logs();
			$operation = "Authentification au BO du : ".$user->getDisplayName();
			$dataLog = array('operation' => $operation,
							'dateOperation' => date('Y-m-d H:i:s'),
							'dataBefore' => array(),
							'dataAfter' => array(),
							'idGestionnaire' => $gestId,
							'tableName' => 'users');

			$this->storeRules($user->getId());

			$logs->exchangeArray($dataLog);
			$this->getLogsTable()->saveLogs($logs);
		}

		if ($this->options->getUseRedirectParameterIfPresent() && $redirect) {
			//echo $redirect;exit();
			if($redirect) {
				return $this->redirect()->toUrl($redirect);
			}
			return $this->redirect()->toRoute($redirect);
		}

		$route = $this->options->getLoginRedirectRoute();

		if (is_callable($route)) {
			$route = $route($this->zfcUserAuthentication()->getIdentity());
		}


		if($toUrl) {
			return $this->redirect()->toUrl($redirect);
		}

		return $this->redirect()->toRoute($route);
	}

	/**
	 * Register new user
	 */
	public function registerAction()
	{
		return $this->redirect()->toRoute('zfcuser/login', array('action' => 'login'));
		// if the user is logged in, we don't need to register
		if ($this->zfcUserAuthentication()->hasIdentity()) {
			// redirect to the login redirect route
			return $this->redirect()->toRoute($this->options->getLoginRedirectRoute());
		}
		// if registration is disabled
		if (!$this->options->getEnableRegistration()) {
			return array('enableRegistration' => false);
		}

		$request = $this->getRequest();
		$service = $this->userService;
		$form = $this->registerForm;

		if ($this->options->getUseRedirectParameterIfPresent() && $request->getQuery()->get('redirect')) {
			$redirect = $request->getQuery()->get('redirect');
		} else {
			$redirect = false;
		}

		$redirectUrl = $this->url()->fromRoute(static::ROUTE_REGISTER)
			. ($redirect ? '?redirect=' . rawurlencode($redirect) : '');
		$prg = $this->prg($redirectUrl, true);

		if ($prg instanceof Response) {
			return $prg;
		} elseif ($prg === false) {
			return array(
				'registerForm' => $form,
				'enableRegistration' => $this->options->getEnableRegistration(),
				'redirect' => $redirect,
			);
		}

		$post = $prg;
		$user = $service->register($post);

		$redirect = isset($prg['redirect']) ? $prg['redirect'] : null;

		if (!$user) {
			return array(
				'registerForm' => $form,
				'enableRegistration' => $this->options->getEnableRegistration(),
				'redirect' => $redirect,
			);
		}

		if ($service->getOptions()->getLoginAfterRegistration()) {
			$identityFields = $service->getOptions()->getAuthIdentityFields();
			if (in_array('email', $identityFields)) {
				$post['identity'] = $user->getEmail();
			} elseif (in_array('username', $identityFields)) {
				$post['identity'] = $user->getUsername();
			}
			$post['credential'] = $post['password'];
			$request->setPost(new Parameters($post));
			return $this->forward()->dispatch(static::CONTROLLER_NAME, array('action' => 'authenticate'));
		}

		// TODO: Add the redirect parameter here...
		return $this->redirect()->toUrl($this->url()->fromRoute(static::ROUTE_LOGIN) . ($redirect ? '?redirect='. rawurlencode($redirect) : ''));
	}

	public function getLogsTable()
	{
		if (!$this->logsTable) {
			$sm = $this->getServiceLocator();
			$this->logsTable = $sm->get('Reservation\Model\LogsTable');
		}
		return $this->logsTable;
	}

	private function storeRules($userid)
	{

		$tableObj = new Tables('droit_config', $this->getServiceLocator()->get('Zend\Db\Adapter\Adapter'));
		$select = $tableObj->getTable()->getSql()->select();
		$select->join('user_role_linker', 'droit_config.role_id = user_role_linker.role_id', array(), 'LEFT');
		$select->join('droit_elements', 'droit_config.droit_id = droit_elements.id', array('unique_name'), 'LEFT');
		$select->where(array('user_role_linker.user_id' => $userid));
		$rows = $tableObj->getTable()->selectWith($select);
		$result = array();
		foreach($rows as $row) {
			$result[$row->unique_name] = $row->value;
		}

		$_SESSION['USERDROIT'] = $result;

	}

	## vérification login PMS
	private function checkLoginPMS($user)
	{

		$username = $user->getUsername();
		$pms = $this->getGlobalHelper()->getPMSObjectByClassName('Bredea');

		$msg = "";
		$isValide = true;
		if(is_object($pms)) {
			$isValidUsername = $pms->checkUtilisateurUsername($username);
			if($isValidUsername == true) {
				//on vérifie le mot de passe
				$pwdPMS = $pms->getUtilisateurPassword($username);
				if($pwdPMS) {
					$pwdCrypt = $this->getFormHydrator()->getCryptoService()->create($pwdPMS);
					if($pwdCrypt != $user->getPassword()) {
						$isValide = false;
						$msg = "Mot de passe PMS invalide";
					}
				}
			}
		} elseif(!$pms) {
			$msg = "";
		} else {
			$msg = $pms;
		}

		return array('isValidePMS' => $isValide,'msgPMS' => $msg);
	}

	##Action mot de passe oublié
	public function forgetpwdAction()
	{
		$request = $this->getRequest();
		$msg = "";
		$form = new Form('forgetpwd');

		$form->add(array(
			 'type' => 'Zend\Form\Element\Text',
			 'name' => 'username',
			 'options' => array(
				 'label' => 'Nom d\'utilisateur',
			),
			 'attributes' => array(
				 'class' => 'form-control input',
				 'required' => true,
			 ),
		));

		$form->add(array(
			'type' => 'Zend\Form\Element\Csrf',
			'name' => 'csrf',
			'options' => array(
				'csrf_options' => array(
					'timeout' => 600
				)
			)
		));

		$inputFilter = new InputFilter();

		$inputFilter->add(array(
				'name'     => 'username',
				'required' => true,
				'filters'  => array(
					array('name' => 'StripTags'),
					array('name' => 'StringTrim'),
				),
				'validators' => array(
					array(
						'name'    => 'StringLength',
						'options' => array(
							'encoding' => 'UTF-8',
							'min'      => 1,
							'max'      => 100,
						),
					),
				),
			));

		if($request->isPost()) {
			$form->setInputFilter($inputFilter);
			$form->setData($request->getPost());
			if ($form->isValid()) {
				$data = $form->getData();
				//$username = $request->getPost('username');
				$username = $data['username'];
				if(trim($username)) {
					$user = $this->getUserTable()->getUserBy(array('username' => trim($username),'deleted' => 0));
					if($user) {
						syslog(LOG_INFO, __FILE__.".".__FUNCTION__.".".__LINE__."_$_SERVER[REMOTE_ADDR] username=$username userId=".$user->user_id." userEmail=".$user->email);
						$this->forward()->dispatch('Application\Controller\Reservation', array(
							'action' => 'envoyerMailMdpOublierBO',
							'id'    => $user->user_id,
						));

						return $this->redirect()->toRoute('zfcuser/login', array('action' => 'login','param' => 'fp'));
					} else {
						syslog(LOG_INFO, __FILE__.".".__FUNCTION__.".".__LINE__."_$_SERVER[REMOTE_ADDR] username=$username absent");
						//$msg = "Aucun utilisateur trouvé qui correspond au nom d'utilisateur $username";
						$msg = "Si le nom d'utilisateur est connu vous avez reçu un nouveau mot de passe.";//raison pb de securité
						return $this->redirect()->toRoute('zfcuser/login', array('action' => 'login','param' => 'fp'));
					}
				} else {
					$msg = "Veuillez remplir votre nom d'utilisateur";
				}
			} else {
				$errors = $form->getMessages();
				foreach($errors as $el => $errorEl) {
					foreach($errorEl as $name => $error) {
						$msg .= $error."<br>";
					}
				}
			}
		}

		return array('msg' => $msg,'form' => $form);
	}

	public function getGlobalHelper()
	{
		if(!$this->globalHelper) {
			$this->globalHelper = new GlobalHelper($this->getServiceLocator());
		}
		return $this->globalHelper;
	}

	public function getConfigAccesTable()
	{
		$adapter = $this->getServiceLocator()->get('Zend\Db\Adapter\Adapter');
		if (!$this->configAccesTable) {
			$this->configAccesTable = new ConfigAccesTable($adapter);
		}
		return $this->configAccesTable;
	}

	public function getUserTable()
	{
		if (!$this->userTable) {
			$sm = $this->getServiceLocator();
			$this->userTable = $sm->get('Reservation\Model\UserTable');
		}
		return $this->userTable;
	}

	public function getFormHydrator()
	{
		if (!$this->formHydrator instanceof Hydrator) {
			$this->formHydrator = $this->getServiceLocator()->get('zfcuser_user_hydrator');
		}
		return $this->formHydrator;
	}


}