package LDV::User;

use strict;
use warnings;
use utf8;

use Mojo::Base 'Mojolicious::Controller';

# pages
sub login    { my ($self) = @_; $self->render(); }
sub register { my ($self) = @_; $self->render(); }

sub profile  {
  my ($self) = @_;

  if (my $uid = $self->session('useruid')) {
    my $data = $self->app->ldap->get($uid);
    $self->stash(user_data => $data);
    $self->render();
    return;
  }

  $self->redirect_to('/user/login');
  $self->rendered();
  return;
}

sub logout {
  my ($self) = @_;

  $self->session({useruid => undef});
  $self->redirect_to('/user/login');
  $self->rendered();
}

sub auth {
  my ($self) = @_;
  my $user = $self->req->param('username');
  my $pass = $self->req->param('password');

  eval {
    my $delay = $self->app->config->{ldap}->{auth_delay};
    sleep $delay if $delay;
    ($user and $pass)
      or die("empty username or password\n");
    ($user =~ m|^([a-z0-9_-]){3,64}$|oia)
      or die("wrong username\n");
    $self->app->ldap->auth($user, $pass)
      or die("wrong user or password\n");
    $self->session({useruid => $user});
    $self->redirect_to('/user/profile');
  } or do {
    $self->flash({result => "Auth failed: $@"});
    $self->redirect_to('/user/login');
  };

  $self->rendered;
  return;
}

sub create {
  my ($self) = @_;

  eval {
    my $error;
    my $user = $self->req->param('username');
    my $pass = $self->req->param('password');
    my $mail = $self->req->param('mail');
    ($user and $pass and $mail)
      or die("please fill all fields\n");
    ($user =~ m|^([a-z0-9_-]){3,64}$|oia)
      or die("wrong username\n");

    $error = $self->app->ldap->create($user);
    die("$error") if $error;
    $error = $self->app->ldap->update($user, {mail => $mail});
    die("$error") if $error;

    if ($self->app->{user}->{confirm_register}) {
      my $body = $self->render_partial(template => 'email/reg_success', format => 'txt');
      my $email = $self->app->email->create($mail, $self->l("Registration"), $body);
      $error = $self->app->email->send($mail, $email);
      die("$error") if $error;
      # TODO: generate and store recover code
    } else {
      $error = $self->app->ldap->chpass($user, $pass);
      die("$error") if $error;
    }

    $self->flash({result => "Success! Now you may log in."});
    $self->redirect_to('/user/profile'); 1;
  } or do {
    $self->app->log->error($@);
    $self->flash({result => "Can't create user: $@"});
    $self->redirect_to('/user/register');
  };

  $self->rendered();
  return 1;
}

sub update {
  my ($self) = @_;

  eval {
    my $user = $self->session('useruid')
      or die("not logged in\n");
    my $pass = $self->req->param('password')
      or die("need current password\n");
    $self->app->ldap->auth($user, $pass)
      or die("wrong password\n");

    my %attrs = ();
    foreach my $key (qw(displayName mail o mobile)) {
      my $value = $self->req->param(lc($key));
      $attrs{$key} = $value;
    }
    my $error = $self->app->ldap->update($user, \%attrs);
    die("$error\n") if $error;
    if ($self->app->config->{user}->{allow_chpass} and
        my $newpass = $self->req->param('newpass')) {
      $error = $self->app->ldap->chpass($user, $newpass);
      die("$error\n") if $error;
    }
    $self->redirect_to('/user/profile'); 1;
  } or do {
    $self->flash({result => "Can't save profile: $@"});
    $self->redirect_to('/user/login');
  };

  $self->rendered();
  return;
}

sub eaccess {
  my ($self) = @_;

  $self->res->code(403);
  $self->render;
}

1;