package LDV::User;

use strict;
use warnings;
use utf8;

use Mojo::Base 'Mojolicious::Controller';

use Net::LDAP;
use Net::LDAP::Util qw(ldap_error_name); # is really needed?
use Crypt::SaltedHash;

# pages
sub login    { my ($self) = @_; $self->render(); }
sub register { my ($self) = @_; $self->render(); }

sub profile  {
  my ($self) = @_;

  if (my $uid = $self->session('useruid')) {
    my $data = $self->app->ldap->get($uid);
    $self->stash(user_data => $data);
    $self->render();
    return;
  }

  $self->redirect_to('/user/login');
  $self->rendered();
  return;
}

sub logout {
  my ($self) = @_;

  $self->session({useruid => undef});
  $self->redirect_to('/user/login');
  $self->rendered();
}

sub auth {
  my ($self) = @_;
  my $user = $self->req->param('username');
  my $pass = $self->req->param('password');

  if (my $delay = $self->app->config->{ldap}->{auth_delay}) {
    sleep $delay;
  }

  $self->redirect_to('/user/login');
}

sub update {
  my ($self) = @_;
  my ($data, $login);

  unless ($login = $self->session('useruid')) {
    $self->redirect_to('/user/login');
    return;
  }

  eval {
    my ($ldap, $mesg);
    $ldap = Net::LDAP->new($self->app->config->{server})
      or die("$@");
    $mesg = $ldap->bind($self->app->config->{binddn},
            password => $self->app->config->{bindpass});
    if ($mesg->code) {
      $self->app->log->error($mesg->error);
      die("Can't connect to server\n");
    }
    my $base = $self->app->config->{userbase};
    my $attrs = [ @{$self->app->config->{defattrs}} ];
    $mesg = $ldap->search(base   => $base, scope => 'one', deref => 'never',
                          filter => '(&(uid=$login)(class=InetOrgPerson))',
                          attrs  => $attrs);
    die("User not found\n")
      unless ($mesg->count);
    my $entry = $mesg->pop_entry();
    1;
  } or do {
  };

  $self->stash({user_data => $data});
  $self->render();
}

sub create
{
  my ($self) = @_;
  my ($result);

  $result = "Created";
  eval {
    my ($ldap, $mesg);
    $ldap = Net::LDAP->new($self->app->config->{server})
      or die("$@");
    $mesg = $ldap->bind($self->app->config->{binddn},
            password => $self->app->config->{bindpass});
    if ($mesg->code) {
      $self->app->log->error($mesg->error);
      die("Can't connect to server\n");
    }

    my $base = $self->app->config->{userbase};
    my $login = $self->req->param('login');
    die ("Empty username\n")
      unless ($login);
    die ("Forbidden characters in username\n")
      unless ($login =~ m|^[a-z]{2,36}$|oi);
    $mesg = $ldap->search(base   => $base, scope => 'one', deref => 'never',
                          filter => '(&(uid=$login)(class=InetOrgPerson))');
    die("This user already exists\n")
      if ($mesg->count);

    my $attrs = {};
    $attrs->{objectclass} = [ "top", @{$self->app->config->{defclasses}} ];
    $attrs->{mail}        = $self->req->param('mail');
    $attrs->{displayname} = $self->req->param('displayname') || '';
    if ($attrs->{displayname} =~ m|^(\S+)\s+(?:.*\s+)?(\S+)$|oi) {
      $attrs->{cn}        = $1;
      $attrs->{sn}        = $2;
    } else {
      $attrs->{cn}        = '!not set!';
      $attrs->{sn}        = '!not set!';
    }

    $attrs->{uid}         = $login;
    my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-1');
    $csh->add($self->req->param('pass'));
    $attrs->{userpassword} = $csh->generate();

    $mesg = $ldap->add("uid=$login,$base", attrs => [ %$attrs ]);
    if ($mesg->code) {
      $self->app->log->error($mesg->error);
      die("Can't add user\n");
    }

    $ldap->unbind(); 1;
  } or do {
    $self->app->log->error($@);
    $result = "Error: $@";
  };

  $self->flash({result => $result});
  $self->redirect_to('/user/create');
  $self->rendered();
  return 1;
}

1;