<?php

namespace Lu\LuAuth\Services;

/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */

use Lu\LuApi\Authentication\LuisLibrary;
use Lu\LuAuth\Models\Users;
use Lu\LDAPAuthorization\LDAP;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Core\Authentication\AuthenticationService;

/**
 * Class LUBEAuthService
 *
 * Backend Authentication class
 *
 * @author  Dainis Abols <dainis.abols@lu.lv>
 * @owner   University of Latvia
 * @version 3.0
 * @since   25.09.2017
 *
 * @package Lu\LuAuth\Services
 */
class LUBEAuthService extends AuthenticationService
{
    /**
     * Extension configuration
     *
     * @array
     */
    public $conf;

    /**
     * Basic login data
     *
     * @var
     */
    public $loginData;

    /**
     * Provided username
     *
     * @string
     */
    public $password;

    /**
     * Provided password
     *
     * @string
     */
    public $username;

    /**
     * Define used login provider. `default: 1433416747`
     *
     * @var string
     */
    public $loginProviderID = '1522914815';

    /**
     * Reads and initializes extension configuration
     *
     * @return bool
     */
    public function init()
    {
        $this->conf = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Configuration\ExtensionConfiguration::class)->get('lu_auth');

        return parent::init();
    }

    /**
     * Initializes authentication
     *
     * @param string                                                    $subType
     * @param array                                                     $loginData
     * @param array                                                     $authenticationInformation
     * @param \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication $parentObject
     */
    public function initAuth($subType, $loginData, $authenticationInformation, $parentObject)
    {
        $this->loginData = $loginData;
        $this->authInfo  = $authenticationInformation;
        $this->password  = $this->loginData['uident_text'];
        $this->username  = $this->loginData['uname'];

        $this->pObj = $parentObject;
    }

    /**
     * Get user data and redirect to auth site, if login successful
     *
     * @return array|null
     */
    public function getUser()
    {
        // Set initial authenticated value un false
        $user = [
            'authenticated' => false,
        ];

        // Check if login request
        if ($this->loginData['status'] == 'login' && $this->username) {
            // Init LDAP connection
            $ldap = new LDAP($this->conf['ldapServer'], $this->conf['ldapDC']);

            // Bind and get user data
            $ldapres = $ldap->authorize($this->username, $this->password);

            // Check if data recieved
            if ($ldapres) {
                // Fetch user data
                $UserModel = new Users('be');
                $user      = $UserModel->getUserData($this->username);

                if ($user) {
                    $user['authenticated'] = true;
                }
            } else {
                return null;
            }
        }

        // Return user data
        return $user;
    }

    /**
     * Authenticates the user
     *
     * @param array $user
     *
     * @return bool|int|mixed
     */
    public function authUser(array $user): int
    {
        // Pre-set used models
        $LuisLib = new LuisLibrary();

        // Sets initial to 100
        $OK = 100;

        if ($this->username) {
            $OK = @$user['authenticated'];

            // Failed login attempt (wrong password) - write that to the log!
            if (!$OK) {
                if ($this->writeAttemptLog) {
                    $this->writelog(
                        255, 3, 3, 1,
                        "Login-attempt from %s (%s), username '%s', password not accepted!",
                        [
                            $this->info['REMOTE_ADDR'],
                            $this->info['REMOTE_HOST'],
                            $this->username,
                        ]
                    );
                }
            }

            // Set 200, if authenticated
            $OK = $OK ? 200 : 100;
        }

        // Check domain lock
        if ($OK && $user['lockToDomain'] && $user['lockToDomain'] != $this->authInfo['HTTP_HOST']) {
            if ($this->writeAttemptLog) {
                $this->writelog(
                    255, 3, 3, 1,
                    "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!",
                    [
                        $this->authInfo['REMOTE_ADDR'],
                        $this->authInfo['REMOTE_HOST'],
                        $user[$this->authInfo['db_user']['username_column']],
                        $user['lockToDomain'], $this->authInfo['HTTP_HOST'],
                    ]
                );
            }

            $OK = false;
        }

        // Sync user image, if authenticated
        if ($OK == 200) {
            $LuisLib->syncUserImage($this->username);
        }

        return $OK;
    }
}