# frozen_string_literal: true

class Users::AssociateAccountsController < ApplicationController
  SECURE_SESSION_PREFIX ||= "omniauth_reconnect"

  before_action :ensure_logged_in

  def connect_info
    account_description = authenticator.description_for_auth_hash(auth_hash)
    existing_account_description = authenticator.description_for_user(current_user).presence
    render json: {
             token: params[:token],
             provider_name: auth_hash.provider,
             account_description: account_description,
             existing_account_description: existing_account_description,
           }
  end

  def connect
    if authenticator.description_for_user(current_user).present? && authenticator.can_revoke?
      authenticator.revoke(current_user)
    end

    DiscourseEvent.trigger(:before_auth, authenticator, auth_hash, session, cookies, request)
    auth_result = authenticator.after_authenticate(auth_hash, existing_account: current_user)
    DiscourseEvent.trigger(:after_auth, authenticator, auth_result, session, cookies, request)

    secure_session[self.class.key(params[:token])] = nil

    render json: success_json
  end

  private

  def auth_hash
    @auth_hash ||=
      begin
        token = params[:token]
        json = secure_session[self.class.key(token)]
        raise Discourse::NotFound if json.nil?

        OmniAuth::AuthHash.new(JSON.parse(json))
      end
  end

  def authenticator
    provider_name = auth_hash.provider
    authenticator = Discourse.enabled_authenticators.find { |a| a.name == provider_name }
    raise Discourse::InvalidAccess.new(I18n.t("authenticator_not_found")) if authenticator.nil?
    if !authenticator.can_connect_existing_user?
      raise Discourse::InvalidAccess.new(I18n.t("authenticator_no_connect"))
    end
    authenticator
  end

  def self.key(token)
    "#{SECURE_SESSION_PREFIX}_#{token}"
  end
end