# frozen_string_literal: true

class PasswordValidator < ActiveModel::EachValidator
  def validate_each(record, attribute, value)
    return unless record.password_validation_required?

    if value.nil?
      record.errors.add(attribute, :blank)
    elsif value.length < SiteSetting.min_admin_password_length &&
          (record.admin? || is_developer?(record.email))
      record.errors.add(attribute, :too_short, count: SiteSetting.min_admin_password_length)
    elsif value.length < SiteSetting.min_password_length
      record.errors.add(attribute, :too_short, count: SiteSetting.min_password_length)
    elsif record.username.present? && value == record.username
      record.errors.add(attribute, :same_as_username)
    elsif record.name.present? && value == record.name
      record.errors.add(attribute, :same_as_name)
    elsif record.email.present? && value == record.email
      record.errors.add(attribute, :same_as_email)
    elsif record.confirm_password?(value)
      record.errors.add(attribute, :same_as_current)
    elsif record.password_expired?(value)
      record.errors.add(attribute, :same_as_previous)
    elsif SiteSetting.block_common_passwords && CommonPasswords.common_password?(value)
      record.errors.add(attribute, :common)
    elsif value.chars.uniq.length < SiteSetting.password_unique_characters
      record.errors.add(attribute, :unique_characters)
    end
  end

  def is_developer?(value)
    Rails.configuration.respond_to?(:developer_emails) &&
      Rails.configuration.developer_emails.include?(value)
  end
end