<?php

namespace App\Http\Controllers\Auth;

use const App\Http\Controllers\LLAVE_VERSION_APLICACION;
use const App\Http\Controllers\VERSION_APLICACION;
use App\Http\Requests\LoginRequest;
use App\Http\Requests\TokenFirebaseRequest;
use App\Mail\ResetPassword;
use App\Models\Parametro;
use App\Models\RolUser;
use App\Models\TipoEmpleado;
use App\Models\User;
use Cartalyst\Sentinel\Checkpoints\NotActivatedException;
use Cartalyst\Sentinel\Checkpoints\ThrottlingException;
use Cartalyst\Sentinel\Native\Facades\Sentinel;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Mail;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Facades\JWTAuth;
use Log;
use Auth;

class AuthenticateController extends Controller
{
    public function getAccessToken(LoginRequest $request)
    {

        $credentials = $request->only('email', 'password');
        $dispositivo_id = $request->input('dispositivo_id', NULL);
        $version_apk = $request->input('version_apk', false);
        $version_parametro = Parametro::where('llave',LLAVE_VERSION_APLICACION)->first();


        try {

            $usuario = User::where('email', $credentials['email'])->first();


            if ($usuario) {
                $tipo = TipoEmpleado::where('id', $usuario->tipo_empleado_id)->first();

                if (!$tipo->login) {
                    return response()->forbidden('No cuentas con los suficientes permisos para acceder a este módulo.');
                }
            }

            try {
                if (!$user = Sentinel::forceAuthenticate($credentials)) {
                    return response()->unauthorized('Usuario y/o contraseña incorrectas.');
                }
            } catch (ThrottlingException $e) {
                return response()->tooManyAttempts('too_many_attempts');
            }

            $token = JWTAuth::attempt($credentials);

            if (!$token) {
                return response()->unauthorized('Usuario y/o contraseña incorrectas.');
            }

            $application = $request->header('Application');

            if ($application == 'MOVIL' && (!$version_apk || $version_apk != $version_parametro->valor)){
                return response()->unauthorized('Existe una nueva versión disponible, contacta con tu supervisor.');
            }

            $user = Auth::user();

            $role_id = RolUser::where('user_id', $user->id)->first();
            $role = Sentinel::findRoleById($role_id->role_id);

            $this->validarAplicacion($application, $role);

            if ($dispositivo_id != null) {
                $user->dispositivo_id = $dispositivo_id;
                $user->update();
            }

            return response()->success(compact('user', 'token', 'role'));


        } catch (JWTException $e) {
            // something went wrong whilst attempting to encode the token
            return response()->json(['error' => 'could_not_create_token'], 500);

        } catch (NotActivatedException $e) {

            return response()->badRequest($e->getMessage());
        } catch (\Exception $e) {

            if ($e->getCode() == 400) {
                return response()->badRequest($e->getMessage());
            }

            if ($e->getCode() == 401) {
                return response()->unauthorized($e->getMessage());
            }

            if ($e->getCode() == 403) {
                return response()->forbidden($e->getMessage());
            }

            if ($e->getCode() == 404) {
                return response()->notFound($e->getMessage());
            }

            if ($e->getCode() == 422) {
                return response()->unprocessable('Error', [$e->getMessage()]);
            }

            return response()->json(['error' => $e->getMessage()], $e->getCode());

        }
    }

    public function validarAplicacion($application, $role)
    {

        if (!$application)
            throw new \Exception('El header Application es obligatorio.', 400);


        if (strtoupper($application) == 'MOVIL') {

            if (!$role->movil) {
                throw new \Exception('No cuentas con los suficientes permisos para acceder a este módulo.', 403);
            }

        } elseif (strtoupper($application) == 'WEB') {

            if (!$role->web) {
                throw new \Exception('No cuentas con los suficientes permisos para acceder a este módulo.', 403);
            }

        }
    }

    /**
     * Actualizar json token web
     * Retorna un nuevo token de acceso **JWT**
     *
     * @param App\Http\Request $request
     * @return \Illuminate\Http\Response
     */
    public function refreshAccessToken(Request $request)
    {

        $token = JWTAuth::parseToken()->refresh();

        return response()->success(compact('token'));

    }

    /**
     *
     * Recuperar Contraseña
     * @param App\Http\Request $request
     * @return \Illuminate\Http\Response
     */
    public function recoverPassword(Request $request)
    {
        $email = $request->input('email', false);

        $user = User::where('email', $email)->first();

        if (!$user) {
            return response()->unprocessable('Error', ['El usuario no se encuentra disponible.']);
        }

        $newpass = str_random(4);
        $newpass = strtolower($newpass);
        $user->password = bcrypt($newpass);
        $user->solicitar = 1;
        $user->save();
        $user['nueva'] = $newpass;
        Mail::to($email)->send(new ResetPassword($user));
        $mensaje = "Acabamos de enviar un correo electrónico con su contraseña.";

        return response()->success(['result' => $mensaje]);
    }

    /**
     *
     * Actualizar Contraseña
     * @param App\Http\Request $request
     * @return \Illuminate\Http\Response
     */
    public function updatePassword(Request $request)
    {
        $user = Auth::user();

        $data = $request->only([
            'old_password',
            'password',
            'password_confirm'
        ]);

        $current_password = Auth::attempt(['email' => $user->email, 'password' => $data['old_password']]);

        if ($current_password) {
            if ($data['password'] == $data['password_confirm']) {
                $user->password = bcrypt($data['password']);
                $user->solicitar = 0;
                $user->update();
                return response()->success(['result' => 'Contraseña actualizada correctamente']);
            } else {
                $msg = 'Las contraseñas no coinciden.';
                return response()->unprocessable('Error', [$msg]);
            }
        } else {
            return response()->unprocessable('Error', ['Contraseña actual incorrecta.']);
        }
    }

    public function tokenFirebase(TokenFirebaseRequest $request)
    {

        $user = Auth::user();

        $data = $request->only(['token_firebase']);

        User::where('id', $user->id)->first()->update($data);

        return response()->success(['result' => 'ok']);
    }
}