package org.apereo.cas.pm.web.flow;

import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties;
import org.apereo.cas.pm.PasswordManagementService;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

import javax.servlet.http.HttpServletRequest;
import java.util.HashSet;
import java.util.Map;

import static org.apereo.cas.pm.web.flow.SendPasswordResetInstructionsAction.*;

/**
 * This is {@link VerifyPasswordResetRequestAction}.
 *
 * @author Misagh Moayyed
 * @since 5.0.0
 */
public class VerifyPasswordResetRequestAction extends AbstractAction {
    private static final Logger LOGGER = LoggerFactory.getLogger(VerifyPasswordResetRequestAction.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    private PasswordManagementService passwordManagementService;

    public VerifyPasswordResetRequestAction(final PasswordManagementService passwordManagementService) {
        this.passwordManagementService = passwordManagementService;
    }

    @Override
    protected Event doExecute(final RequestContext requestContext) throws Exception {
        final PasswordManagementProperties pm = casProperties.getAuthn().getPm();

        final HttpServletRequest request = WebUtils.getHttpServletRequest(requestContext);
        final String token = request.getParameter(PARAMETER_NAME_TOKEN);

        if (StringUtils.isBlank(token)) {
            LOGGER.error("Password reset token is missing");
            return error();
        }

        final String username = passwordManagementService.parseToken(token);
        if (StringUtils.isBlank(username)) {
            LOGGER.error("Password reset token could not be verified");
            return error();
        }

        if (pm.getReset().isSecurityQuestionsEnabled()) {
            final Map<String, String> questions = passwordManagementService.getSecurityQuestions(username);
            if (questions.isEmpty()) {
                LOGGER.warn("No security questions could be found for [{}]", username);
                return error();
            }
            requestContext.getFlowScope().put("questions", new HashSet<>(questions.keySet()));
        } else {
            LOGGER.debug("Security questions are not enabled");
        }

        requestContext.getFlowScope().put("token", token);
        requestContext.getFlowScope().put("username", username);
        requestContext.getFlowScope().put("questionsEnabled", 
                pm.getReset().isSecurityQuestionsEnabled());

        if (pm.getReset().isSecurityQuestionsEnabled()) {
            return success();
        }
        return new EventFactorySupport().event(this, "questionsDisabled");
    }
}