use percent_encoding::percent_decode_str;

use crate::api_data::account_export_api::AccountExportAPI;
use crate::api_data::current_user_id::CurrentUserID;
use crate::api_data::login_success::LoginSuccess;
use crate::api_data::res_check_email_exists::ResCheckEmailExists;
use crate::api_data::res_check_security_answers::ResCheckSecurityAnswers;
use crate::api_data::res_check_security_questions_exists::ResCheckSecurityQuestionsExists;
use crate::api_data::res_get_security_questions::ResGetSecurityQuestions;
use crate::constants::PASSWORD_RESET_TOKEN_LENGTH;
use crate::controllers::routes::RequestResult;
use crate::data::error::ResultBoxError;
use crate::data::http_request_handler::HttpRequestHandler;
use crate::data::new_account::NewAccount;
use crate::data::user::{User, UserID};
use crate::helpers::{account_helper, user_helper};

/// Account controller
///
/// @author Pierre Hubert

impl HttpRequestHandler {
    /// Get information about a user based on its email address specified in the request
    pub fn post_user_info_from_email(&mut self, field: &str) -> ResultBoxError<User> {
        let email = self.post_email(field)?;

        self.ok_or_not_found(
            user_helper::find_user_by_email(&email),
            format!("Requested user in '{}' not found!", email).as_str(),
        )
    }

    /// Get the ID of the user associated with a password reset token
    pub fn post_user_id_from_password_reset_token(&mut self, field: &str) -> ResultBoxError<UserID> {
        let token = self.post_string_opt(field, PASSWORD_RESET_TOKEN_LENGTH, true)?;
        let user_id = self.ok_or_forbidden(
            account_helper::get_user_id_from_password_reset_token(&token),
            "Invalid password reset token!",
        )?;

        Ok(user_id)
    }
}

/// Create a new account
pub fn create(r: &mut HttpRequestHandler) -> RequestResult {
    // TODO : limit request

    // Get & check email
    let email = r.post_email("emailAddress")?;
    if account_helper::exists_mail(&email)? {
        r.conflict("This email address already belongs to an account!".to_string())?;
    }

    let new_account = NewAccount {
        first_name: r.post_content("firstName", 3, true)?,
        last_name: r.post_content("lastName", 3, true)?,
        email,
        password: r.post_string_opt("password", 3, true)?,
    };

    account_helper::create(&new_account)?;

    // TODO : limit request

    r.success("Account created!")
}

/// Sign in user
pub fn login_user(request: &mut HttpRequestHandler) -> RequestResult {
    let email = request.post_email("userMail")?;
    let password = request.post_string_opt("userPassword", 3, true)?;

    // TODO : limit request

    // Authenticate user
    let token = account_helper::login_user(
        &email, &password, request.api_client());

    match token {
        Ok(t) => {
            request.set_response(LoginSuccess::new(&t))
        }
        Err(e) => {
            // TODO : limit request
            println!("Error on login: {}", e);
            request.forbidden("Invalid email address / password!".to_string())
        }
    }
}

/// Sign out user
pub fn logout_user(request: &mut HttpRequestHandler) -> RequestResult {
    account_helper::destroy_login_tokens(
        &request.user_id()?,
        request.api_client(),
    )?;

    request.success("User disconnected.")
}

/// Disconnect a user from all his devices
pub fn disconnect_all_devices(r: &mut HttpRequestHandler) -> RequestResult {
    account_helper::destroy_all_user_tokens(r.user_id_ref()?)?;

    r.success("Successfully disconnected!")
}

/// Get current user ID
pub fn user_id(request: &mut HttpRequestHandler) -> RequestResult {
    request.set_response(CurrentUserID::new(&request.user_id()?))
}

/// Check out whether an email address exists or not
pub fn exists_mail(r: &mut HttpRequestHandler) -> RequestResult {
    let email = r.post_email("email")?;

    r.set_response(ResCheckEmailExists::new(account_helper::exists_mail(&email)?))
}

/// Check out whether a given user has set security questions or not
pub fn has_security_questions(r: &mut HttpRequestHandler) -> RequestResult {
    let user = r.post_user_info_from_email("email")?;

    r.set_response(ResCheckSecurityQuestionsExists::new(user.has_security_questions()))
}

/// Get the security questions of a user
pub fn get_security_questions(r: &mut HttpRequestHandler) -> RequestResult {
    let user = r.post_user_info_from_email("email")?;

    if !user.has_security_questions() {
        r.forbidden("Specified user has not defined security questions!".to_string())?;
    }

    r.set_response(ResGetSecurityQuestions::new(&user))
}

/// Check the security answers given by a user to reset a password
pub fn check_security_answers(r: &mut HttpRequestHandler) -> RequestResult {
    let user = r.post_user_info_from_email("email")?;

    if !user.has_security_questions() {
        r.forbidden("Specified user has not setup security questions !".to_string())?;
    }

    let answers: Vec<String> = r.post_string_opt("answers", 3, true)?
        .split("&")
        .map(|s| percent_decode_str(s).decode_utf8_lossy().to_lowercase().trim().to_string())
        .collect::<Vec<String>>();

    if answers.len() != 2 {
        r.forbidden("Please specify two answers!".to_string())?;
    }

    if answers[0] != user.security_answer_1.unwrap().to_lowercase().trim() ||
        answers[1] != user.security_answer_2.unwrap().to_lowercase().trim() {
        r.forbidden("Invalid security answers!".to_string())?;
    }

    let token = account_helper::generate_password_reset_token(&user.id)?;

    r.set_response(ResCheckSecurityAnswers::new(token))
}

/// Check the validity of a password reset token
pub fn check_password_reset_token(r: &mut HttpRequestHandler) -> RequestResult {
    r.post_user_id_from_password_reset_token("token")?;
    r.success("The token is valid")
}

/// Reset user password
pub fn reset_user_password(r: &mut HttpRequestHandler) -> RequestResult {
    let user_id = r.post_user_id_from_password_reset_token("token")?;
    let new_password = r.post_string_opt("password", 3, true)?;

    account_helper::change_password(&user_id, &new_password)?;

    account_helper::destroy_password_reset_token_for_user(&user_id)?;

    r.success("Password changed!")
}

/// Export account's data
pub fn export_data(r: &mut HttpRequestHandler) -> RequestResult {
    r.need_user_password("password")?;

    let data = account_helper::export(r.user_id_ref()?)?;

    r.set_response(AccountExportAPI::new(&data)?)
}

/// Delete an account
pub fn delete_account(r: &mut HttpRequestHandler) -> RequestResult {
    r.need_user_password("password")?;

    if r.user_id()?.id() < 2 {
        // I do not want anybody delete my account...
        r.forbidden("You shall not delete MY account (whoever you are, please note that hacking is bad !!!)".to_string())?;
    }

    account_helper::delete(r.user_id_ref()?)?;

    r.success("Account deleted.")
}