package eu.eudat.security.validators.linkedin;

import eu.eudat.exceptions.security.NonValidTokenException;
import eu.eudat.exceptions.security.UnauthorisedException;
import eu.eudat.models.login.LoginInfo;
import eu.eudat.models.loginprovider.LoginProviderUser;
import eu.eudat.models.security.Principal;
import eu.eudat.security.validators.TokenValidator;
import eu.eudat.security.validators.TokenValidatorFactoryImpl;
import eu.eudat.services.ApiContext;
import eu.eudat.services.operations.AuthenticationServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.social.linkedin.api.LinkedIn;
import org.springframework.social.linkedin.api.LinkedInProfile;
import org.springframework.social.linkedin.connect.LinkedInServiceProvider;
import org.springframework.social.oauth2.AccessGrant;
import org.springframework.stereotype.Component;

import java.io.IOException;
import java.security.GeneralSecurityException;


@Component("linkedInTokenValidator")
public class LinkedInTokenValidator implements TokenValidator {

    private Environment environment;
    private ApiContext apiContext;
    private AuthenticationServiceImpl authenticationServiceImpl;
    private LinkedInServiceProvider linkedInServiceProvider;

    @Autowired
    public LinkedInTokenValidator(Environment environment, ApiContext apiContext, AuthenticationServiceImpl authenticationServiceImpl) {
        this.environment = environment;
        this.apiContext = apiContext;
        this.authenticationServiceImpl = authenticationServiceImpl;
        this.linkedInServiceProvider = new LinkedInServiceProvider(this.environment.getProperty("linkedin.login.clientId"), this.environment.getProperty("linkedin.login.clientSecret"));
    }

    @Override
    public Principal validateToken(LoginInfo credentials) throws NonValidTokenException, IOException, GeneralSecurityException {
        AccessGrant accessGrant = this.linkedInServiceProvider.getOAuthOperations().exchangeForAccess(credentials.getTicket(), this.environment.getProperty("linkedin.login.redirect_uri"), null);
        LinkedIn linkedInService = this.linkedInServiceProvider.getApi(accessGrant.getAccessToken());
        LinkedInProfile linkedInProfile = linkedInService.profileOperations().getUserProfile();
        LoginProviderUser user = new LoginProviderUser();

        if (linkedInProfile.getEmailAddress() == null)
            throw new UnauthorisedException("Cannot login user.LinkedIn account did not provide email");
        user.setEmail(linkedInProfile.getEmailAddress());
        user.setId(linkedInProfile.getId());
        user.setIsVerified(true); //TODO
        user.setName(linkedInProfile.getFirstName() + " " + linkedInProfile.getLastName());
        user.setProvider(TokenValidatorFactoryImpl.LoginProvider.LINKEDIN);
        user.setSecret(accessGrant.getAccessToken());
        return this.authenticationServiceImpl.Touch(user);
    }
}