<?php

namespace Trinity\Bundle\UserBundle\Controller;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\SecurityContext;
use FOS\UserBundle\Controller\SecurityController as BaseSecurityController;

class SecurityAdminController extends BaseSecurityController
{
    public function loginAction(Request $request)
    {
        /** @var $session \Symfony\Component\HttpFoundation\Session\Session */
        $session = $request->getSession();

        // get the error if any (works with forward and redirect -- see below)
        if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
            $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
        } elseif (null !== $session && $session->has(SecurityContext::AUTHENTICATION_ERROR)) {
            $error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
            $session->remove(SecurityContext::AUTHENTICATION_ERROR);
        } else {
            $error = '';
        }

        if ($error) {
            // TODO: this is a potential security risk (see http://trac.symfony-project.org/ticket/9523)
            $error = $error->getMessage();
        }
        // last username entered by the user
        $lastUsername = (null === $session) ? '' : $session->get(SecurityContext::LAST_USERNAME);

        $csrfToken = $this->container->has('form.csrf_provider')
            ? $this->container->get('form.csrf_provider')->generateCsrfToken('authenticate')
            : null;

        if ($request->isXmlHttpRequest()) {
            return $this->renderXhrLogin(array(
                    'last_username' => $lastUsername,
                    'error'         => $error,
                    'csrf_token'    => $csrfToken,
                ));
        } else {
            return $this->renderLogin(array(
                    'last_username' => $lastUsername,
                    'error'         => $error,
                    'csrf_token'	=> $csrfToken,
                    'logo'			=> '/bundles/trinityadminmenu/img/logo_signin.png'
                ));
        }
    }

    protected function renderLogin(array $data)
    {
        $template = sprintf('TrinityUserBundle:Security\Admin:login.html.%s', $this->container->getParameter('fos_user.template.engine'));

        return $this->container->get('templating')->renderResponse($template, $data);
    }

    protected function renderXhrLogin(array $data)
    {
        $template = sprintf('TrinityUserBundle:Security\Admin:loginXHR.html.%s', $this->container->getParameter('fos_user.template.engine'));

        return $this->container->get('templating')->renderResponse($template, $data);
    }

    public function checkAction()
    {
        throw new \RuntimeException('You must configure the check path to be handled by the firewall using form_login in your security firewall configuration.');
    }

    public function xhrcheckAction(Request $request)
    {
        if (false === $this->container->get('request')->isXmlHttpRequest()) {
            throw new \RuntimeException('This action is allowed in XHR context only.');
        }

        $result = array('success' => true);

        if (false === $this->container->get('security.context')->isGranted($this->container->getParameter('trinity_user.bo_auth_role'))) {
            $result = array('success' => false);
        }

        $response = new Response(json_encode($result));
        $response->headers->set('Content-Type', 'application/json');

        return $response;

    }

}