using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Authentication;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
using Tango.AzureUtils;
using Tango.AzureUtils.Web;
using Tango.MachineService.Gateway.Filters;
using Tango.Web.Controllers;
using Tango.Web.Security;

namespace Tango.MachineService.Gateway.Controllers
{
    public class AzureUtilsController : TangoController<AzureUtilsController.TokenObject>
    {
        public class TokenObject
        {
            public String Email { get; set; }
        }

        [HttpPost]
        public async Task<LoginResponse> Login(LoginRequest request)
        {
            var azure = await AzureUtils.AzureUtilsAuthenticationFactory.AuthenticateOrGetAsync();
            AzureUtils.ActiveDirectory.ActiveDirectoryManager adManager = new AzureUtils.ActiveDirectory.ActiveDirectoryManager(azure);

            try
            {
                await adManager.Authenticate(request.Email, request.Password);
            }
            catch (Exception ex)
            {
                throw new AuthenticationException("The specified email or password is incorrect.", ex);
            }

            //if (!adManager.IsUserMemberOf(GatewayConfig.AZURE_UTILS_GROUP, request.Email))
            //{
            //    throw new AuthenticationException("The specified user is not authorized to access the resource.");
            //}

            return new LoginResponse()
            {
                AccessToken = WebToken<TokenObject>.CreateNew(GatewayConfig.JWT_TOKEN_SECRET, new TokenObject()
                {
                    Email = request.Email,
                }, DateTime.UtcNow.AddDays(1)).AccessToken,
            };
        }

        [JwtTokenFilter]
        public AzureUtilsCredentials GetCredentials()
        {
            return AzureUtils.AzureUtilsAuthenticationFactory.GetGlobalCredentials();
        }
    }
}