require 'auth/app'
require 'auth/middleware'

require 'p4_error'
require 'pathname'
require 'P4'
require 'json'

# This is mostly a namespace of Authentication-related methods.
module Auth

  # Returns true if the string looks like a Perforce authentication ticket.
  def self.p4_ticket?(str)
    /^[a-zA-Z0-9]{32,}$/.match(str) != nil
  end

  def self.read_token(token, settings)
    token_path = Pathname.new(settings.token_path) + token
    if File.exist?(token_path)
      File.open(token_path, 'r') do |file|
        return JSON.parse(file.read)
      end
    end
    nil
  end

  private

  def self.warn_if_tmp_dir(token_dir)
    if token_dir.start_with?('/tmp')
      puts "Your token directory is using the default '/tmp' location, "\
          'please reconfigure to a reliable location'
    end
  end

  def self.warn_illegal_privileges(mode, token_dir)
    warn_unless_user_rwx(mode, token_dir)
    warn_no_group_write(mode, token_dir)
    warn_no_group_read(mode, token_dir)
    warn_no_group_execute(mode, token_dir)
    warn_no_other_write(mode, token_dir)
    warn_no_other_read(mode, token_dir)
    warn_no_other_execute(mode, token_dir)
  end

  # Check owner read/write/execute - should all be there
  def self.warn_unless_user_rwx(mode, token_dir)
    unless (mode & 0400 == 0400) &&
        (mode & 0200 == 0200) &&
        (mode & 0100 == 0100)
      puts "The token_path '#{token_dir}' should allow the owner read, "\
          'write and execute privileges'
    end
  end

  def self.warn_no_group_write(mode, token_dir)
    if (mode & 0040 == 0040)
      puts "The token_path '#{token_dir}' should not have group write access"
    end
  end

  def self.warn_no_group_read(mode, token_dir)
    if (mode & 0020 == 0020)
      puts "The token_path '#{token_dir}' should not have group read access"
    end
  end

  def self.warn_no_group_execute(mode, token_dir)
    if (mode & 0010 == 0010)
      puts "The token_path '#{token_dir}' should not have group "\
          'execute access'
    end
  end

  def self.warn_no_other_write(mode, token_dir)
    if (mode & 0004 == 0004)
      puts "The token_path '#{token_dir}' should not have other write access"
    end
  end

  def self.warn_no_other_read(mode, token_dir)
    if (mode & 0002 == 0002)
      puts "The token_path '#{token_dir}' should not have other read access"
    end
  end

  def self.warn_no_other_execute(mode, token_dir)
    if (mode & 0001 == 0001)
      puts "The token_path '#{token_dir}' should not have other "\
          'execute access'
    end
  end

  # We want special error handling here to return 4xx codes instead of 5xx
  # in the face of an invalid password. Temporarily drop to lowest
  # exception level, and
  # just return nil when login doesn't work.
  def self.ticket_from_login(p4)
    results = nil
    p4.at_exception_level(P4::RAISE_NONE) do
      results = p4.run_login('-p', '-a')
    end

    auth_ok = raise_unless_auth_error(p4)

    if !auth_ok
      nil
    else
      p4.password = results[0]
    end
  end

  def self.raise_unless_auth_error(p4)
    if Auth.error?(p4)
      msg = p4.messages[0]
      if msg.msgid == 7205 || # invalid user
          msg.msgid == 7206 # invalid password
        return false
      else
        Auth.raise_error(p4)
      end
    end
    true
  end

  def self.user_info(p4, results, ticket)
    {
        user: p4.user,
        email: results[0]['Email'],
        full_name: results[0]['FullName'],
        ticket: ticket
    }
  end

  # Check for P4 errors
  def self.error?(p4)
    !p4.errors.empty?
  end

  # Raise an exception if necessary on a P4 Error
  def self.raise_error(p4)
    err = p4.messages.find { |m| m.severity > 2 }
    fail P4Error.new(err.msgid, err.severity, err.to_s)
  end
end