/**
 * The MIT License (MIT)
 *
 * Copyright (C) 2013-2016 tarent solutions GmbH
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
package org.osiam.security.authorization;

import org.osiam.security.authentication.OsiamClientDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpSession;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;

/**
 * A default user approval handler that doesn't remember any decisions.
 *
 * @author Dave Syer
 */
@Component
public class OsiamUserApprovalHandler extends DefaultUserApprovalHandler {

    private static final String APPROVALS_SESSION_KEY = "osiam_oauth_approvals";
    private static final String IS_PRE_APPROVED_PARAMETER = "osiam_is_pre_approved";

    private final HttpSession httpSession;
    private final OsiamClientDetailsService osiamClientDetailsService;

    @Autowired
    public OsiamUserApprovalHandler(HttpSession httpSession, OsiamClientDetailsService osiamClientDetailsService) {
        this.httpSession = httpSession;
        this.osiamClientDetailsService = osiamClientDetailsService;
    }

    @Override
    public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest,
                                                    Authentication userAuthentication) {
        ClientDetails client = osiamClientDetailsService.loadClientByClientId(authorizationRequest.getClientId());
        if (client.isAutoApprove("") || hasRememberedApprovalForClient(authorizationRequest, client)) {
            authorizationRequest.setApproved(true);
            HashMap<String, String> newApprovalParameters = new HashMap<>(authorizationRequest.getApprovalParameters());
            newApprovalParameters.put(IS_PRE_APPROVED_PARAMETER, "true");
            authorizationRequest.setApprovalParameters(Collections.unmodifiableMap(newApprovalParameters));
        }
        return authorizationRequest;
    }

    @Override
    public boolean isApproved(
            AuthorizationRequest authorizationRequest, Authentication userAuthentication
    ) {
        boolean approved = super.isApproved(authorizationRequest, userAuthentication);

        if (!approved) {
            return false;
        }

        if ("true".equals(authorizationRequest.getApprovalParameters().get(IS_PRE_APPROVED_PARAMETER))) {
            return true;
        }

        @SuppressWarnings("unchecked")
        Map<String, Long> approvals = (Map<String, Long>) httpSession.getAttribute(APPROVALS_SESSION_KEY);
        if (approvals == null) {
            approvals = new ConcurrentHashMap<>();
            httpSession.setAttribute(APPROVALS_SESSION_KEY, approvals);
        }

        if (!approvals.containsKey(authorizationRequest.getClientId())) {
            approvals.put(authorizationRequest.getClientId(), System.currentTimeMillis());
        }

        return true;
    }

    private boolean hasRememberedApprovalForClient(AuthorizationRequest authorizationRequest, ClientDetails client) {
        @SuppressWarnings("unchecked")
        Map<String, Long> approvals = (Map<String, Long>) httpSession.getAttribute(APPROVALS_SESSION_KEY);

        if (approvals == null) {
            return false;
        }

        final Long approvalTime = approvals.get(authorizationRequest.getClientId());

        if (approvalTime == null) {
            return false;
        }

        final long validityInSeconds = (Long) client.getAdditionalInformation().get("validityInSeconds");

        if (System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(validityInSeconds) > approvalTime) {
            approvals.remove(authorizationRequest.getClientId());
            return false;
        }

        return true;
    }
}