<?php

namespace Zotlabs\Identity;


class OAuth2Storage extends \OAuth2\Storage\Pdo {

    /**
     * @param string $username
     * @param string $password
     * @return bool
     */
    public function checkUserCredentials($username, $password)
    {
        if ($user = $this->getUser($username)) {
            return $this->checkPassword($user, $password);
        }

        return false;
    }

    /**
     * @param string $username
     * @return array|bool
     */
    public function getUserDetails($username)
    {
        return $this->getUser($username);
    }


    /**
     *
     * @param array $user
     * @param string $password
     * @return bool
     */
    protected function checkPassword($user, $password)
    {

		$x = account_verify_password($user,$password);
		return((array_key_exists('channel',$x) && ! empty($x['channel'])) ? true : false);

    }

    /**
     * @param string $username
     * @return array|bool
     */
    public function getUser($username)
    {

		$x = channelx_by_n($username);
		if(! $x) {
			return false;
		}

		$a = q("select * from account where account_id = %d",
			intval($x['channel_account_id'])
		);

		$n = explode(' ', $x['channel_name']);

		return( [
			'webfinger'   => channel_reddress($x),
			'portable_id' => $x['channel_hash'],
			'email'       => $a[0]['account_email'],
			'username'    => $x['channel_address'],
			'user_id'     => $x['channel_id'],
			'name'        => $x['channel_name'],
			'firstName'   => ((count($n) > 1) ? $n[1] : $n[0]),
			'lastName'    => ((count($n) > 2) ? $n[count($n) - 1] : ''),
			'picture'     => $x['xchan_photo_l']
		] );
    }

    public function scopeExists($scope) {
      // Report that the scope is valid even if it's not.
      // We will only return a very small subset no matter what.
      // @TODO: Truly validate the scope
      //    see vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/ScopeInterface.php and
      //        vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php
      //    for more info.
      return true;
    }

    public function getDefaultScope($client_id=null) {
      // Do not REQUIRE a scope
      //    see vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/ScopeInterface.php and
      //    for more info.
      return null;
    }

    public function getUserClaims ($user_id, $claims) {
      // Populate the CLAIMS requested (if any).
      // @TODO: create a more reasonable/comprehensive list.
      // @TODO: present claims on the AUTHORIZATION screen

        $userClaims = Array();
        $claims = explode (' ', trim($claims));
        $validclaims = Array ("name","preferred_username","webfinger","portable_id","email","picture","firstName","lastName");
        $claimsmap = Array (
                            "webfinger" => 'webfinger',
                            "portable_id" => 'portable_id',
                            "name" => 'name',
							"email" => 'email',
                            "preferred_username" => 'username',
							"picture" => 'picture',
							"given_name" => 'firstName',
							"family_name" => 'lastName'
                           );
        $userinfo = $this->getUser($user_id);
        foreach ($validclaims as $validclaim) {
            if (in_array($validclaim,$claims)) {
              $claimkey = $claimsmap[$validclaim];
              $userClaims[$validclaim] = $userinfo[$claimkey];
            } else {
              $userClaims[$validclaim] = $validclaim;
            }
        }
        $userClaims["sub"]=$user_id;
        return $userClaims; 
    }

    /**
     * plaintext passwords are bad!  Override this for your application
     *
     * @param string $username
     * @param string $password
     * @param string $firstName
     * @param string $lastName
     * @return bool
     */
    public function setUser($username, $password, $firstName = null, $lastName = null)
    {
        return true;
    }

}