<?php

/*
* @copyright Copyright (C) 2005-2009 Keyboard Monkeys Ltd. http://www.kb-m.com
* @license http://creativecommons.org/licenses/BSD/ BSD License
* @author Keyboard Monkey Ltd
* @since  CommunityID 0.9
* @package CommunityID
* @packager Keyboard Monkeys
*/

class OpenidController extends Monkeys_Controller_Action
{
    public function providerAction()
    {
        if (isset($_POST['action']) && $_POST['action'] == 'proceed') {
            return $this->_proceed();
        } else {
            Zend_OpenId::$exitOnRedirect = false;

            $this->_helper->layout->disableLayout();
            $this->_helper->viewRenderer->setNeverRender(true);

            $server = $this->_getOpenIdProvider();
            $response = new Zend_Controller_Response_Http();
            $ret = $server->handle(null, new Zend_OpenId_Extension_Sreg(), $response);
            Zend_Registry::get('logger')->log("RET: ".print_r($ret, true), Zend_Log::DEBUG);
            Zend_Registry::get('logger')->log("RESPONSE: ".print_r($response->getHeaders(), true), Zend_Log::DEBUG);
            if (is_string($ret)) {
                echo $ret;
            } else if ($ret !== true) {
                header('HTTP/1.0 403 Forbidden');
                Zend_Registry::get('logger')->log("OpenIdController::providerAction: FORBIDDEN", Zend_Log::DEBUG);
                echo 'Forbidden';
            } elseif ($ret === true
                      // Zend_OpenId is messy and can change the type of the response I initially sent >:|
                      && is_a($response, 'Zend_Controller_Response_Http'))

            {
                $headers = $response->getHeaders();
                if (isset($headers[0]['name']) && $headers[0]['name'] == 'Location'
                    // redirection to the Trust page is not logged
                    && strpos($headers[0]['value'], '/openid/trust') === false
                    && strpos($headers[0]['value'], '/openid/login') === false)
                {
                    if (strpos($headers[0]['value'], 'openid.mode=cancel') !== false) {
                        $this->_saveHistory($server, History::DENIED);
                    } else {
                        $this->_saveHistory($server, History::AUTHORIZED);
                    }
                }
            }
        }
    }

    public function loginAction()
    {
        $appSession = Zend_Registry::get('appSession');
        if (isset($appSession->openidLoginForm)) {
            $this->view->form = $appSession->openidLoginForm;
            unset($appSession->openidLoginForm);
        } else {
            $this->view->form = new OpenidLoginForm();
        }
        $this->view->form->openIdIdentity->setValue(htmlspecialchars($_GET['openid_identity']));

        $this->view->queryString = $_SERVER['QUERY_STRING'];
    }

    public function authenticateAction()
    {
        $form = new OpenidLoginForm();
        $formData = $this->_request->getPost();
        $form->populate($formData);

        if (!$form->isValid($formData)) {
            $appSession = Zend_Registry::get('appSession');
            $appSession->openidLoginForm = $form;
            return $this->_forward('login', null, null);
        }

        $server = $this->_getOpenIdProvider();
        $server->login($form->getValue('openIdIdentity'), $form->getValue('password'));

        // needed for unit tests
        $this->_helper->layout->disableLayout();
        $this->_helper->viewRenderer->setNeverRender(true);

        Zend_OpenId::redirect($this->view->base . '/openid/provider', $_GET);
    }

    public function trustAction()
    {
        $server = $this->_getOpenIdProvider();
        $this->view->siteRoot = $server->getSiteRoot($_GET);
        $this->view->identityUrl = $server->getLoggedInUser($_GET);
        $this->view->queryString = $_SERVER['QUERY_STRING'];

        $sreg = new Zend_OpenId_Extension_Sreg();
        $sreg->parseRequest($_GET);

        $this->view->fields = array();
        $this->view->policyUrl = false;

        $props = $sreg->getProperties();
        if (is_array($props) && count($props) > 0) {
            $personalInfoForm = new PersonalInfoForm(null, $this->user, $props);
            $this->view->fields = $personalInfoForm->getElements();

            $policy = $sreg->getPolicyUrl();
            if (!empty($policy)) {
                $this->view->policyUrl = $policy;
            }
        }
    }

    private function _proceed()
    {
        // needed for unit tests
        $this->_helper->layout->disableLayout();
        $this->_helper->viewRenderer->setNeverRender(true);

        $server = $this->_getOpenIdProvider();

        $sreg = new Zend_OpenId_Extension_Sreg();
        $sreg->parseRequest($_GET);
        $props = $sreg->getProperties();

        $personalInfoForm = new PersonalInfoForm(null, $this->user, $props);
        $formData = $this->_request->getPost();
        $personalInfoForm->populate($formData);

        // not planning on validating stuff here yet, but I call this
        // for the date element to be filled properly
        $personalInfoForm->isValid($formData);

        $sreg->parseResponse($personalInfoForm->getValues());
        if (isset($_POST['allow'])) {
            if (isset($_POST['forever'])) {
                $server->allowSite($server->getSiteRoot($_GET), $sreg);
            }
            unset($_GET['openid_action']);

            $this->_saveHistory($server, History::AUTHORIZED);

            $server->respondToConsumer($_GET, $sreg);
        } else if (isset($_POST['deny'])) {
            if (isset($_POST['forever'])) {
                $server->denySite($server->getSiteRoot($_GET));
            }

            $this->_saveHistory($server, History::DENIED);

            Zend_OpenId::redirect($_GET['openid_return_to'], array('openid.mode'=>'cancel'));
        }
    }
    private function _saveHistory(Zend_OpenId_Provider $server, $result)
    {
        $histories = new Histories();
        $history = $histories->createRow();
        $history->user_id = $this->user->id;
        $history->date = date('Y-m-d H:i:s');
        $history->site = $server->getSiteRoot($_GET);
        $history->ip = $_SERVER['REMOTE_ADDR'];
        $history->result = $result;
        $history->save();
    }

    private function _getOpenIdProvider()
    {
        $server = new Zend_OpenId_Provider($this->view->base . '/openid/login',
                                           $this->view->base . '/openid/trust',
                                           new OpenIdUser(),
                                           new Monkeys_OpenId_Provider_Storage_Database());

        return $server;
    }
}