#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

"""
Google OAuth plugin:
Requires ponymail.yaml to have an oauth section like so:

oauth:
  google_client_id:    your-client-id-here

"""
import google.auth.transport.urllib3 # type: ignore
import google.oauth2.id_token # type: ignore
import plugins.server
import plugins.session
import typing
import urllib3


async def process(formdata: dict, _session, server: plugins.server.BaseServer) -> typing.Optional[dict]:
    js: typing.Optional[dict] = None
    request = google.auth.transport.urllib3.Request(urllib3.PoolManager())
    # This is a synchronous process, so we offload it to an async runner in order to let the main loop continue.
    id_info = await server.runners.run(
        google.oauth2.id_token.verify_oauth2_token,
        formdata.get("id_token"),
        request,
        server.config.oauth.google_client_id,
    )

    if id_info and "email" in id_info:
        js = {
            "email": id_info["email"],
            "name": id_info["email"],
            "oauth_domain": "www.googleapis.com",
        }
    return js