<?php

namespace App\Http\Controllers\Auth;

use App\Models\User\User;
use Illuminate\Support\Str;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use App\Http\Requests\PasswordChangeRequest;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Foundation\Auth\RedirectsUsers;
use Illuminate\Contracts\Auth\CanResetPassword;

class PasswordChangeController extends Controller
{
    use RedirectsUsers;

    protected $redirectTo = '/settings/security';

    /**
     * Get useful parameters from request.
     *
     * @param \App\Http\Requests\PasswordChangeRequest $request
     * @return array
     */
    protected function credentials(PasswordChangeRequest $request)
    {
        return $request->only(
            'password_current', 'password', 'password_confirmation'
        );
    }

    /**
     * Change user password.
     *
     * @param \App\Http\Requests\PasswordChangeRequest $request
     */
    public function passwordChange(PasswordChangeRequest $request)
    {
        $credentials = $this->credentials($request);

        $response = $this->validateAndPasswordChange($credentials);

        return $response == 'passwords.changed'
            ? $this->sendChangedResponse($response)
            : $this->sendChangedFailedResponse($response);
    }

    /**
     * Validate a password change request and update password of the user.
     *
     * @param array $credentials
     *
     * @return string|Authenticatable
     */
    protected function validateAndPasswordChange($credentials)
    {
        $user = $this->validateChange($credentials);
        if (! $user instanceof CanResetPassword) {
            return $user;
        }

        if ($user instanceof User) {
            $this->setNewPassword($user, $credentials['password']);
        }

        return 'passwords.changed';
    }

    /**
     * Validate a password change request with the given credentials.
     *
     * @param array $credentials
     *
     * @return string|Authenticatable
     *
     * @throws \UnexpectedValueException
     */
    protected function validateChange(array $credentials)
    {
        if (is_null($user = $this->getUser($credentials))) {
            return 'passwords.invalid';
        }

        return $user;
    }

    /**
     * Get the user with the given credentials.
     *
     * @param array $credentials
     *
     * @return null|Authenticatable
     */
    protected function getUser(array $credentials): ?Authenticatable
    {
        /** @var User */
        $user = Auth::user();

        // Using current email from user, and current password sent with the request to authenticate the user
        if (! Auth::attempt([
            'email' => $user->getEmailForPasswordReset(),
            'password' => $credentials['password_current'],
        ])) {
            // authentication fails
            return null;
        }

        return $user;
    }

    /**
     * Set the new password if all validation has passed.
     *
     * @param User $user
     * @param string $password
     * @return void
     */
    protected function setNewPassword($user, $password)
    {
        $user->password = Hash::make($password);

        $user->setRememberToken(Str::random(60));

        $user->save();

        Auth::guard()->login($user);
    }

    /**
     * Get the response for a successful password change.
     *
     * @param string $response
     * @return \Illuminate\Http\RedirectResponse
     */
    protected function sendChangedResponse($response)
    {
        return redirect($this->redirectPath())
                    ->with('status', trans($response));
    }

    /**
     * Get the response for a failed password change.
     *
     * @param string $response
     * @return \Illuminate\Http\RedirectResponse
     */
    protected function sendChangedFailedResponse($response)
    {
        return redirect($this->redirectPath())
                    ->withErrors(['password' => trans($response)]);
    }
}