using System;
using System.Collections.Generic;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Authentication.OAuth;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Http.Authentication;
using Microsoft.AspNet.Http.Features.Authentication;
using Microsoft.AspNet.WebUtilities;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json.Linq;

namespace Yavsc.Auth
{
    internal class YavscOAuthHandler : OAuthHandler<YavscOAuthOptions>
    {
        private ILogger _logger;
        HttpClient _backchannel;
        private SharedAuthenticationOptions _sharedOptions; 
        public YavscOAuthHandler(HttpClient httpClient, SharedAuthenticationOptions sharedOptions, ILogger logger)
            : base(httpClient)
        {
            _backchannel = httpClient;
            _logger = logger;
            _sharedOptions = sharedOptions;
        }
        // TODO: Abstract this properties override pattern into the base class?
        protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
        {
            var scope = FormatScope();
            var queryStrings = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
            queryStrings.Add("response_type", "code");
            queryStrings.Add("client_id", Options.ClientId);
            queryStrings.Add("redirect_uri", redirectUri);

            AddQueryString(queryStrings, properties, "scope", scope);

            AddQueryString(queryStrings, properties, "access_type", Options.AccessType );
            AddQueryString(queryStrings, properties, "approval_prompt");
            AddQueryString(queryStrings, properties, "login_hint");

            var state = Options.StateDataFormat.Protect(properties);
            queryStrings.Add("state", state);

            var authorizationEndpoint = QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, queryStrings);
            return authorizationEndpoint;
        }

        private static void AddQueryString(IDictionary<string, string> queryStrings, AuthenticationProperties properties,
            string name, string defaultValue = null)
        {
            string value;
            if (!properties.Items.TryGetValue(name, out value))
            {
                value = defaultValue;
            }
            else
            {
                // Remove the parameter from AuthenticationProperties so it won't be serialized to state parameter
                properties.Items.Remove(name);
            }
            queryStrings[name] = value;
        }
        protected new async Task<AuthenticationTicket> AuthenticateAsync(AuthenticateContext context)
		{
			AuthenticationProperties properties = null;

			try
			{
				// ASP.Net Identity requires the NameIdentitifer field to be set or it won't
				// accept the external login (AuthenticationManagerExtensions.GetExternalLoginInfo)

				string code = null;
				string state = null;

				IReadableStringCollection query = Request.Query;
				IList<string> values = query["code"];
				if (values != null && values.Count == 1)
				{
					code = values[0];
				}
				values = query["state"];
				if (values != null && values.Count == 1)
				{
					state = values[0];
				}

				properties = Options.StateDataFormat.Unprotect(state);
				if (properties == null)
				{
					return null;
				}

				// OAuth2 10.12 CSRF
				if (!ValidateCorrelationId(properties))
				{
					return new AuthenticationTicket(null, properties, this.Options.AuthenticationScheme);
				}

				string requestPrefix = Request.Scheme + "://" + Request.Host;
				string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;

				// Build up the body for the token request
				var body = new List<KeyValuePair<string, string>>();
				body.Add(new KeyValuePair<string, string>("grant_type", "authorization_code"));
				body.Add(new KeyValuePair<string, string>("code", code));
				body.Add(new KeyValuePair<string, string>("redirect_uri", redirectUri));
				body.Add(new KeyValuePair<string, string>("client_id", Options.ClientId));
				body.Add(new KeyValuePair<string, string>("client_secret", Options.ClientSecret));

				// Request the token
				HttpResponseMessage tokenResponse =
					await _backchannel.PostAsync(Options.TokenEndpoint, new FormUrlEncodedContent(body));
				tokenResponse.EnsureSuccessStatusCode();
				string text = await tokenResponse.Content.ReadAsStringAsync();

				// Deserializes the token response
				JObject response = JObject.Parse(text);
				string accessToken = response.Value<string>("access_token");

				if (string.IsNullOrWhiteSpace(accessToken))
				{
					_logger.LogWarning("Access token was not found");
					return new AuthenticationTicket(null, properties, this.Options.AuthenticationScheme);
				}

				// Get the  user
				HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
				request.Headers.Authorization = new AuthenticationHeaderValue(this.Options.AuthenticationScheme, accessToken);
				HttpResponseMessage graphResponse = await _backchannel.SendAsync(request);
				graphResponse.EnsureSuccessStatusCode();
				text = await graphResponse.Content.ReadAsStringAsync();
				JObject user = JObject.Parse(text);
				// Read user data

				var id = new ClaimsIdentity(
					_sharedOptions.SignInScheme,
					ClaimsIdentity.DefaultNameClaimType,
					ClaimsIdentity.DefaultRoleClaimType);
				context.Authenticated(new ClaimsPrincipal(id)
					, new Dictionary<string,string>(), new Dictionary<string,object>{
						{ "John" , (object) "Doe" }
					});
				return new AuthenticationTicket(context.Principal, properties, _sharedOptions.SignInScheme);
			}
			catch (Exception ex)
			{
				_logger.LogError("Authentication failed", ex);
				return new AuthenticationTicket(null, properties, this.Options.AuthenticationScheme);
			}

		}
    }
}