package org.openslx.imagemaster.session;

import org.apache.log4j.Logger;
import org.openslx.imagemaster.db.DbSatellite;
import org.openslx.imagemaster.db.DbUser;
import org.openslx.imagemaster.db.LdapUser;
import org.openslx.imagemaster.thrift.iface.AuthenticationError;
import org.openslx.imagemaster.thrift.iface.AuthenticationException;

public class Authenticator
{
	private static Logger log = Logger.getLogger( Authenticator.class );

	/**
	 * Authenticate the user against whatever backend
	 * 
	 * @param username
	 * @param password
	 * @return
	 * @throws AuthenticationException
	 */
	public static User authenticate( String username, String password ) throws AuthenticationException
	{
		//		DbUser user = DbUser.forLogin( username );
		//		if ( user == null || !Sha512Crypt.verifyPassword( password, user.password ) ) {
		//			log.debug( "Login failed: " + username );
		//			throw new AuthenticationException( AuthenticationError.INVALID_CREDENTIALS, "Invalid username or password!" );
		//		}
		//		log.debug( "Login successful: " + username );
		
		String login = username;
		if (username.split( "@" ).length == 2) {
			// we are in userid@organization format
			// --> get prefix
			DbSatellite satellite = DbSatellite.fromOrganization( username.split( "@" )[1] );
			if (satellite == null)
				throw new AuthenticationException( AuthenticationError.INVALID_CREDENTIALS, "Unkown Organization" );
			login = satellite.getPrefix() + "_" + username.split( "@" )[0];
		}

		log.info( "Loggin in with: " + login );
		
		LdapUser user = LdapUser.forLogin( login, password ); // throws exception if credentials are invalid
		if ( user == null ) {
			log.debug( "Login failed: " + username );
			throw new AuthenticationException( AuthenticationError.GENERIC_ERROR, "Could not login because of a weird error." );
		}
		log.debug( "Login succesful: " + username );

		// if successfull: update/insert into db
		DbUser.insertOrUpdate( user );

		return user;
	}
	//
}