/*
 * Copyright (c) 2009 Hypertriton, Inc. <http://hypertriton.com/>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 * USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <libpercgi/cgi.h>

#include "pathnames.h"
#include "session.h"
#include "nls.h"

TBL *userDB = NULL;			/* User database */

static void
ReloadUserDB(void)
{
	if (userDB != NULL) {
		TBL_Destroy(userDB);
	}
	if ((userDB = TBL_Load(_PATH_USERDB, 2)) == NULL) {
		CGI_Log(LOG_EMERG, "%s: %s", _PATH_USERDB, CGI_GetError());
		exit(0);
	}
}

static void
Init(void *pSess)
{
	Session *sess = pSess;

	ReloadUserDB();
}

static int
Auth(void *pSess, CGI_Query *q, const char *user, const char *pw)
{
	Session *sess = pSess;
	const char *pwInDb;

	/* Fetch the database password. */
	if (userDB == NULL ||
	    (pwInDb = TBL_LookupField(userDB, user, 0)) == NULL) {
		ReloadUserDB(); /* XXX dirty hack */
		if ((pwInDb = TBL_LookupField(userDB, user, 0)) == NULL) {
			CGI_Log(LOG_ERR, "Auth failed (%s): No such user", user);
			goto authfail;
		}
	}
	if (strcmp(pw, pwInDb) != 0) {
		CGI_Log(LOG_ERR, "Auth failed (%s): Password mismatch", user);
		goto authfail;
	}
	CGI_Log(LOG_DEBUG, "[%s] Authenticated user: %s", SESSID(sess), user);
	return (0);
authfail:
	CGI_SetError(_("Invalid username/password: %s"), user);
	return (-1);
}

static int
ReAuth(void *pSess, CGI_Query *q, const char *user, const char *pw)
{
	Session *sess = pSess;
	const char *pwInDb;

	if (userDB == NULL) {
		ReloadUserDB();
	}
	if ((pwInDb = TBL_LookupField(userDB, user, 0)) == NULL) {
		CGI_SetError("Account %s is no longer in database", user);
		return (-1);
	}
	if (strcmp(crypt(pw,"$2"), pwInDb) != 0) {
		CGI_Log(LOG_ERR, "Reauth failed (%s): Password mismatch", user);
		CGI_SetError(_("Invalid username/password: %s"), user);
		return (-1);
	}
	CGI_Log(LOG_DEBUG, "[%s] Re-authenticated user: %s", SESSID(sess), user);
	return (0);
}


/* Display the login dialog. */
static void
LoginPage(CGI_Query *q)
{
	const char *user = CGI_Get(q, "username", USERNAME_MAX);
	const char *pass = CGI_Get(q, "password", PASSWORD_MAX);
	const char *loghome = CGI_Get(q, "login_home", OPNAME_MAX);

	CGI_Begin(q, "text/html");

	if (user != NULL) { SetS("login_username", user); }
	if (pass != NULL) { SetS("login_password", pass); }
	if (loghome != NULL) { SetS("login_home", loghome); }

	HTML_Output(q, "login");
}

/* Display the logout dialog. */
static void
Logout(CGI_Query *q)
{
	CGI_Begin(q, "text/html");
	CGI_CloseSession(q->sess);
	HTML_Output(q, "logout");
}

/* Assist a user in recovering a password. */
static void
LostPwPage(CGI_Query *q)
{
#if 0
	const char *user;
	if ((user = CGI_Get(q, "username", USERNAME_MAX)) == NULL ||
	    user[0] == '\0') {
		HTML_Output(q, "auth_assist");
		return;
	}
	Set("msg", _("Your password has been sent to your registered "
	                 "e-mail address. Do not forget to change it as soon "
			 "as possible."));
	HTML_Output(q, "success");
#endif
	CGI_Begin(q, "text/html");
	HTML_Output(q, "auth_assist");
}

CGI_SessionOps sessionOps = {
	"weblog.fcgi session manager",
	sizeof(Session),
	Init,
	NULL,		/* destroy */
	NULL,		/* load */
	NULL,		/* save */
	Auth,
	ReAuth,
	NULL,		/* sessOpen */
	NULL,		/* sessClose */
	NULL,		/* sessExpired */
	LoginPage,
	Logout,
	LostPwPage
};