require 'security'
require 'highline/import' # to hide the entered password

module CredentialsManager
  class AccountManager
    def initialize(user: nil, password: nil)
      @user = user
      @password = password
    end

    def user
      @user ||= ENV["FASTLANE_USER"]
      @user ||= ENV["DELIVER_USER"]
      @user ||= AppfileConfig.try_fetch_value(:apple_id)
      ask_for_login if @user.to_s.length == 0
      return @user
    end

    def password(ask_if_missing: true)
      @password ||= ENV["FASTLANE_PASSWORD"]
      @password ||= ENV["DELIVER_PASSWORD"]
      unless @password
        item = Security::InternetPassword.find(server: server_name)
        @password ||= item.password if item
      end
      ask_for_login while ask_if_missing && @password.to_s.length == 0
      return @password
    end

    # Call this method to ask the user to re-enter the credentials
    # @param force: if false the user is asked before it gets deleted
    # @return: Did the user decide to remove the old entry and enter a new password?
    def invalid_credentials(force: false)
      puts "The login credentials for '#{user}' seem to be wrong".red
      if force || agree("Do you want to re-enter your password? (y/n)", true)
        puts "Removing Keychain entry for user '#{user}'...".yellow
        remove_from_keychain
        ask_for_login
        return true
      end
      false
    end

    private

    def ask_for_login
      puts "-------------------------------------------------------------------------------------".green
      puts "The login information you enter will be stored in your Mac OS Keychain".green
      puts "You can also pass the password using the `FASTLANE_PASSWORD` env variable".green
      puts "More information about it on GitHub: https://github.com/fastlane/credentials_manager".green
      puts "-------------------------------------------------------------------------------------".green

      if @user.to_s.length == 0
        @user = ask("Username: ") while @user.to_s.length == 0
        # we return here, as only the username was asked for now, we'll get called for the pw again anyway
        return
      end

      while @password.to_s.length == 0
        @password = ask("Password (for #{@user}): ") { |q| q.echo = "*" }
      end

      return true if ENV["FASTLANE_DONT_STORE_PASSWORD"]
      return true if (/darwin/ =~ RUBY_PLATFORM).nil? # mac?, since we don't have access to the helper here

      # Now we store this information in the keychain
      if Security::InternetPassword.add(server_name, user, password)
        return true
      else
        puts "Could not store password in keychain".red
        return false
      end
    end

    def remove_from_keychain
      Security::InternetPassword.delete(server: server_name)
      @password = nil
    end

    def server_name
      "deliver.#{user}"
    end
  end
end