# frozen_string_literal: true

class Auth::SessionsController < Auth::BaseController
  skip_before_action :verify_authenticity_token

  prepend_before_action :require_no_authentication, only: [:new, :create]
  prepend_before_action :allow_params_authentication!, only: :create
  prepend_before_action { request.env['devise.skip_timeout'] = true }

  respond_to :json, only: [:create, :destroy]

  # # GET /auths/new
  # def new
  #   self.resource = resource_class.new(sign_in_params)
  #   clean_up_passwords(resource)
  #   respond_with(resource, serialize_options(resource))
  # end

  # POST /auths
  def create
    self.resource = warden.authenticate!(auth_options)
    _signed = sign_in(resource_name, resource)
    respond_with resource, template: 'account/sessions/show', location: after_sign_in_path_for(resource)
  end

  # DELETE /auths
  def destroy
    redirect_path = after_sign_out_path_for(resource_name)
    signed_out = sign_out(resource_name)
    set_flash_message :notice, :signed_out if signed_out && is_navigational_format?

    # We actually need to hardcode this as Rails default responder doesn't
    # support returning empty response on GET request
    respond_to do |format|
      format.any(*navigational_formats) { redirect_to redirect_path }
      format.all { head :no_content }
    end
  end

  # GET /migrations/:token
  def migrations
    self.resource = warden.authenticate!(:migration_token, auth_options)
    _signed = sign_in(resource_name, resource)
    redirect_to after_sign_in_path_for(resource)
  end

  protected

  def migrations_params
    params.permit(:token, :email)
  end

  def sign_in_params
    devise_parameter_sanitizer.sanitize(:sign_in)
  end

  def serialize_options(resource)
    methods = resource_class.authentication_keys.dup
    methods = methods.keys if methods.is_a?(Hash)
    methods << :password if resource.respond_to?(:password)
    { methods: methods, only: [:password] }
  end

  def auth_options
    { scope: resource_name, recall: "#{controller_path}#new" }
  end
end