# frozen_string_literal: true

module NulogySSO

  # A mix-in that is intended to enhance a controller with NulogySSO authentication code.
  # It is recommended to `include NulogySSO::ControllerHelper` in your ApplicationController.
  module ControllerHelper
    extend ActiveSupport::Concern

    included do
      # Makes the commonly used @current_user variable available to controllers and views.
      # This emulates a code pattern popular in Rails apps using Devise.
      attr_reader :current_user
      helper_method :current_user
    end

    def authenticate_sso_user
      raw_token = cookies[NulogySSO.auth_cookie_key]
      return redirect_to nulogy_sso.login_path if raw_token.blank?

      @current_user = Authenticator.new.authenticated_user(raw_token)
      return redirect_to nulogy_sso.login_path if @current_user.blank?
      return render status: :forbidden, template: "sso_error" unless valid_user?(@current_user)
    end

    private

    def valid_user?(user)
      NulogySSO.validate_user.call(user)
    end
  end
end