module OpenStax
  module Accounts
    class SessionsController < OpenStax::Accounts::ApplicationController
      def new
        if configuration.is_return_to_url_approved?(params[:return_to])
          store_url url: params[:return_to], key: :accounts_return_to, strategies: [:session]
        end
        store_fallback key: :accounts_return_to, strategies: [:session]

        if configuration.enable_stubbing?
          redirect_to dev_accounts_path
        else
          forwardable_params = params.permit(*configuration.forwardable_login_params).to_h
          redirect_to openstax_login_path(forwardable_params)
        end
      end

      def callback
        handle_with(
          SessionsCallback,
          success: -> do
            sign_in(@handler_result.outputs[:account])
            redirect_back key: :accounts_return_to, strategies: [:session]
          end,
          failure: -> { failure }
        )
      end

      def destroy
        # if a handler is configured, let it handle everything
        if configuration.logout_handler
          configuration.logout_handler.call(self)
        else
          # Unless we are stubbing, we redirect to a configurable URL, which is normally
          # (or at least eventually) the Accounts logout URL so that users can't sign back
          # in automagically.
          sign_out!
          redirect_to configuration.enable_stubbing? ?
                        main_app.root_url :
                        configuration.logout_redirect_url(request)
        end
      end

      def failure
        redirect_back key: :accounts_return_to, alert: 'Authentication failed, please try again.'
      end

      def profile
        # TODO: stub profile if stubbing is enabled
        redirect_to URI.join(configuration.openstax_accounts_url, 'profile').to_s
      end
    end
  end
end