# frozen_string_literal: true

module Spree
  # Manage and process a payment for an order, from a specific
  # source (e.g. `Spree::CreditCard`) using a specific payment method (e.g
  # `Solidus::Gateway::Braintree`).
  #
  class Payment < Spree::Base
    include Spree::Payment::Processing

    alias_attribute :identifier, :number
    deprecate :identifier, :identifier=, deprecator: Spree::Deprecation

    IDENTIFIER_CHARS    = (('A'..'Z').to_a + ('0'..'9').to_a - %w(0 1 I O)).freeze
    NON_RISKY_AVS_CODES = ['B', 'D', 'H', 'J', 'M', 'Q', 'T', 'V', 'X', 'Y'].freeze
    RISKY_AVS_CODES     = ['A', 'C', 'E', 'F', 'G', 'I', 'K', 'L', 'N', 'O', 'P', 'R', 'S', 'U', 'W', 'Z'].freeze

    belongs_to :order, class_name: 'Spree::Order', touch: true, inverse_of: :payments, optional: true
    belongs_to :source, polymorphic: true, optional: true
    belongs_to :payment_method, -> { with_discarded }, class_name: 'Spree::PaymentMethod', inverse_of: :payments, optional: true

    has_many :offsets, -> { offset_payment }, class_name: "Spree::Payment", foreign_key: :source_id
    has_many :log_entries, as: :source
    has_many :state_changes, as: :stateful
    has_many :capture_events, class_name: 'Spree::PaymentCaptureEvent'
    has_many :refunds, inverse_of: :payment

    before_validation :validate_source, unless: :invalid?
    before_create :set_unique_identifier

    after_save :create_payment_profile, if: :profiles_supported?

    # update the order totals, etc.
    after_save :update_order

    after_create :create_eligible_credit_event

    # invalidate previously entered payments
    after_create :invalidate_old_payments

    attr_accessor :request_env

    validates :amount, numericality: true
    validates :source, presence: true, if: :source_required?
    validates :payment_method, presence: true

    default_scope -> { order(:created_at) }

    scope :from_credit_card, -> { where(source_type: 'Spree::CreditCard') }
    scope :with_state, ->(state) { where(state: state.to_s) }
    # "offset" is reserved by activerecord
    scope :offset_payment, -> { where("source_type = 'Spree::Payment' AND amount < 0 AND state = 'completed'") }

    scope :checkout, -> { with_state('checkout') }
    scope :completed, -> { with_state('completed') }
    scope :pending, -> { with_state('pending') }
    scope :processing, -> { with_state('processing') }
    scope :failed, -> { with_state('failed') }

    scope :risky, -> { where("avs_response IN (?) OR (cvv_response_code IS NOT NULL and cvv_response_code != 'M') OR state = 'failed'", RISKY_AVS_CODES) }
    scope :valid, -> { where.not(state: %w(failed invalid void)) }

    scope :store_credits, -> { where(source_type: Spree::StoreCredit.to_s) }
    scope :not_store_credits, -> { where(arel_table[:source_type].not_eq(Spree::StoreCredit.to_s).or(arel_table[:source_type].eq(nil))) }

    include ::Spree::Config.state_machines.payment

    # @return [String] this payment's response code
    def transaction_id
      response_code
    end

    # @return [String] this payment's currency
    delegate :currency, to: :order

    # @return [Spree::Money] this amount of this payment as money object
    def money
      Spree::Money.new(amount, { currency: currency })
    end
    alias display_amount money

    # Sets the amount, parsing it based on i18n settings if it is a string.
    #
    # @param amount [BigDecimal, String] the desired new amount
    def amount=(amount)
      self[:amount] =
        case amount
        when String
          separator = I18n.t('number.currency.format.separator')
          number    = amount.delete("^0-9-#{separator}\.").tr(separator, '.')
          number.to_d if number.present?
        end || amount
    end

    # The total amount of the offsets (for old-style refunds) for this payment.
    #
    # @return [BigDecimal] the total amount of this payment's offsets
    def offsets_total
      offsets.pluck(:amount).sum
    end

    # The total amount this payment can be credited.
    #
    # @return [BigDecimal] the amount of this payment minus the offsets
    #   (old-style refunds) and refunds
    def credit_allowed
      amount - (offsets_total.abs + refunds.sum(:amount))
    end

    # @return [Boolean] true when this payment can be credited
    def can_credit?
      credit_allowed > 0
    end

    # @return [Boolean] true when this payment has been fully refunded
    def fully_refunded?
      refunds.map(&:amount).sum == amount
    end

    # @return [Array<String>] the actions available on this payment
    def actions
      sa = source_actions
      sa |= ["failure"] if processing?
      sa
    end

    # @return [Object] the source of ths payment
    def payment_source
      res = source.is_a?(Payment) ? source.source : source
      res || payment_method
    end

    # @return [Boolean] true when this payment is risky based on address
    def is_avs_risky?
      return false if avs_response.blank? || NON_RISKY_AVS_CODES.include?(avs_response)
      true
    end

    # @return [Boolean] true when this payment is risky based on cvv
    def is_cvv_risky?
      return false if cvv_response_code == "M"
      return false if cvv_response_code.nil?
      return false if cvv_response_message.present?
      true
    end

    # @return [BigDecimal] the total amount captured on this payment
    def captured_amount
      capture_events.sum(:amount)
    end

    # @return [BigDecimal] the total amount left uncaptured on this payment
    def uncaptured_amount
      amount - captured_amount
    end

    # @return [Boolean] true when the payment method exists and is a store credit payment method
    def store_credit?
      payment_method.try!(:store_credit?)
    end

    private

    def source_actions
      return [] unless payment_source && payment_source.respond_to?(:actions)
      payment_source.actions.select { |action| !payment_source.respond_to?("can_#{action}?") || payment_source.send("can_#{action}?", self) }
    end

    def validate_source
      if source && !source.valid?
        source.errors.each do |field, error|
          field_name = I18n.t("activerecord.attributes.#{source.class.to_s.underscore}.#{field}")
          errors.add(I18n.t(source.class.to_s.demodulize.underscore, scope: 'spree'), "#{field_name} #{error}")
        end
      end
      if errors.any?
        throw :abort
      end
    end

    def source_required?
      !!payment_method&.source_required?
    end

    def profiles_supported?
      !!payment_method.try(:payment_profiles_supported?)
    end

    def create_payment_profile
      # Don't attempt to create on bad payments.
      return if %w(invalid failed).include?(state)
      # Payment profile cannot be created without source
      return unless source
      # Imported payments shouldn't create a payment profile.
      return if source.imported

      payment_method.create_profile(self)
    rescue ActiveMerchant::ConnectionError => error
      gateway_error error
    end

    def invalidate_old_payments
      if !store_credit? && !['invalid', 'failed'].include?(state)
        order.payments.select { |payment|
          payment.state == 'checkout' && !payment.store_credit? && payment.id != id
        }.each(&:invalidate!)
      end
    end

    def update_order
      if order.completed? || completed? || void?
        order.recalculate
      end
    end

    # Necessary because some payment gateways will refuse payments with
    # duplicate IDs. We *were* using the Order number, but that's set once and
    # is unchanging. What we need is a unique identifier on a per-payment basis,
    # and this is it. Related to https://github.com/spree/spree/issues/1998.
    # See https://github.com/spree/spree/issues/1998#issuecomment-12869105
    def set_unique_identifier
      loop do
        self.number = generate_identifier
        break unless self.class.exists?(number: number)
      end
    end

    def generate_identifier
      Array.new(8){ IDENTIFIER_CHARS.sample }.join
    end

    def create_eligible_credit_event
      # When cancelling an order, a payment with the negative amount
      # of the payment total is created to refund the customer. That
      # payment has a source of itself (Spree::Payment) no matter the
      # type of payment getting refunded, hence the additional check
      # if the source is a store credit.
      if store_credit? && source.is_a?(Spree::StoreCredit)
        source.update!({
          action: Spree::StoreCredit::ELIGIBLE_ACTION,
          action_amount: amount,
          action_authorization_code: response_code
        })
      end
    end
  end
end