package com.objecteye.config;

import org.springframework.security.authentication.*;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;

public class AuthenticationProviderConfig implements AuthenticationProvider {

    private UserDetailsService userDetailsService;

    private PasswordEncoder passwordEncoder;

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }

    /**
     * 用户默认检查,用户是否锁定过期等
     */
    private void defaultCheck(UserDetails user) {
        if (!user.isAccountNonLocked()) {
            throw new LockedException("User account is locked");
        }

        if (!user.isEnabled()) {
            throw new DisabledException("User is disabled");
        }

        if (!user.isAccountNonExpired()) {
            throw new AccountExpiredException("User account has expired");
        }
    }

    /**
     * (附加检查项)检查密码是否正确
     */
    private void additionalAuthenticationChecks(UserDetails userDetails,
                                                AuthenticationToken authenticationToken) throws AuthenticationException {
        if (authenticationToken.getCredentials() == null) {
            throw new BadCredentialsException("username or password is wrong!");
        }
        String presentedPassword = authenticationToken.getCredentials().toString();
        if (!passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
            throw new BadCredentialsException("username or password is wrong!");
        }
    }

    /**
     * 创建一个认证成功的Authentication对象,传入的是一个还没有认证的Authentication对象
     *
     * @param authentication 未认证的
     * @return
     * @throws AuthenticationException
     * @see AuthenticationToken#AuthenticationToken(Object, Object)
     */
    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String userName = authentication.getName();
        UserDetails userDetails = userDetailsService.loadUserByUsername(userName);
        AuthenticationToken checkToken = (AuthenticationToken) authentication;
        defaultCheck(userDetails);
        additionalAuthenticationChecks(userDetails, checkToken);
        AuthenticationToken authenticationToken = new AuthenticationToken(userDetails, checkToken.getCredentials(), userDetails.getAuthorities());
        authenticationToken.setDetails(checkToken.getDetails());
        return authenticationToken;
    }

    /**
     * 判断token是否是该类型
     *
     * @param aClass
     * @return
     */
    @Override
    public boolean supports(Class<?> aClass) {
        return AuthenticationToken.class.isAssignableFrom(aClass);
    }
}