class SessionsController < ApplicationController
  skip_before_action :authenticate_request!
  skip_before_action :enforce_password_reset!
  skip_before_action :enforce_terms_of_service_agreement!

  before_action :set_login, only: :create, unless: -> { params[:support_token].present? }

  def create
    if params[:support_token].present?
      decoded_token = JWT.decode(params[:support_token], nil, false).first
      return render_error :unauthorized unless Token.find_by(
        user_id: decoded_token['uid'],
        client: decoded_token['client'],
        support_user_id: decoded_token['support-uid']
      )

      response.headers.merge!(decoded_token)
      current_user(decoded_token['uid'])

      render_success :ok, json: user_props
    elsif @login.present? && verify_login_enabled && current_user.is_active? &&
        current_school.active?
      user_token = current_user.tokens.build
      user_token.create_token
      user_token.save

      response.headers.merge!(user_token.auth_headers)

      render_success :ok, json: user_props
    else
      error = if !@login
        'You have entered an incorrect Username or Password.'
      elsif disabled_family_login
        'Login Disabled'
      elsif !current_school.active?
        'This site is inactive.'
      elsif !current_user.is_active?
        'This account is inactive, contact your school.'
      end

      render_error :unauthorized, message: error
    end
  end

  def destroy
    user_token&.destroy
    render status: :ok
  end

  private
    def set_login
      @login = LoginService.call(params)
    end

    def disabled_family_login
      current_user && current_school.disabled_family_login
    end

    def verify_login_enabled
      current_user(@login).role == :employee || !disabled_family_login
    end

    def user_props
      {
        id: current_user.id,
        role: current_user.role,
        associated_id: current_user.user_model_association.id,
        permissions: current_user.permission_users.pluck(:name),
        admin_permissions: AdminPermission.find_or_initialize_by(user: current_user),
        level: current_user.level,
        superuser: current_user.superuser?,
        first_name: current_user.first_name,
        last_name: current_user.last_name,
        avatar: current_user.path_to_photo.to_s,
        email: current_user.email,
        password_changed: current_user&.password_changed&.strftime('%b %d %Y')
      }
    end
end