class Support::SessionsController < Support::ApplicationController
  skip_before_action :authenticate_request!
  skip_before_action :require_permissions!

  def create
    if current_user.present? && verify_login && current_user.active
      token = current_user.tokens.build
      token.create_token
      token.save

      response.headers.merge!(token.auth_headers)

      render_success :ok, json: user_props
    else
      error = current_user&.active ? 'Invalid Credentials' : 'Login Disabled'
      render_error :unauthorized, message: error
    end
  end

  def destroy
    token&.destroy
    render_success :ok
  end

  private
    def current_user
      @current_user ||= if params[:google_sso]
        Support::User.find_by(
          email: google_sign_on
        )
      else
        Support::User.find_by(username: params[:username]) ||
          Support::User.find_by(email: params[:username])
      end
    end

    def verify_login
      return true if params[:google_sso] && google_sign_on == current_user.email

      current_user.authenticate(params[:password]).present?
    end

    def user_props
      {
        id: current_user.id,
        first_name: current_user.first_name,
        last_name: current_user.last_name,
        permissions: curret_user_permissions.options
      }
    end

    def google_sign_on
      @google_sign_on ||= Google::SingleSignOnService.new.sign_in(
        params[:credential],
        params[:client_id]
      )['email']
    end
end