class LdapConfigController < ApplicationController
  layout 'admin'
  before_action :require_admin
  before_action :find_ldap, only: [:edit, :update, :destroy]

  def index
    @ldap_sources = AuthSourceLdap.all
    @ldap = AuthSourceLdap.new
    @presets = ldap_presets
  end

  def edit
    @presets = ldap_presets
  end

  def create
    @ldap = AuthSourceLdap.new(ldap_params)
    if @ldap.save
      flash[:notice] = l(:notice_successful_create)
      redirect_to ldap_config_path
    else
      @ldap_sources = AuthSourceLdap.all
      @presets = ldap_presets
      render :index
    end
  end

  def update
    if @ldap.update(ldap_params)
      flash[:notice] = l(:notice_successful_update)
    else
      flash[:error] = @ldap.errors.full_messages.join(', ')
    end
    redirect_to ldap_config_path
  end

  def destroy
    @ldap.destroy
    flash[:notice] = l(:notice_successful_delete)
    redirect_to ldap_config_path
  end

  def test_connection
    @ldap = AuthSourceLdap.new(ldap_params)
    begin
      @ldap.test_connection
      render json: { success: true, message: 'Connection successful!' }
    rescue => e
      render json: { success: false, message: e.message }
    end
  end

  private

  def find_ldap
    @ldap = AuthSourceLdap.find(params[:id])
  rescue ActiveRecord::RecordNotFound
    render_404
  end

  def ldap_params
    params.require(:auth_source_ldap).permit(
      :name, :host, :port, :tls, :verify_peer,
      :account, :account_password, :base_dn, :filter,
      :onthefly_register, :attr_login, :attr_firstname,
      :attr_lastname, :attr_mail, :timeout
    )
  end

  def ldap_presets
    {
      'freeipa' => {
        name: 'FreeIPA',
        port: 389,
        tls: false,
        base_dn: 'cn=users,cn=accounts,dc=example,dc=com',
        filter: '(objectClass=person)',
        attr_login: 'uid',
        attr_firstname: 'givenName',
        attr_lastname: 'sn',
        attr_mail: 'mail'
      },
      'active_directory' => {
        name: 'Active Directory',
        port: 389,
        tls: false,
        base_dn: 'CN=Users,DC=example,DC=com',
        filter: '(&(objectClass=user)(!(objectClass=computer)))',
        attr_login: 'sAMAccountName',
        attr_firstname: 'givenName',
        attr_lastname: 'sn',
        attr_mail: 'mail'
      },
      'openldap' => {
        name: 'OpenLDAP',
        port: 389,
        tls: false,
        base_dn: 'ou=users,dc=example,dc=com',
        filter: '(objectClass=inetOrgPerson)',
        attr_login: 'uid',
        attr_firstname: 'givenName',
        attr_lastname: 'sn',
        attr_mail: 'mail'
      }
    }
  end

  def ldap_config_path
    { controller: 'ldap_config', action: 'index' }
  end
end