<?php
namespace App\Controller;

use App\Controller\AppController;
use Cake\Log\Log;
use App\Traits\GoogleOauthTrait;

/**
 * Authorizer Controller
 * 
 * This controller provides an entry point for authorization processes.
 * So far this is just for Google's OAuth 2.0.
 */
class AuthorizerController extends AppController
{
	use GoogleOauthTrait;
	
	/*
	 * Routing note:
	 * 
	 * This controller will provide a link for /authorizer/google_login where the oauth
	 * process can come back to our application from google.  To make your client secret setup
	 * simpler, add a route at the top level like so:
	 * 	 $routes->connect('/google_oauth', [ 'controller'=>'authorizer', 'action' => 'google_login']);
	 */
	
	public function initialize()
	{
		parent::initialize();
	}
	
	/**
	 * our callback from google oauth that is passed the oauth access token (or an error
	 * if authorization failed).
	 * before redirecting to this URL, one must use the GoogleOauth trait's
	 * setPostAuthorizationURL() and setRequestedScopes() methods to provide session
	 * parameters (since this link is invoked by google later, and they will not be
	 * providing any of this info).
	 */
	public function googleLogin() {
		if (session_status() == PHP_SESSION_NONE) {
			session_start ();
		}
		
		// retrieve the scopes out of the session.
		$scopes = $this->getRequestedScopes();
		Log::debug('loaded scopes: ' . var_export($scopes, true));
		
		// use the scopes in a new google client.
		$client = $this->createGoogleClient ( $scopes );		
		
		// see if we already have the 'code' available from the google side.
		if (! isset ( $_GET ['code'] )) {
			// no code, so we need to jump over to google.
			Log::Debug ( 'creating auth url to redirect to google oauth' );
			$auth_url = $client->createAuthUrl ();
			$this->redirect ( $auth_url );
		} else {						
			// we've got our code, so now we can try to fetch our access token.
			Log::Debug ( 'access token being actively acquired...' );
			$client->fetchAccessTokenWithAuthCode ( $_GET ['code'] );
			// clean out the scopes in session now that we're done with them.
			$this->dropRequestedScopes();
			
			// record the new token in our session.
			$token = $client->getAccessToken ();
			$this->setLastOAuthToken($token);
			
			// fabulously bad idea to show this...
			//Log::debug ( 'got access token: ' . var_export ( $token, true ) );			
						
			// go to the next point in our app where we can handle the newly stored token.
			$redirect =  $this->getPostAuthorizationURL();
			if (! $redirect) {
				// jump home if they registered no continuation.  this is a serious error in flow.
				$redirect = 'http://' . $_SERVER ['HTTP_HOST'] . '/';
				Log::debug('failure to find the redirection location for our app after successful oauth');
			}
			$this->redirect ( $redirect );
		}
	}
	
}