# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2011-2013 Nexedi SA and Contributors. All Rights Reserved.
#                    Francois-Xavier Algrain <fxalgrain@tiolive.com>
#                    Romain Courteaud <romain@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
##############################################################################

from zLOG import LOG, PROBLEM
from Products.ERP5Type.Globals import InitializeClass

from AccessControl import ClassSecurityInfo
from Products.PageTemplates.PageTemplateFile import PageTemplateFile

from Products.PluggableAuthService.interfaces import plugins
from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin

from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod

class ERP5AccessTokenExtractionPlugin(BasePlugin):
  """
    Access Token PAS plugin which support custom access token creation in an
    ERP5 module.

    It depends on the erp5_access_token bt5.
  """

  meta_type = "ERP5 Access Token Extraction Plugin"
  security = ClassSecurityInfo()

  def __init__(self, id, title=None):
    #Register value
    self._setId(id)
    self.title = title

  ####################################
  #ILoginPasswordHostExtractionPlugin#
  ####################################
  security.declarePrivate('extractCredentials')
  @UnrestrictedMethod
  def extractCredentials(self, request):
    """ Extract CookieHash credentials from the request header. """
    creds = {}
    # XXX Extract from HTTP Header, URL parameter are hardcoded.
    # More flexible way would be to configure on the portal type level
    token = request.getHeader("X-ACCESS-TOKEN", None)
    if token is None:
      token = request.form.get("access_token", None)
    if token is not None:
      token_document = self.getPortalObject().access_token_module.\
                                        _getOb(token, None)
      # Access Token should be validated
      # Check restricted access of URL
      # Extract login information
      if token_document is not None:
        external_login = None
        method = token_document._getTypeBasedMethod('getExternalLogin')
        if method is not None:
          external_login = method()

        if external_login is not None:
          creds['external_login'] = external_login
          creds['remote_host'] = request.get('REMOTE_HOST', '')
          try:
            creds['remote_address'] = request.getClientAddr()
          except AttributeError:
            creds['remote_address'] = request.get('REMOTE_ADDR', '')
    return creds

#Form for new plugin in ZMI
manage_addERP5AccessTokenExtractionPluginForm = PageTemplateFile(
  'www/ERP5Security_addERP5AccessTokenExtractionPlugin', globals(),
  __name__='manage_addERP5AccessTokenExtractionPluginForm')

def addERP5AccessTokenExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
  """ Add an ERP5AccessTokenExtractionPlugin to a Pluggable Auth Service. """

  plugin = ERP5AccessTokenExtractionPlugin(id, title)
  dispatcher._setObject(plugin.getId(), plugin)

  if REQUEST is not None:
      REQUEST['RESPONSE'].redirect(
          '%s/manage_workspace'
          '?manage_tabs_message='
          'ERP5AccessTokenExtractionPlugin+added.'
          % dispatcher.absolute_url())

#List implementation of class
classImplements(ERP5AccessTokenExtractionPlugin,
                plugins.ILoginPasswordHostExtractionPlugin
               )
InitializeClass(ERP5AccessTokenExtractionPlugin)