<?php

use BadMethodCallException;
use MediaWiki\Auth\AbstractPrimaryAuthenticationProvider;
use MediaWiki\Auth\AuthenticationRequest;
use MediaWiki\Auth\AuthenticationResponse;
use MediaWiki\Auth\AuthManager;
use MediaWiki\Auth\PasswordAuthenticationRequest;
use User;
use StatusValue;

class ExternalPasswordPrimaryAuthenticationProvider extends AbstractPrimaryAuthenticationProvider {
	public function getAuthenticationRequests( $action, array $options ) {
		switch ( $action ) {
			case AuthManager::ACTION_LOGIN:
				return [ new PasswordAuthenticationRequest() ];
			default:
				return [];
		}
	}

	public function beginPrimaryAuthentication( array $reqs ) {
		$req = AuthenticationRequest::getRequestByClass( $reqs, PasswordAuthenticationRequest::class );
		if ( !$req ) {
			return AuthenticationResponse::newAbstain();
		}

		if ( $req->username === null || $req->password === null ) {
			return AuthenticationResponse::newAbstain();
		}

		$res = checkPasswordInExternalDatabase( $req->username, $req->password );

		if ( $res ) {
			// map to a local username
			$username = User::getCanonicalName( $req->username, 'usable' );
			return AuthenticationResponse::newPass( 'External-' . $username );
		} else {
			// maybe the credentials belong to another provider
			return AuthenticationResponse::newAbstain();
		}
	}

	public function testUserExists( $username, $flags = User::READ_NORMAL ) {
		// could check in the external database whether user exists, but it won't be used for much
		return true;
	}

	public function providerAllowsAuthenticationDataChange(
		AuthenticationRequest $req, $checkData = true
	) {
		return StatusValue::newGood( 'ignored' );
	}

	public function providerChangeAuthenticationData( AuthenticationRequest $req ) {
	}

	public function accountCreationType() {
		return self::TYPE_NONE;
	}

	public function beginPrimaryAccountCreation( $user, $creator, array $reqs ) {
		throw new BadMethodCallException( 'Shouldn\'t be called when accountCreationType() is NONE' );
	}
}