module Admin
  class AuthController < AdminController
    skip_before_action :authorize_admin

    def login
    end

    def auth
      admin = User.find_by(email: auth_params[:email], role: 'admin')

      if admin && admin.authenticate(auth_params[:password])
        session[:user] = admin.to_i
        redirect_to admin_path
      else
        redirect_to admin_login_path,
                    flash: { error: "Sorry, incorrect email or password. Please try again." }
      end
    end

    def logout
      reset_session
      redirect_to admin_login_path
    end

    def reset_request
    end

    def send_reset
      user = User.find_by(email: request_params[:email])
      redirect_to(admin_reset_request_path) and return if user.nil?

      user.setup_reset
      # TODO: user mailer deliver_now
      redirect_to admin_reset_request_path,
                  success: "Reset request sent! Please check your email for instructions."
    end

    def reset
      user = User.find_by(reset_token: params[:reset_token])
      redirect_to(admin_reset_request_path) and return if user.nil?
    end

    def reset_password
      user = User.find_by(reset_token: params[:reset_token])
      redirect_to(admin_reset_request_path) and return if user.nil?

      if user.update(reset_params)
        redirect_to admin_login_path, success: "Password has been reset. Please log in."
      else
        redirect_to(admin_reset_request_path)
      end
    end

    private

      def request_params
        params.require(:auth).permit(:email)
      end

      def reset_params
        params.require(:auth).permit(:password, :password_confirmation)
      end
  end
end