# frozen_string_literal: true
module Admin
  class AuthController < AdminController
    skip_before_action :authorize_user

    # bypass pundit lockdowns for auth requests.
    after_action :skip_policy_scope
    after_action :skip_authorization

    def login
    end

    def auth
      user = User.find_by(email: auth_params[:email])

      if user && user.authenticate(auth_params[:password])
        session[:user] = user.to_i
        redirect_to session[:request] || admin_path
      else
        redirect_to admin_login_path,
                    flash: { error: "Sorry, incorrect email or password. Please try again." }
      end
    end

    def logout
      reset_session
      redirect_to admin_login_path
    end

    def reset_request
    end

    def send_reset
      user = User.find_by(email: request_params[:email])
      redirect_to(admin_reset_request_path) and return if user.nil?

      user.setup_reset
      UserMailer.password_reset(user).deliver_later
      redirect_to admin_reset_request_path,
                  success: "Reset request sent! Please check your email for instructions."
    end

    def reset
      user = User.find_by(reset_token: params[:reset_token])
      redirect_to(admin_reset_request_path) and return if user.nil?
    end

    def reset_password
      user = User.find_by(reset_token: params[:reset_token])
      redirect_to(admin_reset_request_path) and return if user.nil?

      if user.update(reset_params)
        redirect_to admin_login_path, success: "Password has been reset. Please log in."
      else
        redirect_to admin_reset_request_path, flash: { error: "Password was not updated." }
      end
    end

    private

      def request_params
        params.require(:auth).permit(:email)
      end

      def reset_params
        params.require(:auth).permit(:password, :password_confirmation)
      end
  end
end