# Copyright (c) 2005 bivio Software, Inc.  All Rights Reserved.
#
# Visit http://www.bivio.biz for more info.
# 
# This library is free software; you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation; either version 2.1 of the
# License, or (at your option) any later version.
# 
# This library is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
# 
# You should have received a copy of the GNU Lesser General Public
# License along with this library;  If not, you may get a copy from:
# http://www.opensource.org/licenses/lgpl-license.html
# 
# $Id: UserPasswordQuery.pm,v 1.7 2008/07/27 02:57:12 nagler Exp $
package Bivio::Biz::Action::UserPasswordQuery;
use strict;
use base ('Bivio::Biz::Action');
use Bivio::Biz::Random;

our($VERSION) = sprintf('%d.%02d', q$Revision: 1.7 $ =~ /\d+/g);
my($_KEY) = 'x';

sub execute {
    my($proto, $req) = @_;
    my($pw) = delete(($req->get('query') || {})->{$_KEY});
    my($u) = $req->get_nested(qw(auth_realm owner));
    my($die) = Bivio::Die->catch(sub {
	Bivio::Die->throw_quietly('invalid password in query')
	    unless $u->get_field_type('password')->is_equal(
	    $u->get('password'), $pw);
	Bivio::Biz::Model->get_instance('UserLoginForm')->execute($req, {
	    realm_owner => $u,
            # there might not be a cookie if user is visiting site
            # from the reset-password URI
            disable_assert_cookie => 1,
	});
    });

    if ($die) {
        $die->throw
            if $die->get('code')->eq_missing_cookies;
	$proto->get_instance('Acknowledgement')->save_label(
	    password_nak => $req);
	Bivio::Die->throw(NOT_FOUND => {
	    entity => $pw,
	    realm => $u,
	});
	# DOES NOT RETURN
    }
    $proto->new({password => $pw})->put_on_request($req, 1);
    $proto->get_instance('Acknowledgement')->save_label($req);
    $req->server_redirect({
#TODO: get_attr and set no_context on the password_task
        task_id => $req->get('task')->get_attr_as_id('password_task'),
        no_context => 1,
    });
    # DOES NOT RETURN
}

sub format_uri {
    my(undef, $req) = @_;
    my($pw) = Bivio::Biz::Random->password;
    $req->get_nested(qw(auth_realm owner))->update_password($pw);
    return $req->format_http({
	task_id => $req->get('task')->get_attr_as_id('reset_task'),
	query => {$_KEY => $pw},
	no_context => 1,
    });
}

1;