/*
    * Copyright (C) 2007 Alf Mikula
    * 
    * This file is part of PromoteGo.
    *
    * PromoteGo is free software: you can redistribute it and/or modify
    * it under the terms of the GNU General Public License as published by
    * the Free Software Foundation, either version 3 of the License, or
    * (at your option) any later version.
   *
   * PromoteGo is distributed in the hope that it will be useful,
   * but WITHOUT ANY WARRANTY; without even the implied warranty of
   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   * GNU General Public License for more details.
   *
   * You should have received a copy of the GNU General Public License
   * along with PromoteGo.  If not, see <http://www.gnu.org/licenses/>.
   */
  package org.promotego.controllers;
  
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  
  import org.promotego.beans.User;
  import org.promotego.beans.UserHolder;
  import org.promotego.dao.interfaces.UserDao;
  import org.promotego.interfaces.PasswordHashTool;
  import org.promotego.viewbeans.LoginBean;
  import org.springframework.beans.factory.annotation.Required;
  import org.springframework.validation.BindException;
  import org.springframework.web.servlet.ModelAndView;
  import org.springframework.web.servlet.mvc.SimpleFormController;
  import org.springframework.web.servlet.view.RedirectView;
  
  public class LoginController extends SimpleFormController
  {
      private UserDao m_userDao;
      private PasswordHashTool m_passwordHashTool;
      private UserHolder m_userHolder;
  
      @Override
      public ModelAndView onSubmit(HttpServletRequest request,
              HttpServletResponse response, Object command, BindException errors)
      {
          LoginBean loginBean = (LoginBean) command;
          String username = loginBean.getUsername();
          String password = loginBean.getPassword();
  
          if (username != null && password != null)
          {
              // Allow only lowercase user names
              username = username.toLowerCase();
  
              User theUser = m_userDao.getUserByUsername(username);
              if (theUser != null)
              {
                  if (m_passwordHashTool.match(theUser.getCryptedPassword(),
                          password))
                  {
                      // Wipe out existing session, to guarantee starting with new info
                      request.getSession().invalidate();
  
                      // Set the user to show that she is logged in
                      m_userHolder.setUser(theUser);
  
                      String redirect = request.getParameter("redirect");
                      if (redirect != null && redirect.length() > 0)
                      {
                          if (!redirect.matches("^[a-zA-Z0-9]*:.*"))
                          {
                              // Don't use redirect: prefix, because it will put the entire Model
                              // in the redirect URL.
                              return new ModelAndView(new RedirectView(redirect,
                                      false, true, false));
                          }
                      }
  
                      return new ModelAndView("welcome");
                  }
              }
          }
  
          errors.reject("login.invalid", "Username or password invalid");
          return new ModelAndView("login", errors.getModel());
      }
  
      @Required
      public void setUserDao(UserDao userDao)
      {
          m_userDao = userDao;
      }
  
      @Required
      public void setPasswordHashTool(PasswordHashTool passwordHashTool)
      {
          m_passwordHashTool = passwordHashTool;
      }
  
      @Required
     public void setUserHolder(UserHolder theUserHolder)
     {
         m_userHolder = theUserHolder;
     }
 }