/*
 * Created on Sep 29, 2005
 */
package com.ecyrd.jspwiki.auth.modules;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Properties;

import com.ecyrd.jspwiki.NoRequiredPropertyException;
import com.ecyrd.jspwiki.WikiEngine;
import com.ecyrd.jspwiki.auth.UserProfile;
import com.ecyrd.jspwiki.auth.WikiAuthenticator;
import com.ecyrd.jspwiki.auth.WikiSecurityException;

/**
 * @author sym
 */
public class JdbcAuthenticator implements WikiAuthenticator {

	private String url = null;
	private String user = null;
	private String password = null;
	private String driver = null;
	
	private boolean authorize = false;
	
	private final static String baseProp = "jdbc.auth.";
	
	public String checkQuery = "SELECT authorized FROM users WHERE nick=? AND password=?";
	public String listQuery = "SELECT nick,authorized FROM users";
	public String isAuthQuery = "SELECT authorized FROM users WHERE nick=?";	
	public String updatePassQuery = "UPDATE users SET password=? WHERE nick=?";
	public String updateAuthQuery = "UPDATE users SET authorized=? WHERE nick=?";
	public String insertQuery = "INSERT INTO users SET nick=?, password=?, authorized=?";
	
	/* (non-Javadoc)
	 * @see com.ecyrd.jspwiki.auth.WikiAuthenticator#initialize(java.util.Properties)
	 */
	public void initialize(Properties props) throws NoRequiredPropertyException {
		this.url = WikiEngine.getRequiredProperty(props, baseProp + "url");
		this.user = WikiEngine.getRequiredProperty(props, baseProp + "user");
		this.password = props.getProperty(baseProp + "password");
		this.driver = props.getProperty(baseProp + "driver");
		this.checkQuery = props.getProperty(baseProp + "checkQuery", checkQuery);
		this.isAuthQuery = props.getProperty(baseProp + "isAuthQuery", isAuthQuery);
		this.listQuery = props.getProperty(baseProp + "listQuery", listQuery);
		this.updatePassQuery = props.getProperty(baseProp + "updatePassQuery", updatePassQuery);
		this.updateAuthQuery = props.getProperty(baseProp + "updateAuthQuery", updateAuthQuery);
		this.insertQuery = props.getProperty(baseProp + "insertQuery", insertQuery);
		
		this.authorize = Boolean.getBoolean(props.getProperty(baseProp + "authorize", "false"));
		
		if (this.driver != null) {
			try {
				Class.forName(this.driver);
			} catch (ClassNotFoundException e) {
				new IllegalArgumentException(this.driver + " JDBC driver class not found");
			}
		}
	}

	public Connection getConnection() {
		try {
			return DriverManager.getConnection(this.url, this.user, this.password);
		} catch (SQLException e) {
			e.printStackTrace();
		}
		return null;
	}
	
	/* (non-Javadoc)
	 * @see com.ecyrd.jspwiki.auth.WikiAuthenticator#authenticate(com.ecyrd.jspwiki.auth.UserProfile)
	 */
	public boolean authenticate(UserProfile wup) throws WikiSecurityException {
        String userName = wup.getName();
        String userPass = wup.getPassword();
        
        ResultSet res = null;
		Connection con = null;
		PreparedStatement checkps = null;
		boolean ret = false;
		con = getConnection();
		if (con == null) throw new WikiSecurityException("Cannot connect to database");
		try {
			checkps = con.prepareStatement(this.checkQuery);
			checkps.setString(1, userName);
			checkps.setString(2, userPass);
			
			res = checkps.executeQuery();
			ret = res.next();
			if (ret) ret = res.getBoolean(1);
		} catch (SQLException e) {
			e.printStackTrace();
			throw new WikiSecurityException("Error while performin database query");
		} finally {
	        try {
				if (res != null) res.close();
			} catch (SQLException e1) {
			}
	        try {
				if (checkps != null) checkps.close();
			} catch (SQLException e2) {
			}
	        try {
				if (con != null) con.close();
			} catch (SQLException e3) {
			}
		}
		return ret;
	}
	
	public String addUser(String name, String password)  throws Exception {
		if (!name.matches("[A-Za-z]*")) return "Invalid user name";
		if (password.length() == 0) return "Specify a password";
		
        ResultSet res = null;
		Connection con = null;
		PreparedStatement checkps = null;
		con = getConnection();
		if (con == null) throw new Exception("Cannot connect to database");
		try {
			checkps = con.prepareStatement(this.isAuthQuery);
			checkps.setString(1, name);
			res = checkps.executeQuery();
			
			if (res.next()) {
				if (res.getBoolean(1)) {
					return "User name already taken";
				} else {
					return "You are already registered but haven't yet been authorized to access.";
				}
			} else {
				res.close();
				checkps.close();
				checkps = con.prepareStatement(this.insertQuery);
				checkps.setString(1, name);
				checkps.setString(2, password);
				checkps.setBoolean(3, this.authorize);
				if (checkps.executeUpdate() == 0) {
					return "Could not register the new user";
				}
			}
		} finally {
	        try {
				if (res != null) res.close();
			} catch (SQLException e1) {
			}
	        try {
				if (checkps != null) checkps.close();
			} catch (SQLException e2) {
			}
	        try {
				if (con != null) con.close();
			} catch (SQLException e3) {
			}
		}
		return null;		
	}

}