package session
 
 import (
 	"errors"
 	"net/http"
 

 	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user"

 )
 
 const UserNameKey = "user.name"

 const UserUIDKey = "user.uid"

 type Authenticator struct {

 	store Store
 	name  string
 }
 

 func NewAuthenticator(store Store, name string) *Authenticator {
 	return &Authenticator{

 		store: store,
 		name:  name,
 	}
 }
 

 func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {

 	session, err := a.store.Get(req, a.name)
 	if err != nil {
 		return nil, false, err
 	}

 	nameObj, ok := session.Values()[UserNameKey]
 	if !ok {
 		return nil, false, nil
 	}
 	name, ok := nameObj.(string)
 	if !ok {
 		return nil, false, errors.New("user.name on session is not a string")
 	}
 	if name == "" {
 		return nil, false, nil
 	}
 

 	uidObj, ok := session.Values()[UserUIDKey]
 	if !ok {
 		return nil, false, nil
 	}
 	uid, ok := uidObj.(string)
 	if !ok {
 		return nil, false, errors.New("user.uid on session is not a string")
 	}
 	// Tolerate empty string UIDs in the session
 

 	return &user.DefaultInfo{

 		Name: name,

 		UID:  uid,

 	}, true, nil
 }

 func (a *Authenticator) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error) {

 	session, err := a.store.Get(req, a.name)
 	if err != nil {

 		return false, err

 	}
 	values := session.Values()
 	values[UserNameKey] = user.GetName()

 	values[UserUIDKey] = user.GetUID()
 	// TODO: should we save groups, scope, and extra in the session as well?

 	return false, a.store.Save(w, req)

 }

 func (a *Authenticator) InvalidateAuthentication(w http.ResponseWriter, req *http.Request) error {

 	session, err := a.store.Get(req, a.name)
 	if err != nil {
 		return err
 	}
 	session.Values()[UserNameKey] = ""

 	session.Values()[UserUIDKey] = ""

 	return a.store.Save(w, req)
 }