use ldap3::LdapConn;
use ldap3::exop::PasswordModify;
use ldap3::result::{LdapError, Result};
use rocket_contrib::json::Json;

use rocket::post;
use serde_derive::{Deserialize, Serialize};

use crate::config::Config;

#[derive(Deserialize)]
pub struct PasswordData {
    username: String,
    old_password: String,
    new_password: String,
}

#[derive(Serialize)]
enum Message {
    InvalidCredentials,
    ServerError,
}

#[derive(Serialize)]
pub struct Response {
    success: bool,
    message: Option<Message>,
}

fn change_password(data: Json<PasswordData>, config: rocket::State<Config>) -> Result<()> {
    let dn = format!("uid={},ou=People,dc=fiveop,dc=de", &data.username);

    let mut ldap = LdapConn::new(&config.ldap_url)?;
    ldap
        .simple_bind(&dn, &data.old_password)?
        .success()?;

    ldap
        .extended(PasswordModify{
            user_id: Some(&dn),
            old_pass: Some(&data.old_password),
            new_pass: Some(&data.new_password),
        })?
        .success()?;

    Ok(())
}

#[post("/update", data = "<data>")]
pub fn update(data: Json<PasswordData>, config: rocket::State<Config>) -> Json<Response> {
    Json(
        match change_password(data, config) {
            Ok(_) => Response{
                success: true,
                message: None,
            },
            Err(error) => {
                eprintln!("LDAP error: {}", error);
                Response {
                    success: false,
                    message: Some(
                        match error {
                            LdapError::LdapResult{ result } => {
                                if result.rc == 49 {
                                    Message::InvalidCredentials
                                } else {
                                    Message::ServerError
                                }
                            },
                            _ => Message::ServerError,
                        }
                    ),
                }
            },
        }
    )
}