<?php

/**
 * Authentication Sources Proxy
 *
 * This script serves as a proxy handler for authentication source operations.
 * It processes various AJAX requests related to LDAP/Active Directory authentication
 * sources management including listing, creating, updating, deleting, testing
 * connections, and importing users/groups/departments.
 *
 * @author Lurana System
 * @version 1.0
 * @package Workflow Engine
 * @subpackage Authentication Sources
 */

try {
    // Validate that an action parameter was provided in the request
    if (isset($_REQUEST['action']) === false) {
        throw new Exception('No action was sent');
    }

    // Ensure user is authenticated before processing any requests
    if (isset($_SESSION['USER_LOGGED']) === false) {
        throw new Exception('There is no logged in user');
    }

    // Extract request parameters and initialize response structure
    $action = $_REQUEST['action'];
    $userUid = $_SESSION['USER_LOGGED'];
    $responseProxy = ['success' => true];

    // Process the requested action using a switch statement
    switch ($action) {
        /**
         * Retrieve a paginated list of authentication sources
         * Parameters: start, limit, textFilter, orderBy, ascending
         */
        case 'authSourcesList':
            $start = $_REQUEST['start'] ?? 0;
            $limit = $_REQUEST['limit'] ?? 25;
            $filter = $_REQUEST['textFilter'] ?? '';
            $orderBy =  $_REQUEST['orderBy'] ?? '';
            $ascending = $_REQUEST['ascending'] ?? 'asc';

            $authSources = new AuthSources();
            $responseProxy = $authSources->getListAuthSources($userUid, $start, $limit, $orderBy, $ascending, $filter);
            break;
        /**
         * Delete an authentication source by its UID
         * Required parameter: auth_uid
         */
        case 'authSourcesDelete':
            if (!isset($_REQUEST['auth_uid'])) {
                throw new Exception('No auth source UID was sent');
            }
            $authSourceUid = $_REQUEST['auth_uid'];
            $authSources = new AuthSources();
            $responseProxy = $authSources->removeAuthSource($authSourceUid);
            break;
        /**
         * Verify if an authentication source name is unique/available
         * Required parameter: AUTH_SOURCE_NAME
         */
        case 'authSourcesVerifyName':
            if (empty($_REQUEST['AUTH_SOURCE_NAME'])) {
                throw new Exception('No auth source name was sent');
            }

            $authSourceName = $_REQUEST['AUTH_SOURCE_NAME'];
            $authSources = new AuthSources();
            $responseProxy = $authSources->verifyAuthSourceName($authSourceName);
            break;
        /**
         * Test connection to an authentication source (LDAP/AD)
         * Required parameter: AUTH_ANONYMOUS
         * If anonymous auth is enabled, clears username and password
         */
        case 'authSourcesTestConnection':
            if (isset($_REQUEST['AUTH_ANONYMOUS']) === false) {
                throw new Exception('No auth anonymous was sent');
            }

            // Clear credentials if anonymous authentication is enabled
            if ($_REQUEST['AUTH_ANONYMOUS'] == '1') {
                $_REQUEST['AUTH_SOURCE_SEARCH_USER'] = '';
                $_REQUEST['AUTH_SOURCE_PASSWORD'] = '';
            }

            $authSourceData = $_REQUEST;
            $authSourceData['AUTH_SOURCE_VERSION'] = 3;

            $authSources = new AuthSources();
            $responseProxy = $authSources->testConnection($authSourceData);
            break;
        /**
         * Save (create or update) an authentication source configuration
         * Processes form data, separates common fields from extra data,
         * and handles grid attributes if enabled
         */
        case 'authSourcesSave':
            $temporalData = $_REQUEST;

            // Process grid attributes if the show grid checkbox is enabled
            if (isset($temporalData['AUTH_SOURCE_SHOWGRID-checkbox'])) {
                if ($temporalData['AUTH_SOURCE_SHOWGRID-checkbox'] == 'on') {
                    $temporalData['AUTH_SOURCE_SHOWGRID'] = 'on';
                    // Parse JSON grid attributes and convert to array format
                    $attributes = G::json_decode($temporalData['AUTH_SOURCE_GRID_TEXT']);
                    $con = 1;
                    foreach ($attributes as $value) {
                        $temporalData['AUTH_SOURCE_GRID_ATTRIBUTE'][$con] = (array)$value;
                        $con++;
                    }
                }
                unset($temporalData['AUTH_SOURCE_SHOWGRID-checkbox']);
            }

            // Clear credentials for anonymous authentication
            if ($temporalData['AUTH_ANONYMOUS'] == '1') {
                $temporalData['AUTH_SOURCE_SEARCH_USER'] = '';
                $temporalData['AUTH_SOURCE_PASSWORD'] = '';
            }

            unset($temporalData['AUTH_SOURCE_GRID_TEXT']);
            unset($temporalData['AUTH_SOURCE_ATTRIBUTE_IDS']);

            // Define core authentication source fields
            $commonFields = array('AUTH_SOURCE_UID', 'AUTH_SOURCE_NAME', 'AUTH_SOURCE_PROVIDER', 'AUTH_SOURCE_SERVER_NAME', 'AUTH_SOURCE_PORT', 'AUTH_SOURCE_ENABLED_TLS', 'AUTH_ANONYMOUS', 'AUTH_SOURCE_SEARCH_USER', 'AUTH_SOURCE_PASSWORD', 'AUTH_SOURCE_VERSION', 'AUTH_SOURCE_BASE_DN', 'AUTH_SOURCE_OBJECT_CLASSES', 'AUTH_SOURCE_ATTRIBUTES');

            // Separate common fields from extra configuration data
            $authSourceData = $authSourceExtraData = array();
            foreach ($temporalData as $sField => $sValue) {
                if (in_array($sField, $commonFields)) {
                    $authSourceData[$sField] = $sValue;
                } else {
                    $authSourceExtraData[$sField] = $sValue;
                }
            }

            // Remove grid attributes if grid display is disabled
            if (!isset($authSourceExtraData['AUTH_SOURCE_SHOWGRID']) || $authSourceExtraData['AUTH_SOURCE_SHOWGRID'] == 'off') {
                unset($authSourceExtraData['AUTH_SOURCE_GRID_ATTRIBUTE']);
                unset($authSourceExtraData['AUTH_SOURCE_SHOWGRID']);
            }

            $authSourceData['AUTH_SOURCE_DATA'] = $authSourceExtraData;

            $authSources = new AuthSources();
            $responseProxy = $authSources->saveAuthSource($authSourceData);
            break;
        /**
         * Search for users in an authentication source for import
         * Required parameter: sUID (auth source UID)
         * Optional parameters: start, limit/pageSize, sKeyword
         */
        case 'authSourcesImportSearchUsers':
            if (!isset($_POST['sUID'])) {
                throw new Exception('No auth source UID was sent');
            }

            $authSourceUid = $_POST['sUID'];
            // Set up search filters with default values
            $filters = [
                'start'=> $_POST['start'] ?? 0,
                'limit'=> $_POST['limit'] ?? ($_POST['pageSize'] ?? 10),
                'text'=> $_POST['sKeyword'] ?? ''
            ];

            $authSources = new AuthSources();
            $responseProxy = $authSources->searchUsers($authSourceUid, $filters);
            break;
        /**
         * Import selected users from an authentication source
         * Required parameters: UsersImport (JSON), AUTH_SOURCE_UID
         */
        case 'authSourcesImportUsers':
            if (!isset($_REQUEST['UsersImport'])) {
                throw new Exception('There are no users to import');
            }

            if (!isset($_REQUEST['AUTH_SOURCE_UID'])) {
                throw new Exception('The auth source UID was not sent');
            }

            $authSourceUid = $_REQUEST['AUTH_SOURCE_UID'];
            $usersImport = $_REQUEST['UsersImport'];
            // Decode JSON list of users to import
            $usersImport = json_decode($usersImport, true);

            $authSources = new AuthSources();
            $responseProxy = $authSources->importUsers($authSourceUid, $usersImport);
            break;
        /**
         * Load/search departments from an authentication source
         * Required parameter: authUid (auth source UID)
         */
        case 'authSourcesImportLoadDepartment':
            if (!isset($_REQUEST['authUid'])) {
                throw new Exception('No auth source UID was sent');
            }

            $authSourceUid = $_REQUEST['authUid'];
            $authSources = new AuthSources();
            $responseProxy = $authSources->searchDepartments($authSourceUid);
            break;
        /**
         * Save/import selected departments from an authentication source
         * Required parameters: departmentsDN, authUid
         */
        case 'authSourcesImportSaveDepartment':
            $authSources = new AuthSources();
            $departmentsDN = $_REQUEST['departmentsDN'];
            $authSourceUid = $_REQUEST['authUid'];
            $responseProxy = $authSources->saveDepartments($departmentsDN, $authSourceUid);
            break;
        /**
         * Load/search groups from an authentication source
         * Required parameter: authUid (auth source UID)
         */
        case 'authSourcesImportLoadGroup':
            if (!isset($_REQUEST['authUid'])) {
                throw new Exception('No auth source UID was sent');
            }

            $authSourceUid = $_REQUEST['authUid'];
            $authSources = new AuthSources();
            $responseProxy = $authSources->searchGroups($authSourceUid);
            break;
        /**
         * Save/import selected groups from an authentication source
         * Required parameters: groupsDN, authUid
         */
        case 'authSourcesImportSaveGroup':
            $authSources = new AuthSources();
            $groupsDN = $_REQUEST['groupsDN'];
            $authSourceUid = $_REQUEST['authUid'];
            $responseProxy = $authSources->saveGroups($groupsDN, $authSourceUid);
            break;
        /**
         * Handle invalid/unknown actions
         */
        default:
            throw new Exception('The action "' . $action . '" is not allowed');
    }

    // Return successful response as JSON
    header('Content-Type: application/json');
    echo json_encode($responseProxy, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
} catch (Exception $exception) {
    // Handle any exceptions and return error response
    $responseProxy['success'] = false;
    $responseProxy['message'] = 'An error occurred while processing your request: ';
    $responseProxy['message'] .= htmlentities($exception->getMessage(), ENT_QUOTES, 'UTF-8');
    header('Content-Type: application/json');
    echo json_encode($responseProxy, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
}