, http-client-tls

    , http-types

    <script src="https://www.google.com/recaptcha/api.js" async defer></script>

    , "validation"

module Aftok.Api.Account where
import Prelude
import Control.Monad.Trans.Class (lift)
import Data.Argonaut.Encode (encodeJson)
import Data.Either (Either(..))
import Data.Maybe (Maybe(..))
import Effect.Aff (Aff)
import Effect.Class.Console (log)
import Affjax (post, get, printError)
import Affjax.StatusCode (StatusCode(..))
import Affjax.RequestBody as RB
import Affjax.ResponseFormat as RF
import Halogen as H
import Halogen.HTML.Core (ClassName(..))
import Halogen.HTML as HH
import Halogen.HTML.CSS as CSS
import Halogen.HTML.Events as E
import Web.Event.Event as WE
import Halogen.HTML.Properties as P
import CSS (backgroundImage, url)
import Landkit.Card as Card
import Aftok.Types (System)
type LoginRequest = { username :: String, password :: String }
data LoginResponse
  = LoginOK
  | LoginForbidden
  | LoginError { status :: Maybe StatusCode, message :: String }
-- | Post credentials to the login service and interpret the response
login :: String -> String -> Aff LoginResponse
login user pass = do
  log "Sending login request to /api/login ..."
  result <- post RF.ignore "/api/login" (Just <<< RB.Json <<< encodeJson $ { username: user, password : pass })
  case result of
       Left err -> log ("Login failed: " <> printError err)
       Right r  -> log ("Login status: " <> show r.status)
  pure $ case result of
    Left err -> LoginError { status: Nothing, message: printError err }
    Right r -> case r.status of
      StatusCode 403 -> LoginForbidden
      StatusCode 200 -> LoginOK
      other -> LoginError { status: Just other, message: r.statusText }
checkLogin :: Aff LoginResponse
checkLogin = do
  result <- get RF.ignore "/api/login/check"
  case result of
    Left err -> do
      pure $ LoginError { status: Nothing, message: printError err }
    Right r -> do
      pure $ case r.status of
        StatusCode 200 -> LoginOK
        StatusCode _   -> LoginForbidden
logout :: Aff Unit
logout = void $ get RF.ignore "/api/logout"
data RecoverBy
  = RecoverByEmail String
  | RecoverByZAddr String 
type SignupRequest =
  { username :: String
  , password :: String
  , recoverBy :: RecoverBy
  , captchaToken :: String
  }
signupRequest :: String -> String -> RecoverBy -> String -> SignupRequest
signupRequest username password recoverBy captchaToken = 
  { username, password, recoverBy, captchaToken }
data SignupResponse
  = SignupOK
  | CaptchaInvalid
  | ZAddrInvalid
  | UsernameTaken
data UsernameCheckResponse
  = UsernameCheckOK
  | UsernameCheckTaken
data ZAddrCheckResponse
  = ZAddrCheckOK
  | ZAddrCheckInvalid
checkUsername :: String -> Aff UsernameCheckResponse
checkUsername uname = do
  pure UsernameCheckOK
checkZAddr :: String -> Aff ZAddrCheckResponse
checkZAddr zaddr = do
  pure ZAddrCheckOK
signup :: SignupRequest -> Aff SignupResponse
signup req = do
  pure SignupOK
  

"use strict";
exports.getRecaptchaResponseInternal = useElemId => elemId => () => {
  if (useElemId) {
    return grecaptcha.getResponse(elemId);
  } else {
    return grecaptcha.getResponse();
  }
}

module Aftok.Api.Recaptcha 
  ( getRecaptchaResponse
  ) where
import Prelude (bind, (==), ($), pure)
import Data.Maybe (Maybe(..))
import Effect (Effect)
getRecaptchaResponse :: Maybe String -> Effect (Maybe String)
getRecaptchaResponse elemId = do
  resp <- case elemId of
    Just eid -> getRecaptchaResponseInternal true eid
    Nothing  -> getRecaptchaResponseInternal false ""
  pure $ if resp == "" then Nothing else Just resp
foreign import getRecaptchaResponseInternal :: Boolean -> String -> Effect String

import Data.Argonaut.Encode (encodeJson)
import Data.Either (Either(..))

import Effect.Class.Console (log)
import Affjax (post, get, printError)
import Affjax.StatusCode (StatusCode(..))
import Affjax.RequestBody as RB
import Affjax.ResponseFormat as RF

type LoginRequest = { username :: String, password :: String }

import Aftok.Api.Account (LoginResponse(..), login, checkLogin, logout)

data LoginResponse
  = OK
  | Forbidden
  | Error { status :: Maybe StatusCode, message :: String }

data LoginError
  = Forbidden 
  | ServerError

  , loginResponse :: Maybe LoginResponse

  , loginError :: Maybe LoginError

    initialState _ = { username: "", password: "", loginResponse: Nothing }

    initialState _ = { username: "", password: "", loginError: Nothing }

                , case st.loginResponse of

                , case st.loginError of

                    Just OK ->
                      HH.div
                      [ P.classes (ClassName <$> ["alert alert-warning"]) ]
                      [ HH.text "Login ok, but you should have been redirected. Why are you still here?" ]
                    Just Forbidden ->
                      HH.div
                      [ P.classes (ClassName <$> ["alert alert-danger"]) ]
                      [ HH.text "Login failed. Check your username and password." ]
                    Just (Error e) ->
                      HH.div
                      [ P.classes (ClassName <$> ["alert alert-danger"]) ]
                      [ HH.text ("Login failed: " <> e.message) ]

                    Just err -> 
                      let message = case err of
                            Forbidden -> "Login failed. Check your username and password."
                            ServerError -> "Login failed due to an internal error. Please contact support."
                       in HH.div
                            [ P.classes (ClassName <$> ["alert alert-danger"]) ]
                            [ HH.text message ]

                  [ P.classes (ClassName <$> ["btn", "btn-block", "btn-primary"])
                  ]

                  [ P.classes (ClassName <$> ["btn", "btn-block", "btn-primary"]) ]

        H.modify_ (_ { loginResponse = Just response })

          OK -> H.raise (LoginComplete { username: user })
          _  -> pure unit
-- | Post credentials to the login service and interpret the response
login :: String -> String -> Aff LoginResponse
login user pass = do
  log "Sending login request to /api/login ..."
  result <- post RF.ignore "/api/login" (Just <<< RB.Json <<< encodeJson $ { username: user, password : pass })
  case result of
       Left err -> log ("Login failed: " <> printError err)
       Right r  -> log ("Login status: " <> show r.status)
  pure $ case result of
    Left err -> Error { status: Nothing, message: printError err }
    Right r -> case r.status of
      StatusCode 403 -> Forbidden
      StatusCode 200 -> OK
      other -> Error { status: Just other, message: r.statusText }
checkLogin :: Aff LoginResponse
checkLogin = do
  log "Sending login check to /api/login/check ..."
  result <- get RF.ignore "/api/login/check"
  case result of
    Left err -> do
      log ("Login failed: " <> printError err)
      pure $ Error { status: Nothing, message: printError err }
    Right r -> do
      log ("Login status: " <> show r.status)
      pure $ case r.status of
        StatusCode 200 -> OK
        StatusCode _   -> Forbidden

          LoginOK        -> H.raise (LoginComplete { username: user })
          LoginForbidden -> H.modify_ (_ { loginError = Just Forbidden })
          LoginError _   -> H.modify_ (_ { loginError = Just ServerError })

logout :: Aff Unit
logout = do
  log "Logging out on server with  /api/logout ..."
  result <- get RF.ignore "/api/logout"
  case result of
    Left err -> log ("Logout failed: " <> printError err)
    Right r ->  log ("Logout status: " <> show r.status)

  { login: \_ _ -> pure OK 
  , checkLogin: pure OK

  { login: \_ _ -> pure LoginOK 
  , checkLogin: pure LoginOK

-- import Control.Monad.Trans.Class (lift)

import Control.Monad.Trans.Class (lift)

import Data.Foldable (any)

import Data.Either (Either(..), note)
import Data.Validation.Semigroup (V(..), toEither, andThen, invalid)

import Effect.Aff (Aff)
import Effect.Class (liftEffect)

import Aftok.Api.Account as Acc
import Aftok.Api.Account (SignupRequest, SignupResponse, signupRequest)
import Aftok.Api.Recaptcha (getRecaptchaResponse)

data SignupResponse
  = OK
  | Error { status :: Maybe StatusCode, message :: String }

data SignupError
  = UsernameRequired
  | UsernameTaken
  | PasswordRequired
  | ConfirmRequired
  | PasswordMismatch
  | EmailRequired
  | ZAddrRequired
  | ZAddrInvalid
  | CaptchaError
  | APIError { status :: Maybe StatusCode, message :: String }

  , loginResponse :: Maybe SignupResponse

  , signupErrors :: Array SignupError

  = SignupComplete { username :: String }

  = SignupComplete String 
  | SigninNav

  { signup :: String -> String -> m SignupResponse

  { checkUsername :: String -> m Acc.UsernameCheckResponse
  , checkZAddr :: String -> m Acc.ZAddrCheckResponse
  , signup :: SignupRequest -> m SignupResponse
  , getRecaptchaResponse :: Maybe String -> m (Maybe String)

      , loginResponse: Nothing

      , signupErrors: []

                [ P.classes (ClassName <$> ["mb-6"]) ]

                [ P.classes (ClassName <$> ["mb-6"]) 
                , E.onSubmit (Just <<< Signup)
                ]

                    , P.id_ "password"

                    , P.id_ "passwordConfirm"

                    [ P.classes (ClassName <$> ["form-group", "mb-3"]) 

                    [ P.classes (ClassName <$> ["g-recaptcha", "mx-auto"]) 

      SetUsername user -> H.modify_ (_ { username = Just user })
      SetPassword pass -> H.modify_ (_ { password = Just pass })

      SetUsername user -> do
        ures <- lift $ caps.checkUsername user
        H.modify_ (_ { username = Just user })
        case ures of
          Acc.UsernameCheckOK    -> pure unit
          Acc.UsernameCheckTaken -> H.modify_ (_ { signupErrors = [UsernameTaken] })
      SetPassword pass -> do
        H.modify_ (_ { password = Just pass })
        confirm <- H.gets (_.passwordConfirm)
        when (any (notEq pass) confirm) (H.modify_ (_ { signupErrors = [PasswordMismatch] }))
           
      ConfirmPassword confirm -> do
        H.modify_ (_ { passwordConfirm = Just confirm })
        password <- H.gets (_.password)
        when (any (notEq confirm) password) (H.modify_ (_ { signupErrors = [PasswordMismatch] }))

      ConfirmPassword pass -> H.modify_ (_ { passwordConfirm = Just pass })
      _ -> pure unit

      SetRecoveryEmail email -> H.modify_ (_ { recoveryEmail = Just email })
      SetRecoveryZAddr addr -> do
        zres <- lift $ caps.checkZAddr addr
        H.modify_ (_ { recoveryZAddr = Just addr })
        case zres of
          Acc.ZAddrCheckOK -> pure unit
          Acc.ZAddrCheckInvalid -> H.modify_ (_ { signupErrors = [ZAddrInvalid] })

      Signin ev -> do 
        lift $ system.preventDefault (ME.toEvent ev)
        H.raise SigninNav
      Signup ev -> do
        lift $ system.preventDefault ev
        recType <- H.gets (_.recoveryType)
        usernameV <- V <<< note [UsernameRequired] <$> H.gets (_.username)
        pwdFormV  <- V <<< note [PasswordRequired] <$> H.gets (_.password)
        pwdConfV  <- V <<< note [ConfirmRequired ] <$> H.gets (_.passwordConfirm)
        recoveryType <- H.gets (_.recoveryType)
        recoveryV <- case recoveryType of
          RecoveryEmail -> 
            V <<< note [EmailRequired] <<< map Acc.RecoverByEmail <$> H.gets (_.recoveryEmail)
          RecoveryZAddr -> 
            V <<< note [ZAddrRequired] <<< map Acc.RecoverByZAddr <$> H.gets (_.recoveryZAddr)
        recapV <- lift $ V <<< note [CaptchaError] <$> caps.getRecaptchaResponse Nothing
        let reqV :: V (Array SignupError) Acc.SignupRequest
            reqV = signupRequest <$> usernameV
                                 <*> ((eq <$> pwdFormV <*> pwdConfV) `andThen` 
                                      (if _ then pwdFormV else invalid [PasswordMismatch]))
                                 <*> recoveryV
                                 <*> recapV
        case toEither reqV of
          Left errors -> 
            H.modify_ (_ { signupErrors = errors })
          Right req -> do
            response <- lift (caps.signup req)
            case response of
              Acc.SignupOK -> H.raise (SignupComplete $ req.username)
              Acc.CaptchaInvalid -> H.modify_ (_ { signupErrors = [CaptchaError] })
              Acc.ZAddrInvalid -> H.modify_ (_ { signupErrors = [ZAddrInvalid] })
              Acc.UsernameTaken -> H.modify_ (_ { signupErrors = [UsernameTaken] })

mockCapability :: forall m. Applicative m => Capability m

mockCapability :: Capability Aff

  { signup: \_ _ -> pure OK 

  { checkUsername: \_ -> pure Acc.UsernameCheckOK
  , checkZAddr: \_ -> pure Acc.ZAddrCheckOK
  , signup: \_ -> pure Acc.SignupOK
  , getRecaptchaResponse: liftEffect <<< getRecaptchaResponse 

import Aftok.Api.Account as Acc

    initialState _ = { view: VLoading, config: { recaptchaKey: "" } }

    initialState _ = 
      { view: VLoading
      , config: { recaptchaKey: "6LdiA78ZAAAAAGGvDId_JmDbhalduIDZSqbuikfq" } 
      }

                Login.Forbidden -> pure VLogin

                Acc.LoginForbidden -> pure VLogin
                Acc.LoginError _ -> pure VLogin

      SignupAction (Signup.SigninNav) ->
        H.modify_ (_ { view = VLogin })

  , _recaptchaSecret :: Maybe Text

    <*> C.lookup cfg "recaptchaSecret"

  uid                       <- requireUserId
  pid                       <- requireProjectId

  uid     <- requireUserId
  pid     <- requireProjectId

  t                         <- liftIO C.getCurrentTime

  t       <- liftIO C.getCurrentTime

{-# LANGUAGE OverloadedStrings   #-}

  , CaptchaConfig(..)
  , CaptchaError(..)
  , checkCaptcha

import           Data.Aeson                    as A

import qualified Data.Aeson                    as A
import           Data.Aeson                    ((.:), (.:?))

import           Data.Text.Encoding            as T

import           Network.HTTP.Client            ( parseRequest, responseBody, responseStatus, httpLbs)
import           Network.HTTP.Client.TLS        ( newTlsManager )
import           Network.HTTP.Client.MultipartFormData (formDataBody, partBS)
import           Network.HTTP.Types.Status      ( statusCode )

import           Snap.Core
import           Snap.Snaplet                  as S

import qualified  Snap.Core                    as S
import qualified  Snap.Snaplet                 as S

instance FromJSON CUser where
  parseJSON (Object v) =

instance A.FromJSON CUser where
  parseJSON (A.Object v) =

  requestBody <- readRequestBody 4096

  rbody <- S.readRequestBody 4096

    $ A.decode requestBody

    $ A.decode rbody

  authUser <- with auth createSUser

  authUser <- S.with auth createSUser

  params   <- getParams

  params   <- S.getParams

                    (pure . traverse (parseInvCode . decodeUtf8))

                    (pure . traverse (parseInvCode . T.decodeUtf8))

type CaptchaCheckResult = Either [CaptchaError] ()

data CaptchaError
  = MissingInputSecret
  | InvalidInputSecret
  | MissingInputResponse
  | InvalidInputResponse
  | BadRequest
  | TimeoutOrDuplicate
  | CaptchaError Text
  deriving (Eq, Show)
data CaptchaConfig = CaptchaConfig
  { secretKey :: Text }
data CaptchaResponse = CaptchaResponse
  { success :: Bool
  , errorCodes :: [CaptchaError]
  }
instance A.FromJSON CaptchaResponse where
  parseJSON (A.Object v) =
    CaptchaResponse <$> v .: "success"
                    <*> (fmap toError . join . toList <$> v .:? "error-codes")
    where
      toError = \case
        "missing-input-secret" -> MissingInputSecret
        "invalid-input-secret" -> InvalidInputSecret
        "missing-input-response" -> MissingInputResponse
        "invalid-input-response" -> InvalidInputResponse
        "bad-request" -> BadRequest
        "timeout-or-duplicate" -> TimeoutOrDuplicate
        other -> CaptchaError $ "Unexpected error code: " <> other
  parseJSON _ =
    fail "Captcha response body was not a valid JSON object."

checkCaptcha :: CaptchaConfig -> Text -> IO CaptchaCheckResult
checkCaptcha cfg token = do
  request <- parseRequest "https://www.google.com/recaptcha/api/siteverify"
  reqWithBody <- formDataBody [partBS "secret" (T.encodeUtf8 $ secretKey cfg), partBS "response" (T.encodeUtf8 token)] request
  manager <- newTlsManager
  response <- httpLbs reqWithBody manager
  pure $ case statusCode (responseStatus response) of
    200 ->
      case A.eitherDecode (responseBody response) of
        Left err -> Left [CaptchaError $ "Failed to decode JSON response: " <> T.pack err]
        Right cr -> if success cr then Right () else Left (errorCodes cr)
    errCode ->
      Left $ [CaptchaError $ "Unexpected status code: " <> T.pack (show errCode)]

    registerRoute     = void $ method POST registerHandler

    registerRoute     = void $ method POST registerHandler