<?php

declare(strict_types=1);

namespace KupShop\TwoFactorBundle\EventSubscriber;

use KupShop\KupShopBundle\Context\UserContext;
use Psr\Log\LoggerInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpKernel\Event\ExceptionEvent;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Contracts\Service\Attribute\Required;

class ExceptionSubscriber implements EventSubscriberInterface
{
    #[Required]
    public LoggerInterface $logger;

    #[Required]
    public UserContext $userContext;

    public static function getSubscribedEvents()
    {
        return [
            KernelEvents::EXCEPTION => [
                ['handleRedirect', 200],
            ],
        ];
    }

    public function handleRedirect(ExceptionEvent $event)
    {
        $exception = $event->getThrowable();

        $redirectSet = false;
        if ($exception instanceof AccessDeniedHttpException || $exception instanceof AccessDeniedException) {
            if ($exception->getMessage() == 'User is not in a two-factor authentication process.') {
                $redirectSet = true;
                $event->setResponse(new RedirectResponse(path('home')));
            }

            $email = 'none';
            if ($user = $this->userContext->getActive()) {
                $email = $user->email;
            }

            $this->logger->notice("[TwoFactorBundle] Handle exception, user: {$email}", [
                'exception' => $exception->getMessage(),
                'exception_class' => get_class($exception),
                'redirect_set' => $redirectSet,
            ]);
        }
    }
}