<?php

declare(strict_types=1);

namespace KupShop\TwoFactorBundle\Util;

use Scheb\TwoFactorBundle\Security\Authentication\Exception\InvalidTwoFactorCodeException;
use Scheb\TwoFactorBundle\Security\TwoFactor\TwoFactorFirewallContext;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\Security\Http\HttpUtils;
use Symfony\Component\Security\Http\SecurityRequestAttributes;

class AuthenticationFailureHandler implements AuthenticationFailureHandlerInterface
{
    public function __construct(
        protected HttpUtils $httpUtils,
        protected TwoFactorFirewallContext $firewallContext)
    {
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response
    {
        $request->getSession()->set(SecurityRequestAttributes::AUTHENTICATION_ERROR, $exception);
        $firewallConfig = $this->firewallContext->getFirewallConfig('main');

        if ($exception instanceof InvalidTwoFactorCodeException) {
            addUserMessage(translate('invalidCode', 'two_factor'), 'error');
        }

        return $this->httpUtils->createRedirectResponse($request, $firewallConfig->getAuthFormPath());
    }
}