<?php
/**
 * OrangeHRM is a comprehensive Human Resource Management (HRM) System that captures
 * all the essential functionalities required for any enterprise.
 * Copyright (C) 2006 OrangeHRM Inc., http://www.orangehrm.com
 *
 * OrangeHRM is free software; you can redistribute it and/or modify it under the terms of
 * the GNU General Public License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * OrangeHRM is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with this program;
 * if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 * Boston, MA  02110-1301, USA
 */

namespace OrangeHRM\Installer\Migration\V5_4_0;

use Doctrine\DBAL\Schema\ForeignKeyConstraint;
use Doctrine\DBAL\Schema\Index;
use Doctrine\DBAL\Types\Type;
use Doctrine\DBAL\Types\Types;
use OrangeHRM\Installer\Util\V1\AbstractMigration;

use Doctrine\DBAL\Connection;
use Doctrine\DBAL\Exception;
use Doctrine\DBAL\Query\QueryBuilder;
use OrangeHRM\Installer\Util\V1\Dto\TransUnit;
use Symfony\Component\Yaml\Yaml;


class TranslationHelper
{
    protected ?LangStringHelper $langStringHelper = null;
    private Connection $connection;

    /**
     * @param Connection $connection
     */
    public function __construct(Connection $connection)
    {
        $this->connection = $connection;
    }

    /**
     * @return Connection
     */
    protected function getConnection(): Connection
    {
        return $this->connection;
    }

    /**
     * @param string $language
     * @return void
     */
    public function addTranslations(string $language): void
    {
        $filepath = __DIR__ . '/translation/' . $language . '.yaml';
        $yml = Yaml::parseFile($filepath);
        $translations = array_shift($yml);
        foreach ($translations as $translation) {
            $sourceObj = new TransUnit($translation['target'], $translation['unitId']);
            $this->saveTranslationRecord($translation['group'], $sourceObj, $language);
        }
    }

    /**
     * @param string $groupName
     * @param TransUnit $source
     * @param string $language
     * @return void
     */
    private function saveTranslationRecord(string $groupName, TransUnit $source, string $language): void
    {
        $groupId = $this->getLangStringHelper()->getGroupId($groupName);
        $langStringId = $this->getLangStringHelper()->getLangStringIdByUnitIdAndGroup($source->getUnitId(), $groupId);
        if ($langStringId == null) {
            throw new Exception(
                'Cannot add a translation to a non existent lang string: ' . $source->getUnitId()
            );
        }
        $langId = $this->getLanguageId($language);
        $existTranslation = $this->getTranslationRecord($langStringId, $langId);
        if ($existTranslation != null) {
            // TODO hanldle customized translations
        } else {
            $insetQuery = $this->createQueryBuilder();
            $insetQuery->insert('ohrm_i18n_translate')
                ->values(
                    [
                        'lang_string_id' => ':langStringId',
                        'language_id' => ':langId',
                        'value' => ':target',
                    ]
                )
                ->setParameter('langStringId', $langStringId)
                ->setParameter('langId', $langId)
                ->setParameter('target', $source->getTarget())
                ->executeQuery();
        }
    }

    /**
     * @return LangStringHelper
     */
    private function getLangStringHelper(): LangStringHelper
    {
        if (is_null($this->langStringHelper)) {
            $this->langStringHelper = new LangStringHelper($this->getConnection());
        }
        return $this->langStringHelper;
    }

    /**
     * @param string $langCode
     * @return int
     * @throws Exception
     */
    private function getLanguageId(string $langCode): int
    {
        $searchQuery = $this->createQueryBuilder();
        $searchQuery->select('language.id')
            ->from('ohrm_i18n_language', 'language')
            ->where('language.code = :langCode')
            ->setParameter('langCode', $langCode);
        return $searchQuery->executeQuery()->fetchOne();
    }

    /**
     * @return QueryBuilder
     */
    protected function createQueryBuilder(): QueryBuilder
    {
        return $this->getConnection()->createQueryBuilder();
    }

    /**
     * @param array $langStringId
     * @param int $langId
     * @return string
     * @throws Exception
     */
    private function getTranslationRecord(int $langStringId, int $langId): string
    {
        $searchQuery = $this->createQueryBuilder();
        $searchQuery->select('translate.id')
            ->from('ohrm_i18n_translate', 'translate')
            ->where('translate.language_id = :langCode')
            ->andWhere('translate.lang_string_id = :langStringId')
            ->setParameter('langCode', $langId)
            ->setParameter('langStringId', $langStringId);
        return $searchQuery->executeQuery()->fetchOne();
    }
}

class Migration extends AbstractMigration
{
    protected ?LangStringHelper $langStringHelper = null;
    protected ?TranslationHelper $translationHelper = null;

    /**
     * @inheritDoc
     */
    public function up(): void
    {

        $groups = ['admin', 'auth', 'general'];
        foreach ($groups as $group) {
            $this->getLangStringHelper()->insertOrUpdateLangStrings($group);
        }


        $this->getConnection()->createQueryBuilder()
            ->insert('ohrm_module')
            ->values(
                [
                    'name' => ':name',
                    'status' => ':status',
                    'display_name' => ':display_name'
                ]
            )
            ->setParameter('name', "auth")
            ->setParameter('status', 1)
            ->setParameter('display_name', 'Auth')
            ->executeQuery();

        $this->getConnection()->createQueryBuilder()
            ->insert('ohrm_module')
            ->values(
                [
                    'name' => ':name',
                    'status' => ':status',
                    'display_name' => ':display_name'
                ]
            )
            ->setParameter('name', "mobile")
            ->setParameter('status', 1)
            ->setParameter('display_name', 'Mobile')
            ->executeQuery();

        $this->getConfigHelper()->setConfigValue('auth.password_policy.min_password_length', '8');
        $this->getConfigHelper()->setConfigValue('auth.password_policy.min_uppercase_letters', '1');
        $this->getConfigHelper()->setConfigValue('auth.password_policy.min_lowercase_letters', '1');
        $this->getConfigHelper()->setConfigValue('auth.password_policy.min_numbers_in_password', '1');
        $this->getConfigHelper()->setConfigValue('auth.password_policy.min_special_characters', '1');
        $this->getConfigHelper()->setConfigValue('auth.password_policy.default_required_password_strength', 'strong');
        $this->getConfigHelper()->setConfigValue('auth.password_policy.is_spaces_allowed', 'false');

        $this->getDataGroupHelper()->insertApiPermissions(__DIR__ . '/permission/api.yaml');
        $this->changePermissionForAttendanceConfigurationAPI();
        $this->changePermissionForTimeConfigPeriodAPI();
        $this->changePermissionForEmployeeWorkShiftAPI();

        $this->getSchemaHelper()->createTable('ohrm_enforce_password')
            ->addColumn('id', Types::INTEGER, ['Autoincrement' => true])
            ->addColumn('user_id', Types::INTEGER, ['Notnull' => true])
            ->addColumn('enforce_request_date', Types::DATETIME_MUTABLE, ['Notnull' => false])
            ->addColumn('reset_code', Types::STRING, ['Notnull' => true])
            ->addColumn('expired', Types::BOOLEAN, ['Notnull' => true, 'Default' => 0])
            ->setPrimaryKey(['id'])
            ->create();

        $resetCode = new Index(
            'reset_code',
            ['reset_code']
        );
        $this->getSchemaManager()->createIndex($resetCode, 'ohrm_enforce_password');

        $foreignKeyConstraint = new ForeignKeyConstraint(
            ['user_id'],
            'ohrm_user',
            ['id'],
            'enforcePasswordUser',
            ['onDelete' => 'NO ACTION']
        );
        $this->getSchemaHelper()->addForeignKey('ohrm_enforce_password', $foreignKeyConstraint);

        $this->modifyDefaultRequiredPasswordStrength();
        $this->modifyDefaultPasswordEnforcement();

        $this->createOAuth2Tables();

        // https://github.com/orangehrm/orangehrm/issues/1622
        $this->getSchemaHelper()->addOrChangeColumns('ohrm_migration_log', [
            'php_version' => ['Type' => Type::getType(Types::STRING), 'Length' => 255],
        ]);

        $langCodes = [
            'zh_Hans_CN'
        ];
        foreach ($langCodes as $langCode) {
            $this->getTranslationHelper()->addTranslations($langCode);
        }

        $this->updateLangStringVersion($this->getVersion());

    }

    /**
     * @inheritDoc
     */
    public function getVersion(): string
    {
        return '5.4.0';
    }

    public function getLangStringHelper(): LangStringHelper
    {
        if (is_null($this->langStringHelper)) {
            $this->langStringHelper = new LangStringHelper(
                $this->getConnection()
            );
        }
        return $this->langStringHelper;
    }

    public function getTranslationHelper(): TranslationHelper
    {
        if (is_null($this->translationHelper)) {
            $this->translationHelper = new TranslationHelper(
                $this->getConnection()
            );
        }
        return $this->translationHelper;
    }

    private function updateLangStringVersion(string $version): void
    {
        $qb = $this->createQueryBuilder()
            ->update('ohrm_i18n_lang_string', 'lang_string')
            ->set('lang_string.version', ':version')
            ->setParameter('version', $version);
        $qb->andWhere($qb->expr()->isNull('lang_string.version'))
            ->executeStatement();
    }


    private function modifyDefaultRequiredPasswordStrength(): void
    {
        $value = $this->getConfigHelper()->getConfigValue('authentication.default_required_password_strength');

        if (
            $value === "veryWeak"
            || $value === "weak"
            || $value === "better"
            || $value === "medium"
            || $value === "strong"
            || $value === "strongest"
        ) {
            if ($value === "medium") {
                $value = "better";
            }
            $this->getConfigHelper()->setConfigValue('auth.password_policy.default_required_password_strength', $value);
        }

        $this->getConfigHelper()->deleteConfigValue('authentication.default_required_password_strength');
    }

    private function modifyDefaultPasswordEnforcement(): void
    {
        $value = $this->getConfigHelper()->getConfigValue('authentication.enforce_password_strength');

        if ($value !== 'on') {
            $value = 'off';
        }
        $this->getConfigHelper()->setConfigValue('auth.password_policy.enforce_password_strength', $value);
        $this->getConfigHelper()->deleteConfigValue('authentication.enforce_password_strength');
    }

    private function createOAuth2Tables(): void
    {
        $this->getSchemaHelper()->createTable('ohrm_oauth2_client')
            ->addColumn('id', Types::BIGINT, ['Autoincrement' => true])
            ->addColumn('name', Types::STRING, ['Length' => 255])
            ->addColumn('client_id', Types::STRING, ['Length' => 255])
            ->addColumn('client_secret', Types::STRING, ['Length' => 255, 'Notnull' => false])
            ->addColumn('redirect_uri', Types::STRING, ['Length' => 2000])
            ->addColumn('is_confidential', Types::BOOLEAN)
            ->addColumn('enabled', Types::BOOLEAN)
            ->addUniqueIndex(['client_id'], 'idx_client_id')
            ->setPrimaryKey(['id'])
            ->create();

        $this->getSchemaHelper()->createTable('ohrm_oauth2_authorization_code')
            ->addColumn('id', Types::BIGINT, ['Autoincrement' => true])
            ->addColumn('authorization_code', Types::STRING, ['Length' => 255])
            ->addColumn('client_id', Types::BIGINT)
            ->addColumn('user_id', Types::INTEGER)
            ->addColumn('redirect_uri', Types::STRING, ['Length' => 2000])
            ->addColumn('expiry_date_time_utc', Types::DATETIME_IMMUTABLE)
            ->addColumn('revoked', Types::BOOLEAN)
            ->addUniqueIndex(['authorization_code'], 'idx_authorization_code')
            ->setPrimaryKey(['id'])
            ->create();
        $foreignKeyConstraintClientId = new ForeignKeyConstraint(
            ['client_id'],
            'ohrm_oauth2_client',
            ['id'],
            'auth_code_client_id',
            ['onDelete' => 'CASCADE']
        );
        $this->getSchemaHelper()->addForeignKey('ohrm_oauth2_authorization_code', $foreignKeyConstraintClientId);

        $this->getSchemaHelper()->createTable('ohrm_oauth2_access_token')
            ->addColumn('id', Types::BIGINT, ['Autoincrement' => true])
            ->addColumn('access_token', Types::STRING, ['Length' => 255])
            ->addColumn('client_id', Types::BIGINT)
            ->addColumn('user_id', Types::INTEGER)
            ->addColumn('expiry_date_time_utc', Types::DATETIME_IMMUTABLE)
            ->addColumn('revoked', Types::BOOLEAN)
            ->addUniqueIndex(['access_token'], 'idx_access_token')
            ->setPrimaryKey(['id'])
            ->create();
        $foreignKeyAccessTokenClientId = new ForeignKeyConstraint(
            ['client_id'],
            'ohrm_oauth2_client',
            ['id'],
            'access_token_client_id',
            ['onDelete' => 'CASCADE']
        );
        $this->getSchemaHelper()->addForeignKey('ohrm_oauth2_access_token', $foreignKeyAccessTokenClientId);

        $this->getSchemaHelper()->createTable('ohrm_oauth2_refresh_token')
            ->addColumn('id', Types::BIGINT, ['Autoincrement' => true])
            ->addColumn('refresh_token', Types::STRING, ['Length' => 255])
            ->addColumn('access_token', Types::STRING, ['Length' => 255])
            ->addColumn('expiry_date_time_utc', Types::DATETIME_IMMUTABLE)
            ->addColumn('revoked', Types::BOOLEAN)
            ->addUniqueIndex(['refresh_token'], 'idx_refresh_token')
            ->setPrimaryKey(['id'])
            ->create();
        $foreignKeyAccessToken = new ForeignKeyConstraint(
            ['access_token'],
            'ohrm_oauth2_access_token',
            ['access_token'],
            'oauth2_access_token',
            ['onDelete' => 'CASCADE']
        );
        $this->getSchemaHelper()->addForeignKey('ohrm_oauth2_refresh_token', $foreignKeyAccessToken);

        $this->getConnection()->createQueryBuilder()
            ->insert('ohrm_oauth2_client')
            ->values(
                [
                    'name' => ':name',
                    'client_id' => ':client_id',
                    'client_secret' => ':client_secret',
                    'redirect_uri' => ':redirect_uri',
                    'is_confidential' => ':is_confidential',
                    'enabled' => ':enabled',
                ]
            )
            ->setParameter('name', "OrangeHRM Mobile App")
            ->setParameter('client_id', 'orangehrm_mobile_app')
            ->setParameter('client_secret', null)
            ->setParameter('redirect_uri', 'com.orangehrm.opensource://oauthredirect')
            ->setParameter('is_confidential', false, Types::BOOLEAN)
            ->setParameter('enabled', true, Types::BOOLEAN)
            ->executeQuery();

        $encryptionKey = base64_encode(random_bytes(32));
        $this->getConfigHelper()->setConfigValue('oauth.encryption_key', $encryptionKey);
        $encryptionKey = base64_encode(random_bytes(32));
        $this->getConfigHelper()->setConfigValue('oauth.token_encryption_key', $encryptionKey);

        // see https://php.net/manual/en/dateinterval.construct.php for TTL duration
        $this->getConfigHelper()->setConfigValue('oauth.auth_code_ttl', 'PT5M'); // 5 minutes
        $this->getConfigHelper()->setConfigValue('oauth.refresh_token_ttl', 'P1M'); // 1 month
        $this->getConfigHelper()->setConfigValue('oauth.access_token_ttl', 'PT30M'); // 30 minutes
    }

    private function changePermissionForAttendanceConfigurationAPI(): void
    {
        $this->getDataGroupHelper()->addDataGroupPermissions(
            'apiv2_attendance_configuration',
            'ESS',
            true,
            false,
            false,
            false,
            false
        );
    }

    private function changePermissionForTimeConfigPeriodAPI(): void
    {
        $this->getDataGroupHelper()->addDataGroupPermissions(
            'apiv2_time_time_sheet_config',
            'ESS',
            true,
            false,
            false,
            false,
            false
        );
    }

    private function changePermissionForEmployeeWorkShiftAPI(): void
    {
        $this->getDataGroupHelper()->addDataGroupPermissions(
            'apiv2_pim_employee_work_shift',
            'ESS',
            true,
            false,
            false,
            false,
            false
        );
    }
}