PasswordResetHandler = require("./PasswordResetHandler")
RateLimiter = require("../../infrastructure/RateLimiter")
AuthenticationController = require("../Authentication/AuthenticationController")
UserGetter = require("../User/UserGetter")
UserSessionsManager = require("../User/UserSessionsManager")
logger = require "logger-sharelatex"

module.exports =

	renderRequestResetForm: (req, res)->
		logger.log "rendering request reset form"
		res.render "user/passwordReset",
			title:"reset_password"

	requestReset: (req, res)->
		email = req.body.email.trim().toLowerCase()
		opts =
			endpointName: "password_reset_rate_limit"
			timeInterval: 60
			subjectName: req.ip
			throttle: 6
		RateLimiter.addCount opts, (err, canContinue)->
			if !canContinue
				return res.send 500, { message: req.i18n.translate("rate_limit_hit_wait")}
			PasswordResetHandler.generateAndEmailResetToken email, (err, exists)->
				if err?
					res.send 500, {message:err?.message}
				else if exists
					res.sendStatus 200
				else
					res.send 404, {message: req.i18n.translate("cant_find_email")}

	renderSetPasswordForm: (req, res)->
		if req.query.passwordResetToken?
			req.session.resetToken = req.query.passwordResetToken
			return res.redirect('/user/password/set')
		if !req.session.resetToken?
			return res.redirect('/user/password/reset')
		res.render "user/setPassword",
			title:"set_password"
			passwordResetToken: req.session.resetToken

	setNewUserPassword: (req, res, next)->
		{passwordResetToken, password} = req.body
		if !password? or password.length == 0 or !passwordResetToken? or passwordResetToken.length == 0
			return res.sendStatus 400
		delete req.session.resetToken
		PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err, found, user_id) ->
			return next(err) if err?
			if found
				UserSessionsManager.revokeAllUserSessions {_id: user_id}, [], (err) ->
					return next(err) if err?
					if req.body.login_after
						UserGetter.getUser user_id, {email: 1}, (err, user) ->
							return next(err) if err?
							AuthenticationController.afterLoginSessionSetup req, user, (err) ->
								if err?
									logger.err {err, email: user.email}, "Error setting up session after setting password"
									return next(err)
								res.json {redir: AuthenticationController._getRedirectFromSession(req) || "/project"}
					else
						res.sendStatus 200
			else
				res.sendStatus 404