module Doorkeeper::OAuth
  class PasswordAccessTokenRequest
    include Doorkeeper::Validations
    include Doorkeeper::OAuth::Helpers

    validate :client,         :error => :invalid_client
    validate :resource_owner, :error => :invalid_resource_owner
    validate :scopes,         :error => :invalid_scope

    attr_accessor :server, :resource_owner, :credentials, :access_token
    attr_accessor :client

    def initialize(server, credentials, resource_owner, parameters = {})
      @server          = server
      @resource_owner  = resource_owner
      @credentials     = credentials
      @original_scopes = parameters[:scope]

      @client = Doorkeeper::Application.authenticate(credentials.uid, credentials.secret) if credentials
    end

    def authorize
      validate
      @response = if valid?
        issue_token
        TokenResponse.new access_token
      else
        ErrorResponse.from_request self
      end
    end

    def valid?
      self.error.nil?
    end

    def scopes
      @scopes ||= if @original_scopes.present?
        Doorkeeper::OAuth::Scopes.from_string(@original_scopes)
      else
        server.default_scopes
      end
    end

  private

    def issue_token
      application_id = client.id if client

      @access_token = Doorkeeper::AccessToken.create!({
        :application_id     => application_id,
        :resource_owner_id  => resource_owner.id,
        :scopes             => scopes.to_s,
        :expires_in         => server.access_token_expires_in,
        :use_refresh_token  => server.refresh_token_enabled?
      })
    end

    def validate_scopes
      return true unless @original_scopes.present?
      ScopeChecker.valid?(@original_scopes, @server.scopes)
    end

    def validate_resource_owner
      !!resource_owner
    end

    def validate_client
      !credentials || !!client
    end
  end
end