defmodule PhilomenaWeb.UnlockController do
  use PhilomenaWeb, :controller

  alias Philomena.Users

  plug PhilomenaWeb.CaptchaPlug
  plug PhilomenaWeb.CheckCaptchaPlug when action in [:create]

  def new(conn, _params) do
    render(conn, "new.html")
  end

  def create(conn, %{"user" => %{"email" => email}}) do
    if user = Users.get_user_by_email(email) do
      Users.deliver_user_unlock_instructions(
        user,
        &Routes.unlock_url(conn, :show, &1)
      )
    end

    # Regardless of the outcome, show an impartial success/error message.
    conn
    |> put_flash(
      :info,
      "If your email is in our system and your account has been locked, " <>
        "you will receive an email with instructions shortly."
    )
    |> redirect(to: "/")
  end

  # Do not log in the user after unlocking to avoid a
  # leaked token giving the user access to the account.
  def show(conn, %{"id" => token}) do
    case Users.unlock_user_by_token(token) do
      {:ok, _} ->
        conn
        |> put_flash(:info, "Account unlocked successfully. You may now log in.")
        |> redirect(to: "/")

      :error ->
        conn
        |> put_flash(:error, "Unlock link is invalid or it has expired.")
        |> redirect(to: "/")
    end
  end
end