# plugins/discourse-md5_authentication/plugin.rb

# frozen_string_literal: true

# name: discourse-md5_authentication
# about: A plugin to authenticate users with MD5 passwords from legacy systems
# version: 0.4
# authors: saint
# url: https://gitea.federated.computer/saint/discourse-md5_authentication.git

# This block of code is executed after the Discourse application is initialized.
after_initialize do
  # Reopening the Auth::DefaultAuthenticator class to add custom authentication logic.
  class ::Auth::DefaultAuthenticator
    # Define a module to encapsulate the MD5 authentication logic.
    module LegacyMd5Authentication
      # This method is called when the module is prepended to the class.
      # It creates an alias for the existing authenticate method to preserve it.
      def self.prepended(base)
        base.singleton_class.class_eval do
          alias_method :old_authenticate, :authenticate
        end
      end

      # Override the authenticate method to add custom MD5 password logic.
      def authenticate(email_or_username, password)
        # Log an attempt to authenticate.
        Rails.logger.info("MD5 Auth: Attempting to authenticate #{email_or_username}")

        # Find the user by their username or email.
        user = User.find_by_username_or_email(email_or_username.downcase.strip)

        # Log if a user is found.
        if user
          Rails.logger.info("MD5 Auth: User found - #{user.username}")
        end

        # Check if the user's custom field contains an MD5 password and if it matches the provided password.
        if user && user.custom_fields['md5_password'] && user.custom_fields['md5_password'] == Digest::MD5.hexdigest(password)
          Rails.logger.info("MD5 Auth: MD5 password match for user #{user.username}")
          
          # Update the user's password to the new format and clear the MD5 password field.
          user.update!(password: password)
          user.custom_fields['md5_password'] = nil
          user.save_custom_fields

          # Return an authentication result indicating success.
          return Auth::Result.new(user)
        end

        # If MD5 authentication fails, fall back to the original authentication method.
        Rails.logger.info("MD5 Auth: Falling back to default authentication for #{email_or_username}")
        old_authenticate(email_or_username, password)
      end
    end

    # Prepend the module to the DefaultAuthenticator class.
    prepend LegacyMd5Authentication
  end
end