<?php

namespace App\Auth;

use Laravel\Passport\Bridge\UserRepository;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use Laravel\Passport\Bridge\User;
use Illuminate\Support\Facades\Hash;
use App\Models\User as UserModel;

class PassportUserRepository extends UserRepository
{
    public function getUserEntityByUserCredentials(
        $username,
        $password,
        $grantType,
        ClientEntityInterface $clientEntity
    ) {
        $user = UserModel::where('email', $username)->first();

        if (!$user) {
            return null;
        }

        // Avoid Hash::check() error with non-bcrypt hashes
        if ($this->isBcryptHash($user->password)) {
            if (Hash::check($password, $user->password)) {
                return new User($user->id);
            }
        } else {
            // If the hash is not bcrypt, check for MD5 manually
            if (md5($password) === $user->password) {
                // Upgrade password to bcrypt
                $user->password = Hash::make($password);
                $user->save();

                return new User($user->id);
            }
        }

        return null;
    }

    /**
     * Check if the given hash uses the bcrypt algorithm.
     *
     * @param string $hashedPassword
     * @return bool
     */
    protected function isBcryptHash($hashedPassword): bool
    {
        return password_get_info($hashedPassword)['algo'] === PASSWORD_BCRYPT;
    }
}