<?php

namespace App\Auth\Providers;

use Illuminate\Auth\EloquentUserProvider;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Support\Facades\Hash;

class MD5UserProvider extends EloquentUserProvider
{
    /**
     * Validate the user's credentials.
     *
     * This method checks the provided plain password against the stored hashed password.
     * - If the stored password is hashed using Bcrypt (i.e., does not need rehashing), it uses Laravel's Hash::check.
     * - If the stored password is an MD5 hash, it manually compares the MD5 hash of the plain password.
     *   If matched, it automatically upgrades the password to Bcrypt and saves the user.
     *
     * @param \Illuminate\Contracts\Auth\Authenticatable $user The user instance.
     * @param array $credentials The credentials array containing at least a 'password' key.
     * @return bool Returns true if the credentials are valid, otherwise false.
     */
    public function validateCredentials(Authenticatable $user, array $credentials)
    {
        $plain = $credentials['password'];
        $hashed = $user->getAuthPassword();

        /**
         * Checks if the given hashed password needs to be rehashed.
         * If the hash does not require rehashing (e.g., it is already using Bcrypt),
         * verifies the plain password against the hashed value using Laravel's Hash facade.
         *
         * @param string $plain  The plain text password to verify.
         * @param string $hashed The hashed password stored in the database.
         * @return bool Returns true if the plain password matches the hashed value, false otherwise.
         */
        if (!Hash::needsRehash($hashed)) {
            return Hash::check($plain, $hashed);
        }

        /**
         * Checks if the given plain password matches the stored MD5 hash.
         * If matched, automatically upgrades the user's password to a secure hash using Laravel's Hash facade.
         * Saves the upgraded password to the database.
         *
         * @param string $plain  The plain text password provided by the user.
         * @param string $hashed The stored MD5 hashed password.
         * @return bool Returns true if the password matches and is upgraded, otherwise false.
         */
        if (md5($plain) === $hashed) {
            // Tự động upgrade
            $user->password = Hash::make($plain);
            $user->save();

            return true;
        }

        return false;
    }
}