class UsersController < ApplicationController

  UserProxy = Struct.new(:user_id)

  before_action :ensure_valid_user, except: [:show, :login, :verify_login, :new, :create]
  skip_before_action :verify_authenticity_token, only: [:verify_login]

  def show
    if current_user
      render json: { id: current_user.id, name: current_user.display_name, admin: current_user.admin? }
    else
      render json: nil
    end
  end

  def login

  end

  def logout
    set_current_user(nil)
    session.destroy

    respond_to do |format|
      format.html { redirect_to root_path, notice: "Logged out" }
      format.json { render json: { success: true } }
    end
  end

  def verify_login

    respond_to do |format|
      if user = User.authenticate(params[:username], params[:password])
        set_current_user(user)
        format.html { redirect_to root_path, notice: "Welcome, #{user.display_name}" }
        format.json { render json: { success: true, user: { id: user.id, name: user.display_name, admin: user.admin? } } }
      else
        format.html { flash[:error] = "Invalid credentials"; render :login }
        format.json { render json: { success: false, message: 'Invalid Credentials', user: nil } }
      end
    end
  end

  def new
    @user = User.new
  end

  def create
    @user = User.new(user_params)

    if @user.save
      set_current_user(@user)
      redirect_to root_path, notice: 'User was successfully created.'
    else
      render action: :new
    end
  end

  def edit
    @user = current_user
  end

  def update
    @user = current_user
    if @user.update(user_params)
      redirect_to root_path, notice: 'User account updated'
    else
      render action: 'edit'
    end
  end

  private

  def user_params
    params.require(:user).permit(:username, :email, :full_name, :password, :password_confirmation)
  end
end