require_once 'common.inc.php';
/* this file handles the entire OAuth API token negotiation for a user token --
   update it to include a better explanation, pertinent to your app, for why the
   user is about to be asked to log into Canvas in the middle of Canvas */
try {
    $oauth = new OAuthNegotiator();
} catch (OAuthNegotiator_Exception $e) {
}
if (isset($_REQUEST['oauth'])) {
    switch ($_REQUEST['oauth']) {
        case 'request':
            $smarty->assign('content', '<h1>Token Request</h1>
		<p>This application requires access to the Canvas APIs. Canvas is about to ask you to give permission for this.</p>
		<p><a href="' . $_SERVER['PHP_SELF'] . '?oauth=process">Click to continue</a></p>');
            $smarty->display();
            exit;
        case 'process':
            $oauth = new OAuthNegotiator('https://' . $toolProvider->user->getResourceLink()->settings['custom_canvas_api_domain'] . '/login/oauth2', (string) $secrets->oauth->id, (string) $secrets->oauth->key, "{$_SERVER['PHP_SELF']}?oauth=complete", (string) $secrets->app->name);
            break;
        case 'complete':
            $user = new UserAPIToken($_SESSION['user_consumer_key'], $_SESSION['user_id'], $sql);
            $user->setToken($oauth->getToken());
            $user->setAPIUrl("{$metadata['CANVAS_INSTANCE_URL']}/api/v1");
            $_SESSION['apiToken'] = $user->getToken();
            $_SESSION['apiUrl'] = $user->getAPIUrl();
            $_SESSION['isUserToken'] = true;
            header("Location: {$metadata['APP_URL']}/app.php");
            exit;
    }
}
    /**
     * Obtain a Canvas API token, if needed.
     *
     * @param scalar $step optional Where are we in the API token negotiation workflow? (defaults to API_DECISION_NEEDED_STEP -- the beginning)
     * @param boolean $skip optional Skip this step (defaults to FALSE)
     *
     * @throws CanvasAPIviaLTI_Installer_Exception If $step is not a pre-defined *_STEP constant
     **/
    public static function acquireAPIToken($step = self::API_DECISION_NEEDED_STEP, $skip = false)
    {
        global $secrets;
        // FIXME grown-ups don't program like this
        global $metadata;
        // FIXME grown-ups don't program like this
        global $smarty;
        // FIXME grown-ups don't program like this
        if ($skip) {
            if (isset($metadata['CANVAS_API_TOKEN']) || isset($metadata['CANVAS_API_USER'])) {
                $api = new CanvasPest("{$metadata['CANVAS_INSTANCE_URL']}/login/oauth2", $metadata['CANVAS_API_TOKEN']);
                $api->delete('token');
                unset($metadata['CANVAS_API_TOKEN']);
                unset($metadata['CANVAS_API_USER']);
                $smarty->addMessage('Existing admin Canvas API token information expunged', 'There was already an administrative access token stored in your
					 application metadata, and it has now been expunged.');
            } else {
                $smarty->addMessage('No admin Canvas API token acquired', 'An administrative API token has not been acquired. Users will be asked to
					 acquire their own API tokens on their first use of the LTI.');
            }
        } else {
            switch ($step) {
                case self::API_DECISION_NEEDED_STEP:
                    $smarty->assign('content', '
						<form action="' . $metadata['APP_URL'] . '/admin/oauth.php" method="post">
							<label for="url"> Canvas Instance URL <input type="text" name="url" id="url" placeholder="' . $metadata['CANVAS_INSTANCE_URL_PLACEHOLDER'] . '" value="' . (isset($metadata['CANVAS_INSTANCE_URL']) ? $metadata['CANVAS_INSTANCE_URL'] : '') . '" /></label>
							<label for="token"> API Access Token <input type="text" name="token" id="token" placeholder="Leave blank to acquire a token interactively" /></label>
							<input type="hidden" name="skip" value="0" />
							<input type="hidden" name="step" value="' . self::API_DECISION_ENTERED_STEP . '" />
							<input type="submit" value="Use administrative token" />
						</form>
						or
						<form action="' . $_SERVER['PHP_SELF'] . '" method="post">
							<input type="hidden" name="skip" value="1" />
							<input type="hidden" name="step" value="' . self::API_DECISION_ENTERED_STEP . '" />
							<input type="submit" value="Require users to acquire individual tokens" />
						</form>
					');
                    $smarty->display();
                    exit;
                case self::API_DECISION_ENTERED_STEP:
                    $oauth = new OAuthNegotiator();
                    if ($oauth->isAPIToken()) {
                        $metadata['CANVAS_API_TOKEN'] = $oauth->getToken();
                        $smarty->addMessage('Admin Canvas API token acquired', 'An administrative API access token has been acquired and stored in your application metadata.', NotificationMessage::GOOD);
                    }
                    /* clear the processed step */
                    unset($_REQUEST['step']);
                    break;
                case self::API_TOKEN_PROVIDED_STEP:
                    $smarty->addMessage('Admin Canvas API token provided', 'You provided an API access token and it has been stored in your application metadata.');
                    break;
                default:
                    throw new CanvasAPIviaLTI_Installer_Exception("Unknown step ({$step}) in obtaining API token.", CanvasAPIviaLTI_Installer_Exception::API_STEP_MISMATCH);
            }
        }
    }