#!/usr/bin/perl

use strict;
use warnings;
use Getopt::Long qw(:config no_ignore_case);
use Perun::auth::OidcAuth;
use Perun::Common qw(printMessage);

sub help {
	return qq{
	Removes access and refresh token saved for OIDC authentication. By default removes tokens of currently chosen
	configuration (as set in environment variable PERUN_OIDC_CONFIG)
	------------------------------------
	Available options:
	--batch                         | -b batch
	--help                          | -h prints this help
	--all							| -a removes tokens for all configurations
	--config						| -c id of config of which tokens to remove

};
}

our $batch;
my ($configId, $removeAllConfigs);
GetOptions ("help|h"    => sub {
	print help();
	exit 0;
}, "batch|b"        => \$batch,
	"all|a"		=> \$removeAllConfigs,
	"config|c=s"	=> \$configId
	) || die help();
if (!defined $configId && !defined $removeAllConfigs) {
	$configId = $ENV{PERUN_OIDC_CONFIG} || die "ERROR: environment variable PERUN_OIDC_CONFIG not set and configuration not specified.\n";
}
my $message;
if (defined $removeAllConfigs) {
	Perun::auth::OidcAuth::removeAllAccessTokens();
	Perun::auth::OidcAuth::removeAllRefreshTokens();
} else {
	Perun::auth::OidcAuth::checkConfigExists($configId);
	if (Perun::auth::OidcAuth::getAccessToken($configId)) {
		Perun::auth::OidcAuth::removeAccessToken($configId);
		$message = "Removed access token. ";
	}
	else {
		$message = "Access token is not stored. ";
	}

	if (Perun::auth::OidcAuth::getRefreshToken($configId)) {
		Perun::auth::OidcAuth::removeRefreshToken($configId);
		$message = $message . "Removed refresh token.";
	}
	else {
		$message = $message . "Refresh token is not stored.";
	}

	if (Perun::auth::OidcAuth::getAccessToken($configId) || Perun::auth::OidcAuth::getRefreshToken($configId)) {
		print STDERR "Could not remove tokens.";
		exit 0;
	}
}
printMessage($message, $batch);
