class CASServer::Authenticators::SQL < CASServer::Authenticators::Base
  class CASUser < ActiveRecord::Base; end

  def self.option_reader(k, default = nil)
    define_method(k) { @options.fetch(k, default) }
  end

  option_reader :username_column, "username"
  option_reader :password_column, "password"
  option_reader :user_table, "users"
  option_reader :database
  option_reader :extra_attributes


  def validate(credentials)
    # should we even run?
    @options or raise CASServer::AuthenticatorError, "Cannot validate credentials because the authenticator hasn't yet been configured"
    database or raise CASServer::AuthenticatorError, "Invalid authenticator configuration!"

    # initialize
    read_standard_credentials(credentials)
    CASUser.establish_connection database
    CASUser.set_table_name user_table

    # do some real work at last
    user, multiple_users = CASUser.send("find_all_by_#{username_column}_and_#{password_column}", @username, @password)
    return false unless user

    go_ahead_and_tell_everyone if multiple_users

    @extra_attributes = extra_attributes_to_extract.inject({}) { |h, k| h[k] = user.send(k); h } if extra_attributes.blank?
    return true
  end

  def go_ahead_and_tell_everyone
    s = "#{self.class}: Multiple matches found for user #{@username.inspect}."
    s << " Unable to extract extra_attributes because of it." unless extra_attributes.blank?
    $LOG.warn(s)
  end

end