package com.ruoyi.framework.security;

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import java.util.Collection;

/**
 * 微信登录认证Token
 * 类似于UsernamePasswordAuthenticationToken
 * 
 * @author ruoyi
 */
public class WechatAuthenticationToken extends AbstractAuthenticationToken
{
    private static final long serialVersionUID = 1L;

    /**
     * 认证主体(登录前为openId,登录后为LoginUser)
     */
    private final Object principal;

    /**
     * 认证凭证(可选的unionId)
     */
    private Object credentials;

    /**
     * 创建未认证的Token(登录前)
     * 
     * @param openId 微信OpenID
     * @param unionId 微信UnionID(可选)
     */
    public WechatAuthenticationToken(String openId, String unionId)
    {
        super(null);
        this.principal = openId;
        this.credentials = unionId;
        setAuthenticated(false);
    }

    /**
     * 创建已认证的Token(登录后)
     * 
     * @param principal 登录用户信息
     * @param credentials 凭证
     * @param authorities 权限列表
     */
    public WechatAuthenticationToken(Object principal, Object credentials,
                                     Collection<? extends GrantedAuthority> authorities)
    {
        super(authorities);
        this.principal = principal;
        this.credentials = credentials;
        super.setAuthenticated(true);
    }

    @Override
    public Object getCredentials()
    {
        return this.credentials;
    }

    @Override
    public Object getPrincipal()
    {
        return this.principal;
    }

    @Override
    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException
    {
        if (isAuthenticated)
        {
            throw new IllegalArgumentException(
                "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
        }
        super.setAuthenticated(false);
    }

    @Override
    public void eraseCredentials()
    {
        super.eraseCredentials();
        credentials = null;
    }
}