# frozen_string_literal: true

class User < ApplicationRecord
  has_secure_password

  attr_accessor :login

  # validates :email, confirmation: true

  class << self
    # Devise method overridden to allow sign in with email or username
    def find_for_database_authentication(passed_conditions)
      conditions = passed_conditions.dup
      if (login = conditions.delete(:login))
        where(conditions).find_by(
          'lower(username) = :value OR lower(email) = :value',
          value: login.downcase.strip,
        )
      else
        find_by(conditions)
      end
    end
  end

  def self.from_omniauth(auth)
    where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
      user.email = auth.info.email

      rlength = (20 * 3) / 4
      user.password = SecureRandom.urlsafe_base64(rlength).tr('lIO0', 'sxyz')

      # Reddit, Google, and Discord both have email verification already
      # user.skip_confirmation! # FIXME
    end
  end
end