const LessonModule = require('../base/LessonModule');

class BrowserInBrowserLesson extends LessonModule {
  constructor(config) {
    super(config);
  }

  // Get interactive data for the BitB demo
  getInteractiveData(stepId) {
    if (stepId === 'bitb-demo') {
      return {
        scenarios: [
          {
            id: 'legitimate',
            title: 'Legitimate OAuth Popup',
            provider: 'Google',
            domain: 'accounts.google.com',
            isReal: true,
            description: 'This simulates how a REAL browser popup would behave',
            indicators: [
              'Can be dragged outside browser window',
              'Has native window controls',
              'Address bar text is not selectable (real browser UI)',
              'Right-click shows browser context menu, not page menu',
              'Appears as separate window in system taskbar'
            ]
          },
          {
            id: 'bitb-attack',
            title: 'Browser-in-the-Browser Attack',
            provider: 'Microsoft',
            domain: 'login.microsoftonline.com',
            isReal: false,
            description: 'This is a FAKE popup window created with HTML/CSS/JavaScript',
            indicators: [
              'Cannot be dragged outside the main browser window',
              'Entire window is trapped within the page boundaries',
              'Address bar is just HTML text/image (right-click shows Inspect)',
              'Window controls (minimize, maximize, close) are fake buttons',
              'Does not appear in system taskbar as separate window'
            ]
          }
        ],
        testInstructions: [
          'Try to drag each popup window outside the main browser area',
          'Right-click on the address bar to see if you can inspect it as HTML',
          'Look for subtle differences in fonts, spacing, or shadows',
          'Check if the window controls behave like real browser buttons',
          'Notice if the popup can extend beyond the main window boundaries'
        ],
        realWorldExamples: [
          {
            year: 2022,
            target: 'Corporate employees',
            provider: 'Microsoft OAuth',
            description: 'Attackers used BitB to steal enterprise credentials'
          },
          {
            year: 2022,
            target: 'Cryptocurrency users',
            provider: 'Google Sign-in',
            description: 'Fake crypto platforms used BitB for account takeovers'
          },
          {
            year: 2023,
            target: 'GitHub developers',
            provider: 'GitHub OAuth',
            description: 'Malicious sites mimicked GitHub login to steal tokens'
          }
        ]
      };
    }
    return null;
  }

  // Validate specific BitB detection knowledge
  async validateAnswer(questionId, answer) {
    // Use base class validation for standard question types
    return super.validateAnswer(questionId, answer);
  }
}

module.exports = BrowserInBrowserLesson;