from rest_framework import status
from goodtimes import constants
from goodtimes.utils import ApiResponse
from accounts.models import IAmPrincipal, IAmPrincipalOtp
from django.contrib.auth.hashers import check_password
from rest_framework_simplejwt.tokens import RefreshToken


def generate_token_and_user_data(principal):
    """
    Generate a token and user data based on an 'IAmPrincipal' object.

    Args:
        principal (IAmPrincipal): The user object.

    Returns:
        dict: A dictionary containing token data and user information.
    """
    refresh = RefreshToken.for_user(principal)
    data = {
        "access": str(refresh.access_token),
        "first_name": principal.first_name,
        "last_name": principal.last_name,
        "email": str(principal.email),
        "complete": principal.register_complete,
    }
    return data


def authticate_with_otp_and_passsword(principal: IAmPrincipal, otp=None, password=None):
    """
    Authenticate a principal using OTP and/or Password.

    Parameters:
    - principal (User): The principal object to authenticate.
    - otp (str, optional): One-Time Password (OTP). Default is None.
    - password (str, optional): User's password. Default is None.

    Returns:
    None: Successful authentication.
    Response: Error response if authentication fails.

    Example:
    ```
    principal = User.objects.get(phone_no='8987546598')
    otp = request.data.get("otp")
    password = request.data.get("password")

    result = authenticate_with_otp_and_password(principal, otp, password)
    if isinstance(result, Response):
        return result  # Authentication failed, return error response
    else:
        # Authentication successful, proceed with authorized actions.
    ```
    """

    if not principal.is_active:
        return ApiResponse.error(
            message=constants.ACCOUNT_DEACTIVATED, errors=constants.ACCOUNT_DEACTIVATED
        )

    # Ensure that either OTP or password is provided
    if otp is None and password is None:
        return ApiResponse.error(
            message=constants.OTP_OR_PASSWORD_REQUIRED,
            errors=constants.OTP_OR_PASSWORD_REQUIRED,
        )

    if otp:
        otp_instance = IAmPrincipalOtp.objects.filter(
            principal=principal, otp_code=otp
        ).last()

        if not otp_instance:
            return ApiResponse.error(
                message=constants.OTP_INVALID, errors=constants.OTP_INVALID
            )

        if otp_instance.is_expired():
            return ApiResponse.error(
                message=constants.OTP_EXPIRED, errors=constants.OTP_EXPIRED
            )

        otp_instance.is_used = True
        otp_instance.save()

    elif password:
        print("password")
        print(password)
        validate = principal.check_password(password)
        if not validate:
            return ApiResponse.error(
                message=constants.INVALID_PASSWORD, errors=constants.INVALID_PASSWORD
            )
        print("validate", validate)
        print("after passsowrd", password)

    # return None


def get_principal_by_email(email):
    try:
        principal = IAmPrincipal.objects.get(email=email)
        return principal
    except IAmPrincipal.DoesNotExist:
        error_response = {
            "status": status.HTTP_404_NOT_FOUND,
            "message": constants.EMAIL_NOT_REGISTERED,
            "errors": constants.EMAIL_NOT_REGISTERED,
        }
        return ApiResponse.error(**error_response)