from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest, Http404, HttpResponseForbidden
from django.shortcuts import render
# from django.db.models import Manager
from django.contrib.auth import authenticate, login, logout, update_session_auth_hash
from django.contrib.auth.hashers import check_password
from django.contrib.auth.password_validation import validate_password, password_changed
from django.core.exceptions import ValidationError
from django.contrib.auth.decorators import login_required, permission_required
from .models import User
from .forms import UserRegisterForm


def default_view(request, *args, **kwargs):
    return HttpResponse('Not implemented!')


def view_logout(request):
    logout(request)
    # перенаправляем на страницу авторизации
    return HttpResponseRedirect('/account/login')


def view_login(request):
    if request.user.is_authenticated:
        # уже авторизован, перенаправляем либо в корень, либо по пути, указанному в next
        redirect_uri = "/"
        if "next" in request.GET:
            if request.GET['next'] != request.path:
                # чтобы не возникло циклического редиректа
                redirect_uri = request.GET['next']
        return HttpResponseRedirect(redirect_uri)

    render_context = {
        'message': None
    }
    if request.method == "POST":
        try:
            username = request.POST["username"]
            password = request.POST["password"]
        except KeyError:
            return HttpResponseBadRequest()
        user = authenticate(request, username=username, password=password)
        if user is not None:
            login(request, user)
            redirect_uri = "/"
            if "next" in request.GET:
                if request.GET['next'] != request.path:
                    # чтобы не возникло циклического редиректа
                    redirect_uri = request.GET['next']
            return HttpResponseRedirect(redirect_uri)
        else:
            render_context['message'] = "Неверный логин или пароль"
            return render(request, 'account/login.html', render_context)
    elif request.method == "GET":
        return render(request, 'account/login.html', render_context)
    else:
        return HttpResponseBadRequest()


@login_required
def view_account(request, username=None):
    view_user = request.user
    if username is not None:
        if username != view_user.login:
            if request.user.has_perm('users.view_user'):
                try:
                    view_user = User.objects.get_by_natural_key(username)
                except:
                    return Http404()
            else:
                raise PermissionError()
    return render(request, 'account/view.html', {'view_user': view_user})


@login_required
@permission_required(perm='users.add_user', raise_exception=True)
def view_register(request):
    form = UserRegisterForm(request.POST or None)
    if request.method == 'POST':
        if form.is_valid():
            form.save()
            return HttpResponseRedirect('/account/list')
    return render(request, 'account/register.html', {'form': form})


@login_required
def view_change_password(request):
    target_user = request.user
    old_password_required = True
    if 'username' in request.GET:
        if request.GET['username'] != target_user.login:
            if request.user.has_perm('users.change_user'):
                old_password_required = False
                try:
                    target_user = User.objects.get_by_natural_key(request.GET['username'])
                except:
                    return Http404()
            else:
                return HttpResponseForbidden()

    render_context = {
        'target_user': target_user,
        'old_password_required': old_password_required,
        'old_password_wrong': False,
        'new_password_errors': None,
        'new_password_equals': True
    }

    if request.method == "POST":
        # для начала проверка того, что старый пароль
        form_valid = True
        try:
            post_curr_pass = request.POST['current_password'] if old_password_required else None
            post_pass1 = request.POST['password1']
            post_pass2 = request.POST['password2']
        except KeyError:
            return HttpResponseBadRequest()

        if old_password_required:
            if not check_password(post_curr_pass, target_user.password):
                render_context['old_password_wrong'] = False
                form_valid = False

        # теперь проверим то, что пароли одинаковые
        if post_pass1 != post_pass2:
            render_context['new_password_equals'] = False
            form_valid = False

        # теперь проверим, что пароль ввели нормальный
        try:
            validate_password(post_pass1, target_user)
        except ValidationError as ve:
            render_context['new_password_errors'] = ve.messages
            form_valid = False

        if form_valid:
            password_changed(post_pass1, target_user)
            target_user.save()
            update_session_auth_hash(request, target_user)
            return render(request, 'account/change-password-done.html', {'target_user': target_user})

    return render(request, 'account/change-password.html', render_context)


@login_required
@permission_required(perm='users.view_user', raise_exception=True)
def view_list(request):
    return render(request, 'account/list.html', {'users': User.objects.order_by('login')})