import logging
import os
import base64

from flask import request, abort, session, make_response
from flask.ext.login import login_user, UserMixin
from flask.ext.principal import identity_changed

from data import model
from app import app, login_manager
from auth.permissions import QuayDeferredPermissionUser


logger = logging.getLogger(__name__)


@login_manager.user_loader
def load_user(username):
  logger.debug('Loading user: %s' % username)
  return _LoginWrappedDBUser(username)

class _LoginWrappedDBUser(UserMixin):
  def __init__(self, db_username, db_user=None):

    self._db_username = db_username
    self._db_user = db_user

  def db_user(self):
    if not self._db_user:
      self._db_user = model.get_user(self._db_username)
    return self._db_user

  def is_authenticated(self):
    return self.db_user() is not None

  def is_active(self):
    return self.db_user().verified

  def get_id(self):
    return unicode(self._db_username)


def common_login(db_user):
  if login_user(_LoginWrappedDBUser(db_user.username, db_user)):
    logger.debug('Successfully signed in as: %s' % db_user.username)
    new_identity = QuayDeferredPermissionUser(db_user.username, 'username')
    identity_changed.send(app, identity=new_identity)
    return True
  else:
    logger.debug('User could not be logged in, inactive?.')
    return False


@app.errorhandler(model.DataModelException)
def handle_dme(ex):
  return make_response(ex.message, 400)


@app.errorhandler(KeyError)
def handle_dme_key_error(ex):
  return make_response(ex.message, 400)


def generate_csrf_token():
  if '_csrf_token' not in session:
    session['_csrf_token'] = base64.b64encode(os.urandom(48))

  return session['_csrf_token']

app.jinja_env.globals['csrf_token'] = generate_csrf_token