# -*- coding: utf-8 -*-
# Copyright 2016 SYLEAM
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).

import hashlib
import uuid
import logging
from openerp import models, api, fields
from ..oauth2.validator import OdooValidator

_logger = logging.getLogger(__name__)

try:
    from oauthlib import oauth2
except ImportError:
    _logger.debug('Cannot `import oauthlib`.')


class OAuthProviderClient(models.Model):
    _name = 'oauth.provider.client'
    _description = 'OAuth Provider Client'

    name = fields.Char(required=True, help='Name of this client.')
    identifier = fields.Char(
        string='Client Identifier', required=True, readonly=True,
        default=lambda self: str(uuid.uuid4()), copy=False,
        help='Unique identifier of the client.')
    secret = fields.Char(
        help='Optional secret used to authenticate the client.')
    skip_authorization = fields.Boolean(
        help='Check this box if the user shouldn\'t be prompted to authorize '
        'or not the requested scopes.')
    application_type = fields.Selection(
        selection=[
            ('web application', 'Web Application'),
            ('mobile application', 'Mobile Application'),
            ('legacy application', 'Legacy Application'),
            ('backend application', 'Backend Application (not implemented)'),
        ], required=True, default='web application',
        help='Application type to be used with this client.')
    grant_type = fields.Selection(
        selection=[
            ('authorization_code', 'Authorization Code'),
            ('implicit', 'Implicit'),
            ('password', 'Password'),
            ('client_credentials', 'Client Credentials'),
        ], string='OAuth Grant Type',
        compute='_compute_grant_response_type', store=True,
        help='Grant type used by the client for OAuth.')
    response_type = fields.Selection(
        selection=[
            ('code', 'Authorization Code'),
            ('token', 'Token'),
            ('none', 'None'),
        ], string='OAuth Response Type',
        compute='_compute_grant_response_type', store=True,
        help='Response type used by the client for OAuth.')
    token_type = fields.Selection(
        selection=[('random', 'Randomly generated')],
        required=True, default='random',
        help='Type of token to return. The base module only provides randomly '
        'generated tokens.')
    scope_ids = fields.Many2many(
        comodel_name='oauth.provider.scope', string='Allowed Scopes',
        help='List of scopes the client is allowed to access.')
    redirect_uri_ids = fields.One2many(
        comodel_name='oauth.provider.redirect.uri', inverse_name='client_id',
        string='OAuth Redirect URIs',
        help='Allowed redirect URIs for the client.')

    _sql_constraints = [
        ('identifier_unique', 'UNIQUE (identifier)',
         'The identifier of the client must be unique !'),
    ]

    @api.model
    def application_type_mapping(self):
        return {
            'web application': ('authorization_code', 'code'),
            'mobile application': ('implicit', 'token'),
            'legacy application': ('password', 'none'),
            'backend application': ('client_credentials', 'none'),
        }

    @api.multi
    @api.depends('application_type')
    def _compute_grant_response_type(self):
        applications = self.application_type_mapping()
        for client in self:
            client.grant_type, client.response_type = applications[
                client.application_type]

    @api.multi
    def get_oauth2_server(self, validator=None, **kwargs):
        """ Returns an OAuth2 server instance, depending on the client application type

        Generates an OdooValidator instance if no custom validator is defined
        All other arguments are directly passed to the server constructor (for
        example, a token generator function)
        """
        self.ensure_one()

        if validator is None:
            validator = OdooValidator()

        if self.application_type == 'web application':
            return oauth2.WebApplicationServer(validator, **kwargs)
        elif self.application_type == 'mobile application':
            return oauth2.MobileApplicationServer(validator, **kwargs)
        elif self.application_type == 'legacy application':
            return oauth2.LegacyApplicationServer(validator, **kwargs)
        elif self.application_type == 'backend application':
            return oauth2.BackendApplicationServer(validator, **kwargs)

    @api.multi
    def generate_user_id(self, user):
        """ Generates a unique user identifier for this client

        Include the client and user identifiers in the final identifier to
        generate a different identifier for the same user, depending on the
        client accessing this user. By doing this, clients cannot find a list
        of common users by comparing their identifiers list from tokeninfo.
        """
        self.ensure_one()

        user_identifier = self.identifier \
            + user.sudo().oauth_identifier

        # Use a sha256 to avoid a too long final string
        return hashlib.sha256(user_identifier).hexdigest()