# -*- coding: utf-8 -*-
# Copyright 2015 GRAP - Sylvain LE GAL
# Copyright 2017 Tecnativa - David Vidal
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).

import logging

from odoo import fields, http, registry, SUPERUSER_ID
from odoo.api import Environment
from odoo.http import request
from odoo.addons.web.controllers.main import Home, ensure_db

_logger = logging.getLogger(__name__)


class LoginController(Home):

    @http.route()
    def web_login(self, redirect=None, **kw):
        if request.httprequest.method == 'POST':
            ensure_db()
            remote = request.httprequest.remote_addr
            # Get registry and cursor
            with registry(request.session.db).cursor() as cursor:
                env = Environment(cursor, SUPERUSER_ID, {})
                config_obj = env['ir.config_parameter']
                attempt_obj = env['res.authentication.attempt']
                banned_remote_obj = env['res.banned.remote']
                # Get Settings
                max_attempts_qty = int(config_obj.get_param(
                    'auth_brute_force.max_attempt_qty'))
                # Test if remote user is banned
                banned = banned_remote_obj.search([('remote', '=', remote)])
                if banned:
                    request.params['password'] = ''
                    _logger.warning(
                        "Authentication tried from remote '%s'. The request "
                        "has been ignored because the remote has been banned "
                        "after %d attempts without success. Login tried : '%s'"
                        "." % (remote, max_attempts_qty,
                               request.params['login']))
                else:
                    # Try to authenticate
                    result = request.session.authenticate(
                        request.session.db, request.params['login'],
                        request.params['password'])
                # Log attempt
                attempt_obj.create({
                    'attempt_date': fields.Datetime.now(),
                    'login': request.params['login'],
                    'remote': remote,
                    'result': banned and 'banned' or (
                        result and 'successfull' or 'failed'),
                })
                cursor.commit()
                if not banned and not result:
                    # Get last bad attempts quantity
                    attempts_qty = len(attempt_obj.search_last_failed(remote))
                    if max_attempts_qty <= attempts_qty:
                        # We ban the remote
                        _logger.warning(
                            "Authentication failed from remote '%s'. "
                            "The remote has been banned. Login tried : '%s'"
                            "." % (remote, request.params['login']))
                        banned_remote_obj.sudo().create({
                            'remote': remote,
                            'ban_date': fields.Datetime.now(),
                        })
                        cursor.commit()
                    else:
                        _logger.warning(
                            "Authentication failed from remote '%s'."
                            " Login tried : '%s'. Attempt %d / %d." % (
                                remote, request.params['login'], attempts_qty,
                                max_attempts_qty))
        return super(LoginController, self).web_login(redirect=redirect, **kw)