# -*- coding: utf-8 -*-
from __future__ import annotations

import logging
import uuid

from django.core.exceptions import PermissionDenied
from django.http import HttpRequest, HttpResponse
from django.shortcuts import redirect, render
from django.urls import reverse

LOGGER = logging.getLogger(__name__)


def authenticate(request: HttpRequest) -> HttpResponse:
    if request.user.is_anonymous is False:
        auth_key = str(uuid.uuid4())

        request.session['extension_auth_key'] = auth_key
        request.session.save()

        return redirect(reverse(
            'ui.integrations.extension.post_authenticate',
            query=[
                ('auth_key', auth_key),
            ],
        ))

    return redirect(reverse('ui.accounts.login', query=[
        ('next', reverse('ui.integrations.extension.authenticate')),
    ]))


def post_authenticate(request: HttpRequest) -> HttpResponse:
    try:
        assert request.user.is_anonymous is False, 'Not authenticated'

        auth_key = request.GET.get('auth_key', None)
        assert request.session.get('extension_auth_key', None) == auth_key, (
            'Auth key mismatch'
        )

        return render(
            request, 'ui/integrations/extension/post_authenticate.html',
        )
    except AssertionError as exception:
        LOGGER.error(
            'Unable to handle extension authentication: %s',
            exception,
            exc_info=exception,
        )

        raise PermissionDenied('NOPE')