from rest_framework_simplejwt.tokens import RefreshToken
from rest_framework import status
from rest_framework.views import APIView
from rest_framework.response import Response
from django.contrib.auth import get_user_model

from apps.core.utils import verify_totp
from apps.core.services import validate_user_context, verify_recovery_code
from apps.core.serializers import TwoFactorLoginVerifySerializer


User = get_user_model()


class TwoFactorLoginVerifyView(APIView):
    authentication_classes = []  # temp token logic can be added
    permission_classes = []

    def post(self, request):
        serializer = TwoFactorLoginVerifySerializer(data=request.data)
        serializer.is_valid(raise_exception=True)

        user_id = serializer.validated_data["user_id"]
        token = serializer.validated_data["token"]

        try:
            user = User.objects.get(id=user_id)
            two_factor = user.two_factor
        except (User.DoesNotExist, AttributeError):
            return Response(
                {"detail": "Invalid user"},
                status=status.HTTP_400_BAD_REQUEST
            )

        if not two_factor.is_enabled:
            return Response(
                {"detail": "2FA not enabled"},
                status=status.HTTP_400_BAD_REQUEST
            )

        if token.isdigit() and verify_totp(two_factor.secret, int(token)):
            pass
        elif verify_recovery_code(user, token):
            pass
        else:
            return Response(
                {"detail": "Invalid OTP or recovery code"},
                status=status.HTTP_400_BAD_REQUEST
            )

        validate_user_context(user)

        refresh = RefreshToken.for_user(user)

        return Response({
            "refresh": str(refresh),
            "access": str(refresh.access_token),
        })