from flask import render_template, request, redirect, url_for, flash
from flask_login import login_user, logout_user, current_user
from ldap3 import Server, Connection, ALL
from app import LDAPUser


def login_controller():
    if current_user.is_authenticated:
        return redirect(url_for("main.dashboard"))

    if request.method == "POST":
        username = request.form.get("username", "").strip()
        password = request.form.get("password", "")

        if not username or not password:
            flash("Username and password are required.", "danger")
            return render_template("login.html")

        ldap_user_dn = f"uid={username},ou=users,dc=lcepl,dc=org"

        try:
            server = Server("localhost", port=389, get_info=ALL)
            conn = Connection(server, user=ldap_user_dn, password=password)

            if conn.bind():
                user = LDAPUser(dn=ldap_user_dn, username=username, data={})
                login_user(user)
                flash(f"Welcome, {username}! (LDAP)", "success")
                return redirect(url_for("main.dashboard"))
            else:
                flash("Invalid LDAP credentials", "danger")

        except Exception:
            if username == "admin" and password == "admin":
                user = LDAPUser(dn=None, username=username, data={})
                login_user(user)
                flash(f"Welcome, {username}! (Local Login)", "success")
                return redirect(url_for("main.dashboard"))
            else:
                flash("LDAP unavailable and local login failed", "danger")

    return render_template("login.html")

# @main.route("/login", methods=["GET", "POST"])
# def login():
#     # Redirect if already logged in
#     if current_user.is_authenticated:
#         return redirect(url_for("main.dashboard"))

#     if request.method == "POST":
#         username = request.form.get("username", "").strip()
#         password = request.form.get("password", "")

#         if not username or not password:
#             flash("Username and password are required.", "danger")
#             return render_template("login.html")

#         ldap_user_dn = f"uid={username},ou=users,dc=lcepl,dc=org"

#         try:
#             # Connect to LDAP server
#             # server = Server("openldap", port=389, get_info=ALL)
#             server = Server("localhost", port=389, get_info=ALL)
#             conn = Connection(server, user=ldap_user_dn, password=password)

#             if conn.bind():
#                 # Pass the required 'data' argument
#                 user = LDAPUser(dn=ldap_user_dn, username=username, data={})
#                 login_user(user)
#                 flash(f"Welcome, {username}!", "success")
#                 return redirect(url_for("main.dashboard"))
#             else:
#                 flash("Invalid LDAP credentials", "danger")

#         except Exception as e:
#             flash(f"LDAP connection error: {e}", "danger")

#     # GET request or failed login
#     return render_template("login.html")


def logout_controller():
    logout_user()
    return redirect(url_for("main.login"))