from flask import Blueprint, render_template, request, redirect, url_for, flash, session
from functools import wraps
from ldap3 import Server, Connection, ALL
from ldap3.core.exceptions import LDAPException


class LoginAuth:
    def __init__(self):
        # Create Blueprint
        self.bp = Blueprint("auth", __name__)

        # -------------------------------
        # LDAP CONFIGURATION
        # -------------------------------
        self.LDAP_SERVER = "ldap://localhost:389"
 
        self.BASE_DN = "ou=users,dc=lcepl,dc=org"        # LDAP Users DN

        # -------------------------------
        # LOGIN ROUTE
        # -------------------------------
        # @self.bp.route('/login', methods=['GET', 'POST'])
        # def login():
        #     if request.method == 'POST':
        #         username = request.form.get("username")
        #         password = request.form.get("password")
        #         if not username or not password:
        #             flash("Username and password are required!", "danger")
        #             return render_template("login.html")
        #         user_dn = f"uid={username},{self.BASE_DN}"
        #         server = Server(self.LDAP_SERVER, get_info=ALL)
        #         try:
        #             # Attempt LDAP bind
        #             conn = Connection(server, user=user_dn, password=password, auto_bind=True)
        #             if conn.bound:
        #                 session['user'] = username
        #                 flash(f"Login successful! Welcome {username}", "success")
        #                 return redirect(url_for('welcome'))
        #             else:
        #                 flash("Invalid username or password!", "danger")
        #         except LDAPException as e:
        #             flash(f"LDAP login failed: {str(e)}", "danger")
        #         finally:
        #             if 'conn' in locals():
        #                 conn.unbind()
        #     # GET request: show login form
        #     return render_template("login.html")


        # LOGIN ROUTE
        @self.bp.route('/login', methods=['GET', 'POST'])
        def login():
            if request.method == 'POST':
                username = request.form.get("username")
                password = request.form.get("password")
                # Dummy validation — REPLACE with DB check later
                if username == "admin" and password == "admin123":
                    session['user'] = username
                    flash("Login successful!", "success")
                    return redirect(url_for('welcome'))
                else:
                    flash("Invalid username or password!", "danger")
            return render_template("login.html")
        
        
        # -------------------------------
        # LOGOUT ROUTE
        # -------------------------------
        @self.bp.route('/logout')
        def logout():
            session.clear()
            flash("Logged out successfully!", "success")
            return redirect(url_for('auth.login'))

    # ===================================================
    # LOGIN REQUIRED DECORATOR INSIDE CLASS
    # ===================================================
    def login_required(self, f):
        """
        Protect routes: redirect to login if user not authenticated.
        """
        @wraps(f)
        def wrapper(*args, **kwargs):
            if "user" not in session:
                flash("Please login first!", "danger")
                return redirect(url_for("auth.login"))
            return f(*args, **kwargs)
        return wrapper