from datetime import datetime
from sqlalchemy import or_, select
from sqlalchemy.orm import Session
from app.database.database import SessionLocal
from app.schemas import employees, login
from sqlalchemy.orm import Session
from app.models.login import  Login
from typing import List
from starlette.middleware.sessions import SessionMiddleware
from flask import  request, jsonify, Blueprint

router = Blueprint('login', __name__)

# Dépendance pour la base de données
def get_db():
    db = SessionLocal()
    try:
        yield db
    finally:
        db.close() 
from sqlalchemy import text
import bcrypt

def verify_password(plain_password: str, hashed_password: str) -> bool:
    return bcrypt.checkpw(plain_password.encode('utf-8'), hashed_password.encode('utf-8'))
@router.route("", methods=["POST"])
def loginA():
    db = next(get_db())
    
    form_data = request.get_json()
    if not form_data:
        return jsonify({"error": "No input data provided"}), 400

    username = form_data.get("user_name")
    password = form_data.get("password_hash")

    if not username or not password:
        return jsonify({"error": "Username and password required"}), 400

    users = db.query(Login).filter(Login.user_name == username, Login.role == "user").all()
    for user in users:
        if verify_password(password, user.password_hash):
            if user.is_active == 4:
                return jsonify("Vous avez atteint la limite de connexion, merci de contacter le service RH"), 404
            print((datetime.utcnow() - user.creation_date).days)
            if (datetime.utcnow() - user.creation_date).days > 90:
                user.password_changed = 0
                db.commit()
                db.refresh(user)
            user.is_active = 1
            db.commit()
            db.refresh(user)
            return jsonify(user.as_dict())  # ⚠️ `as_dict()` doit exister

    admin_user = db.query(Login).filter(
        Login.user_name == username,
        Login.password_hash == password,
        Login.role == "admin"
    ).first()

    if admin_user:
        return jsonify(admin_user.as_dict())
    user = db.query(Login).filter(Login.user_name == username, Login.role == "user").first()
    if user:
        if user.is_active == 4:
            return jsonify("Vous avez atteint la limite de connexion, merci de contacter le service RH"), 404
        user.is_active = user.is_active + 1
        db.commit()
        db.refresh(user)
    return jsonify("Nom d'utilisateur ou mot de passe incorrect"), 404
import bcrypt
import random
import string
from app.routes.smtp import read_smtp

from fastapi_mail import FastMail, MessageSchema, ConnectionConfig

def generate_random_password(length=10):
    characters = string.ascii_letters + string.digits + "!@#$%^&*()"
    return ''.join(random.choices(characters, k=length))
def hash_password(password: str) -> str:
    return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
infos = read_smtp()
conf = ConnectionConfig(
    MAIL_USERNAME=infos[0].get('username'),
    MAIL_PASSWORD=infos[0].get('password'),
    MAIL_FROM=infos[0].get('sender_email_address'),
    MAIL_PORT=infos[0].get('port'),
    MAIL_SERVER=infos[0].get('hostname'),
    MAIL_STARTTLS=True,
    MAIL_SSL_TLS=False,
    USE_CREDENTIALS=True
)
def send_email_task(email_data):
    m = 'support_rh@finashore.ma'
    message = MessageSchema(
        subject=email_data['subject'],
        recipients=[email_data['email']],
        cc=[m],
        body=email_data['body'],
        subtype="html"
    )

    fm = FastMail(conf)
    try:
        import asyncio
        loop = asyncio.new_event_loop()
        asyncio.set_event_loop(loop)
        loop.run_until_complete(fm.send_message(message))
    except Exception as e:
        print("Erreur lors de l'envoi de l'email:", e)
    finally:
        loop.close()

from app.models.employees import Category, Employee

@router.route("/forgot-password", methods=["POST"])
def forgot_password():
    db = next(get_db())
    form_data = request.get_json()
    if not form_data:
        return jsonify({"error": "No input data provided"}), 400

    username = form_data.get("user_name")
    if not username:
        return jsonify({"error": "Username required"}), 400

    user = db.query(Login).filter(Login.user_name == username).first()
    if user:
        emp = db.query(Employee).filter(Employee.matricule == user.matricule).first()
        if not emp:
            return jsonify(False), 404
        
        generated_password = generate_random_password()
        hashed_password = hash_password(generated_password)
        user.password = generated_password
        user.password_hash = hashed_password
        user.password_changed = 0
        db.commit()
        db.refresh(user)
        #evoi un mail avec le nouveau mot de passe
        email_data = {
            'subject': 'Réinitialisation de votre mot de passe FinaIntranet',
            'email': emp.mail,
            'body': f'''
                <p>Bonjour {user.last_name} {user.first_name},</p>
                <p>Votre mot de passe a été réinitialisé avec succès.</p>
                <p>Veuillez utiliser les identifiants suivants pour vous connecter :</p>
                <ul>
                    <li>Nom d’utilisateur: {user.user_name}</li>
                    <li>Nouveau mot de passe: {generated_password}</li>
                </ul>
                <p>Nous vous recommandons de modifier ce mot de passe dès votre première connexion pour 
garantir la sécurité de votre compte.</p>
                <p>Cordialement</p>
                '''
        }
        
        try:
            send_email_task(email_data)
        except Exception as e:
            print("Erreur lors de l'envoi de l'email:", e)
            return jsonify(False), 500
        return jsonify(True)

    return jsonify(False), 404