from rest_framework import generics, status, viewsets
from rest_framework.decorators import action
from rest_framework.response import Response

from userausfall.models import MissingUserAttribute, PasswordMismatch, User
from userausfall.rest_api.serializers import TrustBridgeSerializer
from userausfall.views import get_authenticated_user


class TrustBridgeView(generics.RetrieveAPIView):
    serializer_class = TrustBridgeSerializer

    def get_object(self):
        return get_authenticated_user(self.request).get_or_create_trust_bridge()


class UserViewSet(viewsets.GenericViewSet):
    @action(detail=True, methods=["post"])
    def activate(self, request, pk=None):
        """Create the corresponding LDAP account."""
        user: User = self.get_object()
        serializer = self.get_serializer(data=request.data)
        if serializer.is_valid():
            try:
                # We prevent untrusted user accounts from being activated via API.
                # They might be activated via Admin or programmatically.
                if not user.trust_bridge.is_trusted:
                    raise MissingUserAttribute("User has no trusted trust bridge.")
                user.create_ldap_account(serializer.validated_data["password"])
            except (MissingUserAttribute, PasswordMismatch) as e:
                return Response({"message": str(e)}, status=status.HTTP_400_BAD_REQUEST)
            return Response(status=status.HTTP_204_NO_CONTENT)
        else:
            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)