""" authentication

    * Customise the authentication

"""
from gluon.html import URL
from gluon.tools import Auth
from gluon.validators import IS_IN_DB


# Constant for admin role
ID_ADMIN = 1
ADMIN = "admin"
DEF_ADMIN = "administrators, librairians,..."

# constant for user role
ID_USER = 2
USER = "user"
DEF_USER = "liaisons, team leaders,..."


def configure_auth(db, migrate_user=False):
    """Configure the authentication process

    Args:
        db (gluon.dal.DAL): database connection
        migrate_user (bool):

    Returns:
        gluon.tools.Auth

    """
    #
    # User logging
    # Approval is required for newly registered users
    #
    auth = Auth(db, hmac_key=Auth.get_or_create_key())

    auth.define_tables(migrate=migrate_user)

    settings = auth.settings
    settings.create_user_groups = False
    settings.mailer = None
    settings.registration_requires_approval = True
    settings.registration_requires_verification = False
    settings.remember_me_form = False
    settings.reset_password_requires_verification = True

    # go to the login page after change password, logout and registration
    settings.change_password_next = URL("user", args="login")
    settings.logout_next = URL("user", args="login")
    settings.register_next = URL("user", args="login")

    # create user and admin groups
    auth_group = db.auth_group
    if not db(auth_group.id).count():
        auth_group.insert(id=ID_ADMIN, role=ADMIN, description=T(DEF_ADMIN))
        auth_group.insert(id=ID_USER, role=USER, description=T(DEF_USER))

    # Newly registered users go in the user group
    settings.everybody_group_id = ID_USER

    # The first user is auto approved and get all privilege (admin)
    auth_user = db.auth_user
    if not db(auth_user.id).count():
        settings.everybody_group_id = ID_ADMIN
        settings.registration_requires_approval = False

    # tune authentication fields for the extJS interface
    auth_user.registration_key.readable = True
    auth_user.registration_key.writable = True

    auth_membership = db.auth_membership
    auth_membership.user_id.label = "User"
    auth_membership.group_id.label = "Group"

    auth_membership.user_id.requires = IS_IN_DB(db, "auth_user.last_name")

    # HACK
    # JSON conversion of datetime failed in the action plugin_dbui.dbui_conf
    # Convert the date in advance help
    auth_event = db.auth_event
    auth_event.time_stamp.default = auth_event.time_stamp.default.isoformat()

    auth_cas = db.auth_cas
    auth_cas.created_on.default = auth_cas.created_on.default.isoformat()

    return auth