# -*- coding: utf-8 -*-
""" auth

    * Customise the authentication

"""
from gluon.html import URL
from gluon.tools import Auth
from gluon.validators import IS_IN_DB


# Constant for admin role
ID_ADMIN = 1
ADMIN = "admin"
DEF_ADMIN = "administrators, ..."

# constant for user role
ID_USER = 2
USER = "user",
DEF_USER = "team leader,,..."


def configure_auth(db, migrate_user=False):
    """Configure the authentication process

    Args:
        db (gluon.dal.DAL): database connection
        migrate_user (bool):

    Returns:
        gluon.tools.Auth

    """
    #
    # User logging
    # Approval is required for newly registered users
    #
    auth = Auth(db, hmac_key=Auth.get_or_create_key())

    auth.define_tables(migrate=migrate_user)
    auth.settings.create_user_groups = False
    auth.settings.mailer = None
    auth.settings.registration_requires_approval = True
    auth.settings.registration_requires_verification = False
    auth.settings.remember_me_form = False
    auth.settings.reset_password_requires_verification = True

    # go to the login page after change password, logout and registration
    auth.settings.change_password_next = URL('user', args='login')
    auth.settings.logout_next = URL('user', args='login')
    auth.settings.register_next = URL('user', args='login')

    # create user and admin groups
    if not db(db.auth_group.id).count():
        db.auth_group.insert(id=ID_ADMIN, role=ADMIN, description=T(DEF_ADMIN))
        db.auth_group.insert(id=ID_USER, role=USER, description=T(DEF_USER))

    # Newly registered users go in the user group
    auth.settings.everybody_group_id = ID_USER

    # The first user is auto approved and get all privilege (admin)
    if not db(db.auth_user.id).count():
        auth.settings.everybody_group_id = ID_ADMIN
        auth.settings.registration_requires_approval = False

    # tune authentication fields for the extJS interface
    db.auth_user.registration_key.readable = True
    db.auth_user.registration_key.writable = True

    db.auth_membership.user_id.label = 'User'
    db.auth_membership.group_id.label = 'Group'

    db.auth_membership.user_id.requires = IS_IN_DB(db, 'auth_user.last_name')

    # HACK
    # JSON conversion of datetime failed in the action plugin_dbui.dbui_conf
    # Convert the date in advance help
    db.auth_event.time_stamp.default = \
        db.auth_event.time_stamp.default.isoformat()

    db.auth_cas.created_on.default = \
        db.auth_cas.created_on.default.isoformat()

    return auth