from urllib.parse import urlencode, parse_qs

import flask
from flask import Blueprint, redirect
from flask import current_app, session
from flask import jsonify
from flask.helpers import make_response
from flask.templating import render_template
from oic.oic.message import TokenErrorResponse, UserInfoErrorResponse, EndSessionRequest

from pyop.access_token import AccessToken, BearerTokenError
from pyop.exceptions import InvalidAuthenticationRequest, InvalidAccessToken, InvalidClientAuthentication, OAuthError, \
    InvalidSubjectIdentifier, InvalidClientRegistrationRequest
from pyop.util import should_fragment_encode

from flask import Blueprint, render_template, request, url_for
from flask_login import login_required, login_user, logout_user
from werkzeug.utils import redirect
import logging


from ..model import User, SecurityUser
from ..form.login import LoginForm
from ..auth_providers import AUTH_PROVIDER_LIST
from .oidc import do_logout


auth_views = Blueprint('auth', __name__, url_prefix='')


@auth_views.route('/login', methods=['GET', 'POST'])
def login():
    form = LoginForm()
    if form.validate_on_submit():
        user = User.query().by_username(form.data['name'])
        session['username'] = str(user.username)
        session['auth_providers'] = []
        return redirect(url_for('auth.login_auth'))
    return render_template('frontend/login.html.j2', form=form)


@auth_views.route('/login/auth', methods=['GET', 'POST'])
def login_auth():
    if 'username' not in session:
        return redirect(url_for('auth.login'))
    auth_forms = []
    user = User.query().by_username(session['username'])
    for auth_provider in AUTH_PROVIDER_LIST:
        form = auth_provider.get_form()
        if auth_provider.get_name() not in session['auth_providers'] and\
           auth_provider.check_auth(user, form):
            session['auth_providers'].append(auth_provider.get_name())

        if auth_provider.get_name() not in session['auth_providers']:
            auth_forms.append(form)

    if len(session['auth_providers']) >= 2:
        login_user(SecurityUser(session['username']))
        # TODO use this var
        _next = request.args.get('next')
        return redirect(url_for('frontend.index'))
    print(auth_forms)
    return render_template('frontend/login_auth.html.j2', forms=auth_forms)


@auth_views.route("/logout")
@login_required
def logout():
    logout_user()
    do_logout()
    return redirect(url_for('.login'))