from mozilla_django_oidc.auth import OIDCAuthenticationBackend
import logging
from lofar.sas.tmss.tmss.tmssapp.models import ProjectRole

logger = logging.getLogger(__name__)

class TMSSOIDCAuthenticationBackend(OIDCAuthenticationBackend):
    """
    A custom OIDCAuthenticationBackend, that allows us to perform extra actions when a user gets authenticated,
    most importantly we can assign the user's system and project roles according to the claims that we get from the
    identity provider.
    """

    def _set_user_project_roles_from_claims(self, user, claims):
        project_roles = []
        prefix = 'urn:mace:astron.nl:science:group:lofar:project:'
        for entitlement in claims.get('eduperson_entitlement', []):
            try:
                if entitlement.startswith(prefix):
                    project, role = entitlement.replace(prefix, '').split(':')
                    role = role.replace('role=', '')
                    if ProjectRole.objects.filter(value=role).count() > 0:
                        project_roles.append({'project': project, 'role': role})
                    else:
                        logger.error('could not parse entitlement=%s because no project role exists that matches the entitlement role=%s' % (entitlement, role))
            except Exception as e:
                logger.error('could not parse entitlement=%s because of exception=%s' % (entitlement, e))
        user.project_roles = project_roles
        logger.info("### assigned project_roles=%s to user=%s" % (project_roles, user))
        user.save()

    def create_user(self, claims):
        user = super(TMSSOIDCAuthenticationBackend, self).create_user(claims)
        logger.info('### create user=%s claims=%s' % (user, claims))
        self._set_user_project_roles_from_claims(user, claims)
        return user

    def update_user(self, user, claims):
        logger.info('### update user=%s claims=%s' % (user, claims))
        self._set_user_project_roles_from_claims(user, claims)
        return user