# coding=utf-8
# --------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# --------------------------------------------------------------------------------------------

from __future__ import print_function

import sys

from knack.log import get_logger
from knack.prompting import NoTTYException, prompt_pass
from knack.util import CLIError
from msrest.authentication import BasicAuthentication
from azext_devops.dev.common._credentials import clear_credential, set_credential
from azext_devops.dev.common.services import _get_connection, get_base_url

logger = get_logger(__name__)


def credential_set(organization=None):
    """Set the credential (PAT) to use for a particular organization.
    Refer https://aka.ms/azure-devops-cli-auth for more information on providing PAT as input.
    """
    token = _get_pat_token()
    if organization is not None:
        organization = get_base_url(organization)
        logger.info("Creating connection with personal access token.")
        _verify_token(organization=organization, token=token)
    try:
        set_credential(organization=organization, token=token)
    except Exception as ex:  # pylint: disable=bare-except
        logger.warning("Unable to use secure credential store in this environment.")
        logger.warning("Please refer to alternate methods at https://aka.ms/azure-devops-cli-auth")
        logger.warning("using Environment variable")
        logger.warning("or use 'az login'")
        raise CLIError(ex)
    _check_and_set_default_organization(organization)


def credential_clear(organization=None):
    """Clear the credential for all or a particular organization
    :param organization: Azure Devops organization URL. Example: https://dev.azure.com/MyOrganizationName/.
    If no organization is specified, all organizations will be logged out.
    :type organization: str
    """
    if organization is not None:
        organization = get_base_url(organization)
    clear_credential(organization)
    if organization is not None:
        print('The credential was successfully cleared.')
    else:
        print('Logged out of all Azure DevOps organizations.')
    _check_and_clear_default_organization(organization)


def _verify_token(organization, token):
    credentials = BasicAuthentication('', token)
    connection = _get_connection(organization, credentials)
    vstsDir = 'azext_devops.devops_sdk.'
    location_client = connection.get_client(vstsDir + 'v5_0.location.location_client.LocationClient')
    try:
        connection_data = location_client.get_connection_data()
    except Exception as ex2:
        logger.debug(ex2, exc_info=True)
        raise CLIError("Failed to authenticate using the supplied token.")
    # An organization with public project enabled will not throw any exception for invalid token.
    # Hence, handle anonymous user case here.
    if connection_data.authenticated_user.id == _ANONYMOUS_USER_ID:
        raise CLIError("Failed to authenticate using the supplied token.")


def _get_pat_token():
    try:
        token = prompt_pass('Token: ', confirm=False, help_string="The token (PAT) to authenticate with.")
        while len(token) <= 1:
            logger.warning('Please provide a PAT token.')
            logger.warning('If you are using CTRL + V to paste the token, it won\'t work '
                           'on windows command prompt or powershell - '
                           'https://github.com/microsoft/knack/issues/160.')
            logger.warning('Use right click or console menu to paste the token.')
            token = prompt_pass('Token: ', confirm=False, help_string="The token (PAT) to authenticate with.")
    except NoTTYException:
        logger.info("Getting PAT token in non-interactive mode.")
        token = sys.stdin.readline().rstrip()
    return token


# Sets organization if the default is not set
def _check_and_set_default_organization(organization):
    if organization is not None:
        from azext_devops.dev.common.config import azdevops_config
        from azext_devops.dev.common.const import DEFAULTS_SECTION, DEVOPS_ORGANIZATION_DEFAULT
        from .configure import configure
        current_org_default = None
        if azdevops_config.has_option(DEFAULTS_SECTION, DEVOPS_ORGANIZATION_DEFAULT):
            current_org_default = azdevops_config.get(DEFAULTS_SECTION, DEVOPS_ORGANIZATION_DEFAULT)
        if current_org_default is None or current_org_default == '':
            configure(defaults=['organization={}'.format(organization)])
            logger.debug("Setting this organization as default. No default was set earlier.")
        else:
            logger.debug("Another organization is already set as default.")


# Clears organization if the default is set to same
def _check_and_clear_default_organization(organization):
    if organization is not None:
        from azext_devops.dev.common.config import azdevops_config
        from azext_devops.dev.common.const import DEFAULTS_SECTION, DEVOPS_ORGANIZATION_DEFAULT
        from .configure import configure
        current_org_default = None
        if azdevops_config.has_option(DEFAULTS_SECTION, DEVOPS_ORGANIZATION_DEFAULT):
            current_org_default = azdevops_config.get(DEFAULTS_SECTION, DEVOPS_ORGANIZATION_DEFAULT)
        if current_org_default == organization:
            configure(defaults=["organization="])
            logger.debug("Resetting default organization.")
        else:
            logger.debug("Default org not reset. Different organization is set as default.")


_ANONYMOUS_USER_ID = 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'