"""
User model for Flask-Login authentication.

Simple single-user model that loads credentials from the settings table.
"""

from typing import Optional

from flask_login import UserMixin
from sqlalchemy.orm import Session

from web.utils.settings import PasswordManager, SettingsManager


class User(UserMixin):
    """
    User class for Flask-Login.

    Represents the single application user. Credentials are stored in the
    settings table (app_password key).
    """

    # Single user ID (always 1 for single-user app)
    USER_ID = '1'

    def __init__(self, user_id: str = USER_ID):
        """
        Initialize user.

        Args:
            user_id: User ID (always '1' for single-user app)
        """
        self.id = user_id

    def get_id(self) -> str:
        """
        Get user ID for Flask-Login.

        Returns:
            User ID string
        """
        return self.id

    @property
    def is_authenticated(self) -> bool:
        """User is always authenticated if instance exists."""
        return True

    @property
    def is_active(self) -> bool:
        """User is always active."""
        return True

    @property
    def is_anonymous(self) -> bool:
        """User is never anonymous."""
        return False

    @staticmethod
    def get(user_id: str, db_session: Session = None) -> Optional['User']:
        """
        Get user by ID (Flask-Login user_loader).

        Args:
            user_id: User ID to load
            db_session: Database session (unused - kept for compatibility)

        Returns:
            User instance if ID is valid, None otherwise
        """
        if user_id == User.USER_ID:
            return User(user_id)
        return None

    @staticmethod
    def authenticate(password: str, db_session: Session) -> Optional['User']:
        """
        Authenticate user with password.

        Args:
            password: Password to verify
            db_session: Database session for accessing settings

        Returns:
            User instance if password is correct, None otherwise
        """
        settings_manager = SettingsManager(db_session)

        if PasswordManager.verify_app_password(settings_manager, password):
            return User(User.USER_ID)

        return None

    @staticmethod
    def has_password_set(db_session: Session) -> bool:
        """
        Check if application password is set.

        Args:
            db_session: Database session for accessing settings

        Returns:
            True if password is set, False otherwise
        """
        settings_manager = SettingsManager(db_session)
        stored_hash = settings_manager.get('app_password', decrypt=False)
        return bool(stored_hash)