from django.contrib.auth import get_user_model, password_validation
from django.core.exceptions import ValidationError as DjangoValidationError
from drf_spectacular.utils import extend_schema_serializer
from rest_framework import serializers

from core.serializers.base import BaseModelSerializer
from apps.users.email_identity import normalize_email_identity

User = get_user_model()

INVALID_MOBILE_FORMAT_MESSAGE = "فرمت شماره موبایل نادرست است."
INVALID_MOBILE_NUMBER_MESSAGE = "شماره موبایل معتبر نیست."
PASSWORD_MISMATCH_MESSAGE = "رمز عبور مطابقت ندارد."
NEW_PASSWORD_MISMATCH_MESSAGE = "رمز عبور جدید و تکرار آن مطابقت ندارند."
PASSWORD_REUSE_MESSAGE = "رمز عبور جدید نباید با رمز عبور قبلی یکسان باشد."


def _raise_password_validation_error(password: str, *, user, field_name: str) -> None:
    try:
        password_validation.validate_password(password, user=user)
    except DjangoValidationError as exc:
        raise serializers.ValidationError({field_name: exc.messages[0] if len(exc.messages) == 1 else exc.messages})


class UserProfilePictureSerializer(BaseModelSerializer):
    class Meta:
        model = User
        fields = BaseModelSerializer.Meta.fields + ("profile_picture",)


class UserListSerializer(BaseModelSerializer):
    full_name = serializers.CharField(read_only=True)

    class Meta:
        model = User
        fields = BaseModelSerializer.Meta.fields + (
            "mobile",
            "full_name",
            "profile_picture",
        )


class RegisterSerializer(serializers.Serializer):
    mobile = serializers.CharField(max_length=11)
    code = serializers.CharField(max_length=6)
    password = serializers.CharField(write_only=True)
    re_password = serializers.CharField(write_only=True)
    first_name = serializers.CharField(max_length=100, required=False, allow_blank=True)
    last_name = serializers.CharField(max_length=100, required=False, allow_blank=True)

    def validate(self, data):
        mobile = data.get("mobile", "")
        password = data.get("password", "")
        re_password = data.get("re_password", "")

        if not (mobile.isdigit() and len(mobile) == 11):
            raise serializers.ValidationError({"mobile": INVALID_MOBILE_FORMAT_MESSAGE})

        if password != re_password:
            raise serializers.ValidationError({"password": PASSWORD_MISMATCH_MESSAGE})

        return data


@extend_schema_serializer(component_name="UsersSendOTP")
class SendOTPSerializer(serializers.Serializer):
    mobile = serializers.CharField(max_length=11)
    mode = serializers.ChoiceField(choices=["register", "login", "forget_password"])

    def validate_mobile(self, value):
        if not value.isdigit() or len(value) != 11 or not value.startswith("09"):
            raise serializers.ValidationError(INVALID_MOBILE_NUMBER_MESSAGE)
        return value


@extend_schema_serializer(component_name="UsersLoginOtp")
class LoginOtpSerializer(serializers.Serializer):
    mobile = serializers.CharField(max_length=11)
    code = serializers.CharField(max_length=6)

    def validate_mobile(self, value):
        if not (value.isdigit() and len(value) == 11):
            raise serializers.ValidationError(INVALID_MOBILE_FORMAT_MESSAGE)
        return value


class LoginSerializer(serializers.Serializer):
    mobile = serializers.CharField(max_length=11)
    password = serializers.CharField(write_only=True)

    def validate_mobile(self, value):
        if not (value.isdigit() and len(value) == 11):
            raise serializers.ValidationError(INVALID_MOBILE_FORMAT_MESSAGE)
        return value


class GoogleOAuthFlowSerializer(serializers.Serializer):
    flow = serializers.CharField()


class GoogleOAuthCompleteSerializer(serializers.Serializer):
    flow = serializers.CharField()
    mobile = serializers.CharField(max_length=11)

    def validate_mobile(self, value):
        normalized = "".join(ch for ch in value if ch.isdigit())
        if len(normalized) != 11 or not normalized.startswith("09"):
            raise serializers.ValidationError(INVALID_MOBILE_FORMAT_MESSAGE)
        return normalized


class GoogleOAuthClaimVerifySerializer(serializers.Serializer):
    flow = serializers.CharField()
    code = serializers.CharField(max_length=6)


class ResetPasswordSerializer(serializers.Serializer):
    mobile = serializers.CharField(max_length=11)
    code = serializers.CharField(max_length=6)
    password = serializers.CharField(write_only=True)
    re_password = serializers.CharField(write_only=True)

    def validate_mobile(self, value):
        if not value.isdigit() or len(value) != 11 or not value.startswith("09"):
            raise serializers.ValidationError(INVALID_MOBILE_NUMBER_MESSAGE)
        return value

    def validate(self, data):
        mobile = data.get("mobile", "")
        password = data.get("password", "")
        re_password = data.get("re_password", "")

        if password != re_password:
            raise serializers.ValidationError({"password": PASSWORD_MISMATCH_MESSAGE})

        user = User.objects.filter(mobile=mobile).only("password", "mobile", "first_name", "last_name", "email").first()

        if user is not None:
            _raise_password_validation_error(password, user=user, field_name="password")

            if user.check_password(password):
                raise serializers.ValidationError({"password": PASSWORD_REUSE_MESSAGE})

        return data


class ChangePasswordSerializer(serializers.Serializer):
    old_password = serializers.CharField(required=True, write_only=True)
    new_password = serializers.CharField(required=True, write_only=True)
    re_password = serializers.CharField(required=True, write_only=True)

    def validate(self, data):
        old_password = data.get("old_password", "")
        new_password = data.get("new_password", "")
        re_password = data.get("re_password", "")

        if new_password != re_password:
            raise serializers.ValidationError({"new_password": NEW_PASSWORD_MISMATCH_MESSAGE})

        request = self.context.get("request")
        user = getattr(request, "user", None)

        if old_password and old_password == new_password:
            raise serializers.ValidationError({"new_password": PASSWORD_REUSE_MESSAGE})

        if user is not None and getattr(user, "is_authenticated", False):
            _raise_password_validation_error(new_password, user=user, field_name="new_password")

        return data


class LogoutSerializer(serializers.Serializer):
    refresh = serializers.CharField()


class TokenPairSerializer(serializers.Serializer):
    access = serializers.CharField()
    refresh = serializers.CharField()


class RegisterWithPasswordSerializer(serializers.Serializer):
    mobile = serializers.CharField()
    password = serializers.CharField()


class UserProfileSerializer(BaseModelSerializer):
    full_name = serializers.ReadOnlyField()
    age = serializers.ReadOnlyField()

    def validate_email(self, value):
        normalized = normalize_email_identity(value)
        user = self.instance

        if normalized is None:
            return None

        existing = User.objects.filter(email=normalized)
        if user is not None:
            existing = existing.exclude(pk=user.pk)
        if existing.exists():
            raise serializers.ValidationError("A user with this email already exists.")
        return normalized

    class Meta:
        model = User
        fields = BaseModelSerializer.Meta.fields + (
            "mobile",
            "email",
            "first_name",
            "last_name",
            "description",
            "profile_picture",
            "birth_date",
            "is_verified",
            "is_demo",
            "demo_expires_at",
            "full_name",
            "age",
        )
        read_only_fields = BaseModelSerializer.Meta.fields + ("mobile", "is_verified", "is_demo", "demo_expires_at")


class UserSearchSerializer(serializers.ModelSerializer):
    class Meta:
        model = User
        fields = (
            "id",
            "first_name",
            "last_name",
            "mobile",
            "profile_picture",
        )