#!/usr/bin/python3
"""
User Settings
"""
import os
from flask import Blueprint, render_template, session, current_app, send_file, request, flash, redirect
from werkzeug.security import check_password_hash

from flask_babel import _

from .db import get_db
from .auth import login_required
from .utils import User


bp = Blueprint("settings", __name__, url_prefix="/settings")

@bp.route("/")
@login_required
def index():
    """
    Settings page
    """
    user = User(user_id=session.get("user_id"))

    return render_template(
        "settings/index.html",
        inspected_user=user,
        user=user
    )


@bp.route("/delete-account", methods=["POST"])
@login_required
def delete_account():
    if "user_id" not in request.form:
        flash(_("Missing user id."))
        return redirect(request.referrer)

    cur_user = User(user_id=session.get("user_id"))
    user_id = request.form["user_id"]
    mod_user = User(user_id=user_id)

    if cur_user.access_level != 1:
        if cur_user.id != mod_user.id:
            flash(_("Missing rights."))
            return redirect(request.referrer)

    mod_user.delete()
    flash(_("User successfully deleted."))
    if cur_user.id == mod_user.id:
        return redirect("/")
    return redirect("/admin")


@bp.route("/change-password", methods=["POST"])
@login_required
def change_password():
    if "user_id" not in request.form:
        flash(_("Missing user id."))
        return redirect(request.referrer)

    cur_user = User(user_id=session.get("user_id"))
    user_id = request.form["user_id"]
    mod_user = User(user_id=user_id)

    if cur_user.access_level != 1:
        if cur_user.id != mod_user.id:
            flash(_("Missing rights."))
            return redirect(request.referrer)

        if "old_password" not in request.form:
            flash(_("Missing old password."))
            return redirect(request.referrer)

        if not check_password_hash(mod_user.password, request.form["old_password"]):
            flash(_("Incorrect password."))
            return redirect(request.referrer)

    if "new_password" not in request.form or "confirm_new_password" not in request.form:
        flash(_("Missing password."))
        return redirect(request.referrer)

    if request.form["new_password"] != request.form["confirm_new_password"]:
        flash(_("Password and its confirmation differ."))
        return redirect(request.referrer)

    mod_user.update_password(request.form["new_password"])
    flash(_("Successfully updated password."))
    return redirect(request.referrer)