# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2011 Nexedi SA and Contributors. All Rights Reserved.
#                    Ivan Tyagov <ivan@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
##############################################################################

from Products.ERP5Type import Permissions
from AccessControl.AuthEncoding import pw_validate
from AccessControl import ClassSecurityInfo

class LoginAccountProviderMixin:
  """
  This class provides a generic implementation of ILoginAccountProvider.
  """

  # Declarative security
  security = ClassSecurityInfo()

  security.declareProtected(Permissions.SetOwnPassword, 'notifyLoginFailure')
  def notifyLoginFailure(self, **kw):
    """
    Notify an authentication failure.
    """
    method = self._getTypeBasedMethod('notifyLoginFailure')
    if method is not None:
      return method(**kw)

  security.declareProtected(Permissions.SetOwnPassword, 'notifyPasswordExpire')
  def notifyPasswordExpire(self, **kw):
    """
    Notify a password expire event.
    """
    method = self._getTypeBasedMethod('notifyPasswordExpire')
    if method is not None:
      return method(**kw)

  security.declareProtected(Permissions.SetOwnPassword, 'isLoginBlocked')
  def isLoginBlocked(self, **kw):
    """
    Is this login blocked?
    """
    method = self._getTypeBasedMethod('isLoginBlocked')
    if method is not None:
      return method(**kw)
    return False      

  security.declareProtected(Permissions.SetOwnPassword, 'isPasswordExpired')
  def isPasswordExpired(self, **kw):
    """
    Is password expired?
    """
    method = self._getTypeBasedMethod('isPasswordExpired')
    if method is not None:
      return method(**kw)
    return False      

  security.declareProtected(Permissions.SetOwnPassword, 'isPasswordValid')
  def isPasswordValid(self, password, **kw):
    """
    Is password valid?
    """
    result_code_list = self.analyzePassword(password, **kw)
    if not len(result_code_list):
      return True
    return False
    
  def analyzePassword(self, password, **kw):
    """
    Analyze password validity.
    Return status code indicating if password is acceptable and if not status code
    for reason for not being a valid one (i.e. too short, not complex, etc ...)    
    """
    method = self._getTypeBasedMethod('analyzePassword')
    return method(password, **kw)
    
  security.declareProtected(Permissions.SetOwnPassword, 'isPasswordAlreadyUsed')
  def isPasswordAlreadyUsed(self, password):
    """
      Return if password has already been used.
    """
    preferred_number_of_last_password_to_check = self.portal_preferences.getPreferredNumberOfLastPasswordToCheck()
    password_event_list = self.getPortalObject().portal_catalog(
                                                   portal_type = "Password Event",
                                                   default_destination_uid = self.getUid(),
                                                   sort_on = (('creation_date', 'DESC',),),                                                               
                                                   limit = preferred_number_of_last_password_to_check)
    password_list = [x.getPassword() for x in password_event_list]                                                                
    for encoded_password in password_list:
      if pw_validate(encoded_password, password):
        return True
    return False