"""
Management command to securely change admin user password.
"""
from django.core.management.base import BaseCommand
from django.contrib.auth import get_user_model
from apps.activities.helpers import log_user_activity
import secrets
import string
import getpass


class Command(BaseCommand):
    help = 'Change password for admin user'

    def add_arguments(self, parser):
        parser.add_argument(
            '--email',
            type=str,
            default='admin@adtlas.com',
            help='Admin user email (default: admin@adtlas.com)'
        )
        parser.add_argument(
            '--generate',
            action='store_true',
            help='Generate a secure random password'
        )
        parser.add_argument(
            '--password',
            type=str,
            help='New password (not recommended for security)'
        )

    def handle(self, *args, **options):
        User = get_user_model()
        admin_email = options['email']
        
        try:
            admin_user = User.objects.get(email=admin_email)
        except User.DoesNotExist:
            self.stdout.write(
                self.style.ERROR(f'Admin user {admin_email} not found')
            )
            return
        
        # Get the new password
        if options['generate']:
            new_password = self.generate_secure_password()
            self.stdout.write(
                self.style.SUCCESS(f'Generated secure password: {new_password}')
            )
        elif options['password']:
            new_password = options['password']
        else:
            new_password = getpass.getpass('Enter new password: ')
            confirm_password = getpass.getpass('Confirm new password: ')
            
            if new_password != confirm_password:
                self.stdout.write(
                    self.style.ERROR('Passwords do not match')
                )
                return
        
        # Update the password
        admin_user.set_password(new_password)
        admin_user.save()
        
        # Log the activity
        try:
            log_user_activity(
                user=admin_user,
                action='password_change',
                object_type='User',
                object_id=str(admin_user.id),
                object_repr=f'Admin user {admin_user.email}',
                details={
                    'action_type': 'password_change',
                    'changed_via': 'management_command',
                    'is_superuser': admin_user.is_superuser,
                    'is_staff': admin_user.is_staff
                },
                ip_address='127.0.0.1',
                user_agent='Django Management Command'
            )
        except Exception as e:
            self.stdout.write(
                self.style.WARNING(f'Activity logging failed: {e}')
            )
        
        self.stdout.write(
            self.style.SUCCESS(f'Password updated successfully for {admin_email}')
        )
    
    def generate_secure_password(self, length=16):
        """Generate a secure random password."""
        characters = string.ascii_letters + string.digits + '!@#$%^&*'
        return ''.join(secrets.choice(characters) for _ in range(length))