"""
Security utilities module.
"""

from fastapi import HTTPException
from jinja2 import Environment, FileSystemLoader, select_autoescape

from cbh.api.account.dto import RegistrationType
from cbh.api.account.models import AccountModel
from cbh.core.config import settings


def check_account_to_reset(account_obj: AccountModel, account: AccountModel | None = None) -> None:
    """
    Check if the account can be reset.
    """
    if not account and account_obj.registrationType != RegistrationType.ORGANIC:
        raise HTTPException(
            status_code=422,
            detail="Please sign in with social providers",
        )
    elif account and account_obj.registrationType != RegistrationType.ORGANIC:
        raise HTTPException(
            status_code=422,
            detail="Password reset is not available for social login accounts",
        )


async def send_password_reset_email(
    code: str, account_obj: AccountModel
) -> None:
    """
    Send a password reset email.
    """
    templates_path = settings.BASE_DIR / "cbh" / "templates" / "emails"
    env = Environment(
        loader=FileSystemLoader(templates_path),
        autoescape=select_autoescape(["html", "xml"]),
    )
    template = env.get_template("resetPassword.html")

    template_content = template.render(
        link=f"{settings.Audience}/change-password?code={code}",
        audience_link=settings.Audience,
    )
    await settings.EMAIL_CLIENT.send_email(
        account_obj.email,
        "You requested a password reset in Arena",
        template_content,
    )