# users/auth_serializers.py

from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
from rest_framework.exceptions import AuthenticationFailed
from django.contrib.auth import get_user_model

User = get_user_model()

class CustomTokenObtainPairSerializer(TokenObtainPairSerializer):
    @classmethod
    def get_token(cls, user):
        token = super().get_token(user)
        token["role"] = user.role
        token["username"] = user.username
        return token

    def validate(self, attrs):
        # Allow case-insensitive username login (e.g. "Test" vs "test")
        username_field = self.username_field
        input_username = attrs.get(username_field)
        matched_user = None
        if input_username:
            matched_user = User.objects.filter(**{f"{username_field}__iexact": input_username}).first()
            if matched_user:
                attrs[username_field] = getattr(matched_user, username_field)

        raw_password = attrs.get("password") or ""
        if (
            matched_user
            and matched_user.role == "CUSTOMER"
            and not matched_user.is_approved
            and matched_user.check_password(raw_password)
        ):
            raise AuthenticationFailed("Please wait patiently, your request is pending admin approval.")

        data = super().validate(attrs)

        if self.user.role == "CUSTOMER" and not self.user.is_approved:
            raise AuthenticationFailed("Please wait patiently, your request is pending admin approval.")

        data["role"] = self.user.role
        data["username"] = self.user.username
        data["phone_number"] = self.user.phone_number
        data["building"] = self.user.building
        # Backward-compatibility key for older frontend builds.
        data["bulding"] = self.user.building
        data["office"] = self.user.office

        return data