"""Phase 14: SSO / SAML 2.0 configuration model."""

import uuid
from datetime import datetime

from sqlalchemy import Boolean, Column, DateTime, String, Text
from sqlalchemy.dialects.postgresql import JSONB, UUID

from app.database import Base


class SsoConfig(Base):
    """
    SAML 2.0 Identity Provider configuration.

    Exactly one row is expected (use upsert).  The SP metadata endpoint
    reads from this row to generate XML for IdP registration.
    """

    __tablename__ = "sso_configs"

    id           = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
    is_enabled   = Column(Boolean, nullable=False, default=False)
    provider_name = Column(String(200), nullable=True)  # e.g., "Okta", "Azure AD"

    # ── Service Provider (Aegis) settings ────────────────────────────────────
    sp_entity_id  = Column(String(500), nullable=True)   # e.g., https://aegis.co/api/v1/sso/metadata
    sp_acs_url    = Column(String(500), nullable=True)   # Assertion Consumer Service URL
    sp_slo_url    = Column(String(500), nullable=True)   # Single Logout URL (optional)
    sp_certificate = Column(Text, nullable=True)         # SP public cert for signed requests
    sp_private_key = Column(Text, nullable=True)         # SP private key (stored encrypted in future)

    # ── Identity Provider settings ────────────────────────────────────────────
    idp_entity_id  = Column(String(500), nullable=True)
    idp_sso_url    = Column(String(500), nullable=True)  # IdP redirect/POST binding URL
    idp_slo_url    = Column(String(500), nullable=True)  # IdP SLO URL
    idp_certificate = Column(Text, nullable=True)        # IdP X.509 cert for response validation

    # ── Attribute mapping ─────────────────────────────────────────────────────
    # SAML attribute name → Aegis field
    attr_email    = Column(String(200), nullable=True, default="email")
    attr_username = Column(String(200), nullable=True, default="username")
    attr_role     = Column(String(200), nullable=True, default="role")
    default_role  = Column(String(50),  nullable=True, default="viewer")
    auto_provision = Column(Boolean, nullable=False, default=True)  # create user on first login

    # ── Meta ─────────────────────────────────────────────────────────────────
    created_at = Column(DateTime, default=datetime.utcnow)
    updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)