from rest_framework import serializers
from django.contrib.auth import authenticate
from rest_framework.exceptions import AuthenticationFailed
from django.contrib.auth import get_user_model
from api.property_api.country.models.country import Country

User = get_user_model()

class CountryAdminLoginSerializer(serializers.Serializer):
    email = serializers.EmailField(required=False)
    password = serializers.CharField(write_only=True)
    country = serializers.PrimaryKeyRelatedField(
        queryset=Country.objects.all(),
        required=False,
        allow_null=True
    )

    def validate(self, attrs):
        email = attrs.get("email")
        password = attrs.get("password")
        country = attrs.get("country")

        user = authenticate(email=email, password=password)

        if not user:
            raise AuthenticationFailed("Invalid credentials")

        if not user.is_active:
            raise AuthenticationFailed("Account inactive")

        if not user.email_verified:
            raise AuthenticationFailed("Email not verified")

        # 🔐 Country validation only for sub_admin
        if user.role == "sub_admin":
            if user.status.lower() != "accepted":
                raise AuthenticationFailed(
                    "Your account is not approved yet. Please contact super admin."
                )
            
            if not country:
                raise AuthenticationFailed("Country is required for sub admin")

            if user.country != country:
                raise AuthenticationFailed("Invalid country")

        attrs["user"] = user
        return attrs