from rest_framework.authentication import BasicAuthentication
from rest_framework.exceptions import AuthenticationFailed
from django.contrib.auth.models import User
from .models import ServiceBrokerUser


class ServiceBrokerAuthentication(BasicAuthentication):
    def authenticate_credentials(self, userid, password, request=None):
        try:
            user = User.objects.get(username=userid)
            if not user.check_password(password):
                raise AuthenticationFailed("Invalid password")

            # Ensure user has broker permissions
            try:
                broker_user = ServiceBrokerUser.objects.get(user=user)
            except ServiceBrokerUser.DoesNotExist:
                raise AuthenticationFailed("User is not authorized for broker access")

            return (user, None)
        except User.DoesNotExist:
            raise AuthenticationFailed("Invalid username")