"""Password reset model for forgot password functionality."""
import uuid
import secrets
from datetime import datetime, timedelta
from app import db


class PasswordReset(db.Model):
    """Password reset codes for forgot password functionality."""

    __tablename__ = 'password_resets'

    id = db.Column(db.String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
    email = db.Column(db.String(120), nullable=False, index=True)
    code = db.Column(db.String(6), nullable=False)
    token = db.Column(db.String(64), nullable=False, unique=True, index=True)
    attempts = db.Column(db.Integer, default=0)
    is_used = db.Column(db.Boolean, default=False)
    created_at = db.Column(db.DateTime, default=datetime.utcnow, nullable=False)
    expires_at = db.Column(db.DateTime, nullable=False)

    def __init__(self, email, code, expiry_minutes=15):
        """Initialize password reset code with expiration.

        Args:
            email: User's email address
            code: 6-digit verification code
            expiry_minutes: How long the code is valid (default 15 minutes for security)
        """
        self.email = email
        self.code = code
        self.token = secrets.token_urlsafe(48)  # Secure random token for URL
        self.expires_at = datetime.utcnow() + timedelta(minutes=expiry_minutes)

    def is_expired(self):
        """Check if password reset code has expired."""
        return datetime.utcnow() > self.expires_at

    def is_valid(self):
        """Check if code is valid (not expired, not used, attempts not exceeded)."""
        return not self.is_expired() and not self.is_used and self.attempts < 5

    def increment_attempts(self):
        """Increment failed verification attempts."""
        self.attempts += 1

    def mark_as_used(self):
        """Mark password reset code as used."""
        self.is_used = True

    def __repr__(self):
        """String representation of PasswordReset."""
        return f'<PasswordReset {self.email}>'