/**
 * Copyright JS Foundation and other contributors, http://js.foundation
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 **/

var should = require("should");
var sinon = require("sinon");

var passport = require("passport");

var NR_TEST_UTILS = require("nr-test-utils");

var auth = NR_TEST_UTILS.require("@node-red/editor-api/lib/auth");
var Users = NR_TEST_UTILS.require("@node-red/editor-api/lib/auth/users");
var Tokens = NR_TEST_UTILS.require("@node-red/editor-api/lib/auth/tokens");
var Permissions = NR_TEST_UTILS.require("@node-red/editor-api/lib/auth/permissions");

describe("api/auth/index",function() {



    describe("ensureClientSecret", function() {
        before(function() {
            auth.init({},{})
        });
        it("leaves client_secret alone if not present",function(done) {
            var req = {
                body: {
                    client_secret: "test_value"
                }
            };
            auth.ensureClientSecret(req,null,function() {
                req.body.should.have.a.property("client_secret","test_value");
                done();
            })
        });
        it("applies a default client_secret if not present",function(done) {
            var req = {
                body: { }
            };
            auth.ensureClientSecret(req,null,function() {
                req.body.should.have.a.property("client_secret","not_available");
                done();
            })
        });
    });

    describe("revoke", function() {
        it("revokes a token", function(done) {
            var revokeToken = sinon.stub(Tokens,"revoke").callsFake(function() {
                return Promise.resolve();
            });

            var req = { body: { token: "abcdef" } };

            var res = { status: function(resp) {
                revokeToken.restore();

                resp.should.equal(200);
                return {
                    end: done
                }
            }};

            auth.revoke(req,res);
        });
    });

    describe("login", function() {
        beforeEach(function() {
            sinon.stub(Tokens,"init").callsFake(function(){});
            sinon.stub(Users,"init").callsFake(function(){});
        });
        afterEach(function() {
            Tokens.init.restore();
            Users.init.restore();
        });
        it("returns login details - credentials", function(done) {
            auth.init({adminAuth:{type:"credentials"}},{})
            auth.login(null,{json: function(resp) {
                resp.should.have.a.property("type","credentials");
                resp.should.have.a.property("prompts");
                resp.prompts.should.have.a.lengthOf(2);
                done();
            }});
        });
        it("returns login details - none", function(done) {
            auth.init({},{})
            auth.login(null,{json: function(resp) {
                resp.should.eql({});
                done();
            }});
        });
        it("returns login details - strategy", function(done) {
            auth.init({adminAuth:{type:"strategy",strategy:{label:"test-strategy",icon:"test-icon"}}},{})
            auth.login(null,{json: function(resp) {
                resp.should.have.a.property("type","strategy");
                resp.should.have.a.property("prompts");
                resp.prompts.should.have.a.lengthOf(1);
                resp.prompts[0].should.have.a.property("type","button");
                resp.prompts[0].should.have.a.property("label","test-strategy");
                resp.prompts[0].should.have.a.property("icon","test-icon");

                done();
            }});
        });

    });
    describe("needsPermission", function() {
        beforeEach(function() {
            sinon.stub(Tokens,"init").callsFake(function(){});
            sinon.stub(Users,"init").callsFake(function(){});
        });
        afterEach(function() {
            Tokens.init.restore();
            Users.init.restore();
            if (passport.authenticate.restore) {
                passport.authenticate.restore();
            }
            if (Permissions.hasPermission.restore) {
                Permissions.hasPermission.restore();
            }
        });


        it('no-ops if adminAuth not set', function(done) {
            sinon.stub(passport,"authenticate").callsFake(function(scopes,opts) {
                return function(req,res,next) {
                }
            });
            auth.init({});
            var func = auth.needsPermission("foo");
            func({},{},function() {
                passport.authenticate.called.should.be.false();
                done();
            })
        });
        it('skips auth if req.user undefined', function(done) {
            sinon.stub(passport,"authenticate").callsFake(function(scopes,opts) {
                return function(req,res,next) {
                    next();
                }
            });
            sinon.stub(Permissions,"hasPermission").callsFake(function(perm) { return true });
            auth.init({adminAuth:{}});
            var func = auth.needsPermission("foo");
            func({user:null},{},function() {
                try {
                    passport.authenticate.called.should.be.true();
                    Permissions.hasPermission.called.should.be.false();
                    done();
                } catch(err) {
                    done(err);
                }
            })
        });

        it('passes for valid user permission', function(done) {
            sinon.stub(passport,"authenticate").callsFake(function(scopes,opts) {
                return function(req,res,next) {
                    next();
                }
            });
            sinon.stub(Permissions,"hasPermission").callsFake(function(perm) { return true });
            auth.init({adminAuth:{}});
            var func = auth.needsPermission("foo");
            func({user:true,authInfo: { scope: "read"}},{},function() {
                try {
                    passport.authenticate.called.should.be.true();
                    Permissions.hasPermission.called.should.be.true();
                    Permissions.hasPermission.lastCall.args[0].should.eql("read");
                    Permissions.hasPermission.lastCall.args[1].should.eql("foo");
                    done();
                } catch(err) {
                    done(err);
                }
            })
        });

        it('rejects for invalid user permission', function(done) {
            sinon.stub(passport,"authenticate").callsFake(function(scopes,opts) {
                return function(req,res,next) {
                    next();
                }
            });
            sinon.stub(Permissions,"hasPermission").callsFake(function(perm) { return false });
            auth.init({adminAuth:{}});
            var func = auth.needsPermission("foo");
            func({user:true,authInfo: { scope: "read"}},{
                status: function(status) {
                    return { end: function() {
                        try {
                            status.should.eql(401);
                            done();
                        } catch(err) {
                            done(err);
                        }
                    }}
                }
            },function() {
                done(new Error("hasPermission unexpected passed"))
            });
        });
    });
});