package tfa

import (
	"bytes"
	"os"
	"testing"
	"time"
)

/**
 * Tests
 */

func TestConfigDefaults(t *testing.T) {
	// Check defaults
	c, err := NewConfig([]string{})
	if err != nil {
		t.Error(err)
	}

	if c.LogLevel != "warn" {
		t.Error("LogLevel default should be warn, got", c.LogLevel)
	}
	if c.LogFormat != "text" {
		t.Error("LogFormat default should be text, got", c.LogFormat)
	}

	if c.AuthHost != "" {
		t.Error("AuthHost default should be empty, got", c.AuthHost)
	}
	if len(c.CookieDomains) != 0 {
		t.Error("CookieDomains default should be empty, got", c.CookieDomains)
	}
	if c.InsecureCookie != false {
		t.Error("InsecureCookie default should be false, got", c.InsecureCookie)
	}
	if c.CookieName != "_forward_auth" {
		t.Error("CookieName default should be _forward_auth, got", c.CookieName)
	}
	if c.CSRFCookieName != "_forward_auth_csrf" {
		t.Error("CSRFCookieName default should be _forward_auth_csrf, got", c.CSRFCookieName)
	}
	if c.DefaultAction != "auth" {
		t.Error("DefaultAction default should be auth, got", c.DefaultAction)
	}
	if len(c.Domains) != 0 {
		t.Error("Domain default should be empty, got", c.Domains)
	}
	if c.Lifetime != time.Second*time.Duration(43200) {
		t.Error("Lifetime default should be 43200, got", c.Lifetime)
	}
	if c.Path != "/_oauth" {
		t.Error("Path default should be /_oauth, got", c.Path)
	}
	if len(c.Whitelist) != 0 {
		t.Error("Whitelist default should be empty, got", c.Whitelist)
	}

	if c.Providers.Google.Prompt != "" {
		t.Error("Providers.Google.Prompt default should be empty, got", c.Providers.Google.Prompt)
	}
}

func TestConfigParseArgs(t *testing.T) {
	c, err := NewConfig([]string{
		"--cookie-name=cookiename",
		"--csrf-cookie-name", "\"csrfcookiename\"",
		"--rule.1.action=allow",
		"--rule.1.rule=PathPrefix(`/one`)",
		"--rule.two.action=auth",
		"--rule.two.rule=\"Host(`two.com`) && Path(`/two`)\"",
	})
	if err != nil {
		t.Error(err)
	}

	// Check normal flags
	if c.CookieName != "cookiename" {
		t.Error("CookieName default should be cookiename, got", c.CookieName)
	}
	if c.CSRFCookieName != "csrfcookiename" {
		t.Error("CSRFCookieName default should be csrfcookiename, got", c.CSRFCookieName)
	}

	// Check rules
	if len(c.Rules) != 2 {
		t.Error("Should create 2 rules, got:", len(c.Rules))
	}

	// First rule
	if rule, ok := c.Rules["1"]; !ok {
		t.Error("Could not find rule key '1'")
	} else {
		if rule.Action != "allow" {
			t.Error("First rule action should be allow, got:", rule.Action)
		}
		if rule.Rule != "PathPrefix(`/one`)" {
			t.Error("First rule rule should be PathPrefix(`/one`), got:", rule.Rule)
		}
		if rule.Provider != "google" {
			t.Error("First rule provider should be google, got:", rule.Provider)
		}
	}

	// Second rule
	if rule, ok := c.Rules["two"]; !ok {
		t.Error("Could not find rule key '1'")
	} else {
		if rule.Action != "auth" {
			t.Error("Second rule action should be auth, got:", rule.Action)
		}
		if rule.Rule != "Host(`two.com`) && Path(`/two`)" {
			t.Error("Second rule rule should be Host(`two.com`) && Path(`/two`), got:", rule.Rule)
		}
		if rule.Provider != "google" {
			t.Error("Second rule provider should be google, got:", rule.Provider)
		}
	}
}

func TestConfigParseUnknownFlags(t *testing.T) {
	_, err := NewConfig([]string{
		"--unknown=_oauthpath2",
	})
	if err.Error() != "unknown flag: unknown" {
		t.Error("Error should be \"unknown flag: unknown\", got:", err)
	}
}

func TestConfigFlagBackwardsCompatability(t *testing.T) {
	c, err := NewConfig([]string{
		"--client-id=clientid",
		"--client-secret=verysecret",
		"--prompt=prompt",
		"--lifetime=200",
		"--cookie-secure=false",
	})
	if err != nil {
		t.Error(err)
	}

	if c.ClientIdLegacy != "clientid" {
		t.Error("ClientIdLegacy should be clientid, got", c.ClientIdLegacy)
	}
	if c.Providers.Google.ClientId != "clientid" {
		t.Error("Providers.Google.ClientId should be clientid, got", c.Providers.Google.ClientId)
	}
	if c.ClientSecretLegacy != "verysecret" {
		t.Error("ClientSecretLegacy should be verysecret, got", c.ClientSecretLegacy)
	}
	if c.Providers.Google.ClientSecret != "verysecret" {
		t.Error("Providers.Google.ClientSecret should be verysecret, got", c.Providers.Google.ClientSecret)
	}
	if c.PromptLegacy != "prompt" {
		t.Error("PromptLegacy should be prompt, got", c.PromptLegacy)
	}
	if c.Providers.Google.Prompt != "prompt" {
		t.Error("Providers.Google.Prompt should be prompt, got", c.Providers.Google.Prompt)
	}

	// "cookie-secure" used to be a standard go bool flag that could take
	// true, TRUE, 1, false, FALSE, 0 etc. values.
	// Here we're checking that format is still suppoted
	if c.CookieSecureLegacy != "false" || c.InsecureCookie != true {
		t.Error("Setting cookie-secure=false should set InsecureCookie true, got", c.InsecureCookie)
	}
	c, err = NewConfig([]string{"--cookie-secure=TRUE"})
	if err != nil {
		t.Error(err)
	}
	if c.CookieSecureLegacy != "TRUE" || c.InsecureCookie != false {
		t.Error("Setting cookie-secure=TRUE should set InsecureCookie false, got", c.InsecureCookie)
	}
}

func TestConfigParseIni(t *testing.T) {
	c, err := NewConfig([]string{
		"--config=../test/config0",
		"--config=../test/config1",
		"--csrf-cookie-name=csrfcookiename",
	})
	if err != nil {
		t.Error(err)
	}

	if c.CookieName != "inicookiename" {
		t.Error("CookieName should be read as inicookiename from ini file, got", c.CookieName)
	}
	if c.CSRFCookieName != "csrfcookiename" {
		t.Error("CSRFCookieName argument should override ini file, got", c.CSRFCookieName)
	}
	if c.Path != "/two" {
		t.Error("Path in second ini file should override first ini file, got", c.Path)
	}
}

func TestConfigFileBackwardsCompatability(t *testing.T) {
	c, err := NewConfig([]string{
		"--config=../test/config-legacy",
	})
	if err != nil {
		t.Error(err)
	}

	if c.Path != "/two" {
		t.Error("Path in legacy config file should be read, got", c.Path)
	}
}

func TestConfigParseEnvironment(t *testing.T) {
	os.Setenv("COOKIE_NAME", "env_cookie_name")
	c, err := NewConfig([]string{})
	if err != nil {
		t.Error(err)
	}

	if c.CookieName != "env_cookie_name" {
		t.Error("CookieName should be read as env_cookie_name from environment, got", c.CookieName)
	}
}

func TestConfigTransformation(t *testing.T) {
	c, err := NewConfig([]string{
		"--url-path=_oauthpath",
		"--secret=verysecret",
		"--lifetime=200",
	})
	if err != nil {
		t.Error(err)
	}

	if c.Path != "/_oauthpath" {
		t.Error("Path should add slash to front to get /_oauthpath, got:", c.Path)
	}

	if c.SecretString != "verysecret" {
		t.Error("SecretString should be verysecret, got:", c.SecretString)
	}
	if bytes.Compare(c.Secret, []byte("verysecret")) != 0 {
		t.Error("Secret should be []byte(verysecret), got:", string(c.Secret))
	}

	if c.LifetimeString != 200 {
		t.Error("LifetimeString should be 200, got:", c.LifetimeString)
	}
	if c.Lifetime != time.Second*time.Duration(200) {
		t.Error("Lifetime default should be 200, got", c.Lifetime)
	}
}

func TestConfigCommaSeparatedList(t *testing.T) {
	list := CommaSeparatedList{}

	err := list.UnmarshalFlag("one,two")
	if err != nil {
		t.Error(err)
	}
	if len(list) != 2 || list[0] != "one" || list[1] != "two" {
		t.Error("Expected UnmarshalFlag to provide CommaSeparatedList{one,two}, got", list)
	}

	marshal, err := list.MarshalFlag()
	if err != nil {
		t.Error(err)
	}
	if marshal != "one,two" {
		t.Error("Expected MarshalFlag to provide \"one,two\", got", list)
	}
}