import {
  setupApphierarchy,
  basicAppHierarchyCreator_WithFields,
} from "./specHelpers"
import { userAuthFile, USERS_LOCK_FILE } from "../src/authApi/authCommon"
import { getLock } from "../src/common/lock"
import { getNewUserAuth } from "../src/authApi/getNewUser"
import { permission } from "../src/authApi/permissions"

describe("getNewUser", () => {
  it("should create correct fields", async () => {
    const { authApi } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = authApi.getNewUser()
    expect(user.name).toBe("")
    expect(user.accessLevels).toEqual([])
    expect(user.enabled).toBe(true)
    expect(user.temporaryAccessId).toBe("")
  })
})

describe("getNewUser", () => {
  it("should create correct fields", async () => {
    const { app } = await setupApphierarchy(basicAppHierarchyCreator_WithFields)
    const userAuth = getNewUserAuth(app)()
    expect(userAuth.passwordHash).toBe("")
    expect(userAuth.temporaryAccessHash).toEqual("")
    expect(userAuth.temporaryAccessExpiryEpoch).toBe(0)
  })
})

describe("validateUsers", () => {
  it("should not return errors for valid user", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = validUser(app, authApi)
    const errs = authApi.validateUser([user], user)
    expect(errs).toEqual([])
  })

  it("should have error when username is not set", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = validUser(app, authApi)
    user.name = ""
    const errs = authApi.validateUser([user], user)
    expect(errs.length).toBe(1)
    expect(errs[0].field).toBe("name")
  })

  it("should have error when duplicate usernames", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user1 = validUser(app, authApi)
    const user2 = validUser(app, authApi)
    const errs = authApi.validateUser([user1, user2], user1)
    expect(errs.length).toBe(1)
    expect(errs[0].field).toBe("name")
  })

  it("should have error when no access levels", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = validUser(app, authApi)
    user.accessLevels = []
    const errs = authApi.validateUser([user], user)
    expect(errs.length).toBe(1)
    expect(errs[0].field).toBe("accessLevels")
  })
})

describe("create and list users", () => {
  it("should create and load a valid user", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = validUser(app, authApi)
    await authApi.createUser(user)
    const users = await authApi.getUsers()
    expect(users.length).toBe(1)
    expect(users[0].name).toBe(user.name)
  })

  it("should not save an invalid user", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = validUser(app, authApi)
    user.name = ""
    let e
    try {
      await authApi.createUser(user)
    } catch (ex) {
      e = ex
    }
    expect(e).toBeDefined()
    const users = await authApi.getUsers()
    expect(users.length).toBe(0)
  })

  it("should not save when users file is locked", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = validUser(app, authApi)
    await getLock(app, USERS_LOCK_FILE, 10000, 0, 0)
    let e
    try {
      await authApi.createUser(user)
    } catch (ex) {
      e = ex
    }
    expect(e).toBeDefined()
    const users = await authApi.getUsers()
    expect(users.length).toBe(0)
  })

  it("should create temporary access when no password supplied", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = validUser(app, authApi)
    const returnedUser = await authApi.createUser(user)
    expect(returnedUser.tempCode.length).toBeGreaterThan(0)
    expect(returnedUser.temporaryAccessId.length).toBeGreaterThan(0)
  })

  it("should not store tempCode when temp access created", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = validUser(app, authApi)
    await authApi.createUser(user)
    const storedUser = (await authApi.getUsers())[0]
    expect(storedUser.tempCode).toBeUndefined()
  })

  it("should create user auth file with password hash, when password supplied", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = validUser(app, authApi)
    const returnedUser = await authApi.createUser(user, "password")
    expect(returnedUser.tempCode).toBeUndefined()
    expect(returnedUser.temporaryAccessId).toBeUndefined()

    const userAuth = await app.datastore.loadJson(userAuthFile(user.name))
    expect(userAuth.passwordHash.length).toBeGreaterThan(0)
  })

  it("should not create user when user with same name already exists", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = validUser(app, authApi)
    await authApi.createUser(user)

    let e
    try {
      await authApi.createUser(user)
    } catch (ex) {
      e = ex
    }
    expect(e).toBeDefined()
    const users = await authApi.getUsers()
    expect(users.length).toBe(1)
  })

  it("create should throw error when user user does not have permission", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = validUser(app, authApi)
    app.removePermission(permission.createUser.get())
    expect(authApi.createUser(user)).rejects.toThrow(/Unauthorized/)
  })

  it("create should not depend on having any other permissions", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    const user = validUser(app, authApi)
    app.withOnlyThisPermission(permission.createUser.get())
    await authApi.createUser(user)
  })

  it("list should throw error when user user does not have permission", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    app.removePermission(permission.listUsers.get())
    expect(authApi.getUsers()).rejects.toThrow(/Unauthorized/)
  })

  it("list should not depend on having any other permissions", async () => {
    const { authApi, app } = await setupApphierarchy(
      basicAppHierarchyCreator_WithFields
    )
    app.withOnlyThisPermission(permission.listUsers.get())
    await authApi.getUsers()
  })
})

const validUser = (app, authApi) => {
  const u = authApi.getNewUser(app)
  u.name = "bob"
  u.accessLevels = ["admin"]
  u.enabled = true
  return u
}