require File.dirname(__FILE__) + '/../integration_helper'

describe 'Authentication' do

  include Rack::Test::Methods

  def app
    run_server
  end

  describe 'sign up action' do

    it 'renders the form' do
      get '/account/sign-up'
      expect(last_response.body).to include '/account/sign-up'
    end

    describe 'press the sign up button' do

      let(:params) { {
        auth_action:          'sign_up',
        auth_content_type:    'accounts',
        auth_id_field:        'email',
        auth_password_field:  'password',
        auth_callback:        '/account/me',
        auth_entry: {
          name:                   'Chris Cornell',
          email:                  'chris@soundgarden.band',
          password:               'easyone',
          password_confirmation:  'easyone'
        }
      } }

      it 'redirects to the callback' do
        sign_up(params)
        expect(last_response.status).to eq 301
        expect(last_response.location).to eq '/account/me'
      end

      it 'displays the profile page as described in the params' do
        params[:auth_entry][:email] = 'chris.cornell@soundgarden.band'
        sign_up(params, true)
        expect(last_response.body).to include "My name is Chris Cornell and I'm logged in!"
      end

      context 'wrong parameters' do

        let(:params) { {
          auth_action:          'sign_up',
          auth_content_type:    'accounts',
          auth_id_field:        'email',
          auth_password_field:  'password',
          auth_callback:        '/account/me',
          auth_entry: {
            name:                   'Chris Cornell',
            email:                  'chris@soundgarden.band',
            password:               'easyone',
            password_confirmation:  'easyone2'
          }
        } }

        it 'renders the sign up page with an error message' do
          sign_up(params)
          expect(last_response.status).to eq 200
          expect(last_response.body).to include '/account/sign-up'
          expect(last_response.body).to include "doesn't match password"
        end

      end

      def sign_up(params, follow_redirect = false)
        post '/account/sign-up', params
        follow_redirect! if follow_redirect
        last_response
      end

    end

  end

  describe 'sign in action' do

    it 'renders the form' do
      get '/account/sign-in'
      expect(last_response.body).to include '/account/sign-in'
      expect(last_response.body).not_to include "You've been signed out"
    end

    describe 'press the sign in button' do

      let(:params) { {
        auth_action:          'sign_in',
        auth_content_type:    'accounts',
        auth_id_field:        'email',
        auth_password_field:  'password',
        auth_id:              'john@doe.net',
        auth_password:        'easyone',
        auth_callback:        '/account/me'
      } }

      it 'redirects to the callback' do
        sign_in(params)
        expect(last_response.status).to eq 301
        expect(last_response.location).to eq '/account/me'
      end

      it 'displays the profile page as described in the params' do
        sign_in(params, true)
        expect(last_response.body).to include "My name is John and I'm logged in!"
      end

      context 'wrong credentials' do

        let(:params) { {
          auth_action:          'sign_in',
          auth_content_type:    'accounts',
          auth_id_field:        'email',
          auth_password_field:  'password',
          auth_id:              'john@doe.net',
          auth_password:        'dontrememberit',
          auth_callback:        '/account/me'
        } }

        it 'renders the sign in page with an error message' do
          sign_in(params)
          expect(last_response.status).to eq 200
          expect(last_response.body).to include '/account/sign-in'
          expect(last_response.body).to include 'Your email and/or password are incorrect'
        end

      end

      def sign_in(params, follow_redirect = false)
        post '/account/sign-in', params
        follow_redirect! if follow_redirect
        last_response
      end

    end

  end

  describe 'sign out action' do

    let(:params) { {
      auth_action:          'sign_out',
      auth_content_type:    'accounts'
    } }

    let(:rack_session) { {
      'authenticated_entry_type'  => 'accounts',
      'authenticated_entry_id'    => 'john'
    } }

    it 'redirect to the requested page' do
      post '/account/sign-in', params, { 'rack.session' => rack_session }
      expect(last_response.status).to eq 301
      expect(last_response.location).to eq "/account/sign-in"
    end

    it 'displays the profile page as described in the params' do
      post '/account/sign-in', params, { 'rack.session' => rack_session }
      follow_redirect!
      expect(last_response.body).to include "Sign in"
      expect(last_response.body).not_to include "You're already authenticated!"
    end

  end

  describe 'forgot password action' do

    let(:email) { '' }

    let(:params) { {
      auth_action:                'forgot_password',
      auth_content_type:          'accounts',
      auth_id_field:              'email',
      auth_id:                    email,
      auth_reset_password_url:    'http://acme.com/account/reset-password',
      auth_callback:              '/account/sign-in',
      auth_email_handle:          'reset_password_instructions',
    } }

    it 'renders the forgot password page with an error message' do
      post '/account/forgot-password', params
      expect(last_response.status).to eq 200
      expect(last_response.body).to include 'Forgot your password'
      expect(last_response.body).to include 'Your email is unknown'
    end

    context 'with an known email' do

      let(:email) { 'john@doe.net' }

      it 'sends an email to the account' do
        post '/account/forgot-password', params
        expect(last_response.status).to eq 200
        expect(last_response.body).to include "The instructions for changing your password have been emailed to you"
      end

    end

  end

  describe 'reset password action' do

    let(:token) { '' }
    let(:new_password) { 'newone!' }

    let(:params) { {
      auth_action:                'reset_password',
      auth_content_type:          'accounts',
      auth_password_field:        'password',
      auth_password:              new_password,
      auth_reset_token:           token,
      auth_callback:              '/account/me'
    } }

    it 'renders the reset password page with an error message' do
      post '/account/reset-password', params
      expect(last_response.status).to eq 200
      expect(last_response.body).to include 'Change your password'
      expect(last_response.body).to include 'The reset token is not valid anymore'
    end

    context 'with an expired token' do

      let(:token) { '420000000000001' }

      it 'renders the reset password page with an error message' do
        post '/account/reset-password', params
        expect(last_response.status).to eq 200
        expect(last_response.body).to include 'Change your password'
        expect(last_response.body).to include 'The reset token is not valid anymore'
      end

    end

    context 'with a valid token' do

      let(:token) { '420000000000000' }

      it 'sends an email to the account' do
        post '/account/reset-password', params
        expect(last_response.status).to eq 301
        follow_redirect!
        expect(last_response.body).to include "My name is Jane and I'm logged in!"
      end

      context 'with a too short password' do

        let(:new_password) { 'short' }

        it 'renders the reset password page with an error message' do
          post '/account/reset-password', params
          expect(last_response.status).to eq 200
          expect(last_response.body).to include 'Change your password'
          expect(last_response.body).to include 'Your password is too short'
        end

      end

    end

  end

end