#--
# Cloud Foundry 2012.02.03 Beta
# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
#
# This product is licensed to you under the Apache License, Version 2.0 (the "License").
# You may not use this product except in compliance with the License.
#
# This product includes a number of subcomponents with
# separate copyright notices and license terms. Your use of these
# subcomponents is subject to the terms and conditions of the
# subcomponent's license, as noted in the LICENSE file.
#++

require 'spec_helper'
require 'uaa'
require 'pp'

# Example config for integration tests with defaults:
#    ENV["UAA_CLIENT_ID"] = "admin"
#    ENV["UAA_CLIENT_SECRET"] = "adminsecret"
#    ENV["UAA_CLIENT_TARGET"] = "http://localhost:8080/uaa"

module CF::UAA

if ENV["UAA_CLIENT_TARGET"]

describe "UAA Integration:" do

  def create_test_client
    toki = TokenIssuer.new(@target, @admin_client, @admin_secret)
    cr = Scim.new(@target, toki.client_credentials_grant.auth_header, :symbolize_keys => true)
    @test_client = "test_client_#{Time.now.to_i}"
    @test_secret = "+=tEsTsEcRet~!@"
    gids = ["clients.read", "scim.read", "scim.write", "uaa.resource", "password.write"]
    new_client = cr.add(:client, :client_id => @test_client, :client_secret => @test_secret,
          :authorities => gids, :authorized_grant_types => ["client_credentials", "password"],
          :scope => ["openid", "password.write"])
    new_client[:client_id].should == @test_client
    @username = "sam_#{Time.now.to_i}"
  end

  before :all do
    #Util.default_logger(:trace)
    @admin_client = ENV["UAA_CLIENT_ID"] || "admin"
    @admin_secret = ENV["UAA_CLIENT_SECRET"] || "adminsecret"
    @target = ENV["UAA_CLIENT_TARGET"]
    @username = "sam_#{Time.now.to_i}"
  end

  it "should report the uaa client version" do
    VERSION.should =~ /\d.\d.\d/
  end

  it "makes sure the server is there by getting the prompts for an implicit grant" do
    prompts = TokenIssuer.new(@target, @admin_client, @admin_secret).prompts
    prompts.should_not be_nil
  end

  it "gets a token with client credentials" do
    tkn = TokenIssuer.new(@target, @admin_client, @admin_secret).client_credentials_grant
    tkn.auth_header.should =~ /^bearer\s/i
    info = TokenCoder.decode(tkn.info["access_token"], :verify => false, :symbolize_keys => true)
    info[:exp].should be
    info[:jti].should be
  end

  context "as a client," do

    before :all do
      create_test_client
      toki = TokenIssuer.new(@target, @test_client, @test_secret)
      @scim = Scim.new(@target, toki.client_credentials_grant.auth_header, :symbolize_keys => true)
      @user_pwd = "sam's P@55w0rd~!`@\#\$%^&*()_/{}[]\\|:\";',.<>?/"
      usr = @scim.add(:user, :username => @username, :password => @user_pwd,
          :emails => [{:value => "sam@example.com"}],
          :name => {:givenname => "none", :familyname => "none"})
      @user_id = usr[:id]
    end

    after :all do
      # TODO: delete user, delete test client
    end

    it "creates a user" do
      @user_id.should be
    end

    it "finds the user by name" do
      @scim.id(:user, @username).should == @user_id
    end

    it "gets the user by id" do
      user_info = @scim.get(:user, @user_id)
      user_info[:id].should == @user_id
      user_info[:username].should == @username
    end

    it "gets a user token by an implicit grant" do
      @toki = TokenIssuer.new(@target, "vmc")
      token = @toki.implicit_grant_with_creds(:username => @username, :password => @user_pwd)
      token.info["access_token"].should be
      info = Misc.whoami(@target, token.auth_header)
      info["user_name"].should == @username
      contents = TokenCoder.decode(token.info["access_token"], :verify => false)
      contents["user_name"].should == @username
    end

    it "changes the user's password by name" do
      @scim.change_password(@scim.id(:user, @username), "newpassword")[:status].should == "ok"
    end

    it "lists all users" do
      user_info = @scim.query(:user)
      user_info.should_not be_nil
    end

    if ENV["UAA_CLIENT_LOGIN"]
      it "should get a uri to be sent to the user agent to initiate autologin" do
        logn = ENV["UAA_CLIENT_LOGIN"]
        toki = TokenIssuer.new(logn, @test_client, @test_secret)
        redir_uri = "http://call.back/uri_path"
        uri_parts = toki.autologin_uri(redir_uri, :username => @username,
            :password => "newpassword").split('?')
        uri_parts[0].should == "#{logn}/oauth/authorize"
        params = Util.decode_form(uri_parts[1], :sym)
        params[:response_type].should == "code"
        params[:client_id].should == @client_id
        params[:scope].should be_nil
        params[:redirect_uri].should == redir_uri
        params[:state].should_not be_nil
        params[:code].should_not be_nil
      end
    end

    it "deletes the user" do
      @scim.delete(:user, @user_id)
      expect { @scim.id(:user, @username) }.to raise_exception(NotFound)
      expect { @scim.get(:user, @user_id) }.to raise_exception(NotFound)
    end

    it "complains about an attempt to delete a non-existent user" do
      expect { @scim.delete(:user, "non-existent-user") }.to raise_exception(NotFound)
    end

  end

end end

end