#! /usr/bin/env ruby
require 'spec_helper'

require 'puppet/network/http'
require 'puppet/network/http/api/v1'
require 'puppet/indirector_testing'

describe Puppet::Network::HTTP::API::V1 do
  let(:not_found_code) { Puppet::Network::HTTP::Error::HTTPNotFoundError::CODE }
  let(:not_acceptable_code) { Puppet::Network::HTTP::Error::HTTPNotAcceptableError::CODE }
  let(:not_authorized_code) { Puppet::Network::HTTP::Error::HTTPNotAuthorizedError::CODE }

  let(:indirection) { Puppet::IndirectorTesting.indirection }
  let(:handler) { Puppet::Network::HTTP::API::V1.new }
  let(:response) { Puppet::Network::HTTP::MemoryResponse.new }

  def a_request_that_heads(data, request = {})
    Puppet::Network::HTTP::Request.from_hash({
      :headers => {
        'accept' => request[:accept_header],
        'content-type' => "text/yaml", },
      :method => "HEAD",
      :path => "/production/#{indirection.name}/#{data.value}",
      :params => {},
    })
  end

  def a_request_that_submits(data, request = {})
    Puppet::Network::HTTP::Request.from_hash({
      :headers => {
        'accept' => request[:accept_header],
        'content-type' => request[:content_type_header] || "text/yaml", },
      :method => "PUT",
      :path => "/production/#{indirection.name}/#{data.value}",
      :params => {},
      :body => request[:body] || data.render("text/yaml")
    })
  end

  def a_request_that_destroys(data, request = {})
    Puppet::Network::HTTP::Request.from_hash({
      :headers => {
        'accept' => request[:accept_header],
        'content-type' => "text/yaml", },
      :method => "DELETE",
      :path => "/production/#{indirection.name}/#{data.value}",
      :params => {},
      :body => ''
    })
  end

  def a_request_that_finds(data, request = {})
    Puppet::Network::HTTP::Request.from_hash({
      :headers => {
        'accept' => request[:accept_header],
        'content-type' => "text/yaml", },
      :method => "GET",
      :path => "/production/#{indirection.name}/#{data.value}",
      :params => {},
      :body => ''
    })
  end

  def a_request_that_searches(key, request = {})
    Puppet::Network::HTTP::Request.from_hash({
      :headers => {
        'accept' => request[:accept_header],
        'content-type' => "text/yaml", },
      :method => "GET",
      :path => "/production/#{indirection.name}s/#{key}",
      :params => {},
      :body => ''
    })
  end


  before do
    Puppet::IndirectorTesting.indirection.terminus_class = :memory
    Puppet::IndirectorTesting.indirection.terminus.clear
    handler.stubs(:check_authorization)
    handler.stubs(:warn_if_near_expiration)
  end

  describe "when converting a URI into a request" do
    before do
      handler.stubs(:handler).returns "foo"
    end

    it "should require the http method, the URI, and the query parameters" do
      # Not a terribly useful test, but an important statement for the spec
      lambda { handler.uri2indirection("/foo") }.should raise_error(ArgumentError)
    end

    it "should use the first field of the URI as the environment" do
      handler.uri2indirection("GET", "/env/foo/bar", {})[3][:environment].to_s.should == "env"
    end

    it "should fail if the environment is not alphanumeric" do
      lambda { handler.uri2indirection("GET", "/env ness/foo/bar", {}) }.should raise_error(ArgumentError)
    end

    it "should use the environment from the URI even if one is specified in the parameters" do
      handler.uri2indirection("GET", "/env/foo/bar", {:environment => "otherenv"})[3][:environment].to_s.should == "env"
    end

    it "should not pass a buck_path parameter through (See Bugs #13553, #13518, #13511)" do
      handler.uri2indirection("GET", "/env/foo/bar", { :bucket_path => "/malicious/path" })[3].should_not include({ :bucket_path => "/malicious/path" })
    end

    it "should pass allowed parameters through" do
      handler.uri2indirection("GET", "/env/foo/bar", { :allowed_param => "value" })[3].should include({ :allowed_param => "value" })
    end

    it "should return the environment as a Puppet::Node::Environment" do
      handler.uri2indirection("GET", "/env/foo/bar", {})[3][:environment].should be_a Puppet::Node::Environment
    end

    it "should not pass a buck_path parameter through (See Bugs #13553, #13518, #13511)" do
      handler.uri2indirection("GET", "/env/foo/bar", { :bucket_path => "/malicious/path" })[3].should_not include({ :bucket_path => "/malicious/path" })
    end

    it "should pass allowed parameters through" do
      handler.uri2indirection("GET", "/env/foo/bar", { :allowed_param => "value" })[3].should include({ :allowed_param => "value" })
    end

    it "should use the second field of the URI as the indirection name" do
      handler.uri2indirection("GET", "/env/foo/bar", {})[0].should == "foo"
    end

    it "should fail if the indirection name is not alphanumeric" do
      lambda { handler.uri2indirection("GET", "/env/foo ness/bar", {}) }.should raise_error(ArgumentError)
    end

    it "should use the remainder of the URI as the indirection key" do
      handler.uri2indirection("GET", "/env/foo/bar", {})[2].should == "bar"
    end

    it "should support the indirection key being a /-separated file path" do
      handler.uri2indirection("GET", "/env/foo/bee/baz/bomb", {})[2].should == "bee/baz/bomb"
    end

    it "should fail if no indirection key is specified" do
      lambda { handler.uri2indirection("GET", "/env/foo/", {}) }.should raise_error(ArgumentError)
      lambda { handler.uri2indirection("GET", "/env/foo", {}) }.should raise_error(ArgumentError)
    end

    it "should choose 'find' as the indirection method if the http method is a GET and the indirection name is singular" do
      handler.uri2indirection("GET", "/env/foo/bar", {})[1].should == :find
    end

    it "should choose 'find' as the indirection method if the http method is a POST and the indirection name is singular" do
      handler.uri2indirection("POST", "/env/foo/bar", {})[1].should == :find
    end

    it "should choose 'head' as the indirection method if the http method is a HEAD and the indirection name is singular" do
      handler.uri2indirection("HEAD", "/env/foo/bar", {})[1].should == :head
    end

    it "should choose 'search' as the indirection method if the http method is a GET and the indirection name is plural" do
      handler.uri2indirection("GET", "/env/foos/bar", {})[1].should == :search
    end

    it "should choose 'find' as the indirection method if the http method is a GET and the indirection name is facts" do
      handler.uri2indirection("GET", "/env/facts/bar", {})[1].should == :find
    end

    it "should choose 'save' as the indirection method if the http method is a PUT and the indirection name is facts" do
      handler.uri2indirection("PUT", "/env/facts/bar", {})[1].should == :save
    end

    it "should choose 'search' as the indirection method if the http method is a GET and the indirection name is inventory" do
      handler.uri2indirection("GET", "/env/inventory/search", {})[1].should == :search
    end

    it "should choose 'find' as the indirection method if the http method is a GET and the indirection name is facts" do
      handler.uri2indirection("GET", "/env/facts/bar", {})[1].should == :find
    end

    it "should choose 'save' as the indirection method if the http method is a PUT and the indirection name is facts" do
      handler.uri2indirection("PUT", "/env/facts/bar", {})[1].should == :save
    end

    it "should choose 'search' as the indirection method if the http method is a GET and the indirection name is inventory" do
      handler.uri2indirection("GET", "/env/inventory/search", {})[1].should == :search
    end

    it "should choose 'search' as the indirection method if the http method is a GET and the indirection name is facts_search" do
      handler.uri2indirection("GET", "/env/facts_search/bar", {})[1].should == :search
    end

    it "should change indirection name to 'facts' if the http method is a GET and the indirection name is facts_search" do
      handler.uri2indirection("GET", "/env/facts_search/bar", {})[0].should == 'facts'
    end

    it "should not change indirection name from 'facts' if the http method is a GET and the indirection name is facts" do
      handler.uri2indirection("GET", "/env/facts/bar", {})[0].should == 'facts'
    end

    it "should change indirection name to 'status' if the http method is a GET and the indirection name is statuses" do
      handler.uri2indirection("GET", "/env/statuses/bar", {})[0].should == 'status'
    end

    it "should change indirection name to 'probe' if the http method is a GET and the indirection name is probes" do
      handler.uri2indirection("GET", "/env/probes/bar", {})[0].should == 'probe'
    end

    it "should choose 'delete' as the indirection method if the http method is a DELETE and the indirection name is singular" do
      handler.uri2indirection("DELETE", "/env/foo/bar", {})[1].should == :destroy
    end

    it "should choose 'save' as the indirection method if the http method is a PUT and the indirection name is singular" do
      handler.uri2indirection("PUT", "/env/foo/bar", {})[1].should == :save
    end

    it "should fail if an indirection method cannot be picked" do
      lambda { handler.uri2indirection("UPDATE", "/env/foo/bar", {}) }.should raise_error(ArgumentError)
    end

    it "should URI unescape the indirection key" do
      escaped = URI.escape("foo bar")
      indirection_name, method, key, params = handler.uri2indirection("GET", "/env/foo/#{escaped}", {})
      key.should == "foo bar"
    end
  end

  describe "when converting a request into a URI" do
    let(:request) { Puppet::Indirector::Request.new(:foo, :find, "with spaces", nil, :foo => :bar, :environment => "myenv") }

    it "should use the environment as the first field of the URI" do
      handler.class.indirection2uri(request).split("/")[1].should == "myenv"
    end

    it "should use the indirection as the second field of the URI" do
      handler.class.indirection2uri(request).split("/")[2].should == "foo"
    end

    it "should pluralize the indirection name if the method is 'search'" do
      request.stubs(:method).returns :search
      handler.class.indirection2uri(request).split("/")[2].should == "foos"
    end

    it "should use the escaped key as the remainder of the URI" do
      escaped = URI.escape("with spaces")
      handler.class.indirection2uri(request).split("/")[3].sub(/\?.+/, '').should == escaped
    end

    it "should add the query string to the URI" do
      request.expects(:query_string).returns "?query"
      handler.class.indirection2uri(request).should =~ /\?query$/
    end
  end

  describe "when converting a request into a URI with body" do
    let(:request) { Puppet::Indirector::Request.new(:foo, :find, "with spaces", nil, :foo => :bar, :environment => "myenv") }

    it "should use the environment as the first field of the URI" do
      handler.class.request_to_uri_and_body(request).first.split("/")[1].should == "myenv"
    end

    it "should use the indirection as the second field of the URI" do
      handler.class.request_to_uri_and_body(request).first.split("/")[2].should == "foo"
    end

    it "should use the escaped key as the remainder of the URI" do
      escaped = URI.escape("with spaces")
      handler.class.request_to_uri_and_body(request).first.split("/")[3].sub(/\?.+/, '').should == escaped
    end

    it "should return the URI and body separately" do
      handler.class.request_to_uri_and_body(request).should == ["/myenv/foo/with%20spaces", "foo=bar"]
    end
  end

  describe "when processing a request" do
    it "should return not_authorized_code if the request is not authorized" do
      request = a_request_that_heads(Puppet::IndirectorTesting.new("my data"))

      handler.expects(:check_authorization).raises(Puppet::Network::AuthorizationError.new("forbidden"))

      handler.call(request, response)

      expect(response.code).to eq(not_authorized_code)
    end

    it "should return 'not found' if the indirection does not support remote requests" do
      request = a_request_that_heads(Puppet::IndirectorTesting.new("my data"))

      indirection.expects(:allow_remote_requests?).returns(false)

      handler.call(request, response)

      expect(response.code).to eq(not_found_code)
    end

    it "should return 'not found' if the environment does not exist" do
      Puppet.override(:environments => Puppet::Environments::Static.new()) do
        request = a_request_that_heads(Puppet::IndirectorTesting.new("my data"))

        handler.call(request, response)

        expect(response.code).to eq(not_found_code)
      end
    end

    it "should serialize a controller exception when an exception is thrown while finding the model instance" do
      request = a_request_that_finds(Puppet::IndirectorTesting.new("key"))
      handler.expects(:do_find).raises(ArgumentError, "The exception")

      handler.call(request, response)

      expect(response.code).to eq(400)
      expect(response.body).to eq("The exception")
      expect(response.type).to eq("text/plain")
    end
  end

  describe "when finding a model instance" do
    it "uses the first supported format for the response" do
      data = Puppet::IndirectorTesting.new("my data")
      indirection.save(data, "my data")
      request = a_request_that_finds(data, :accept_header => "unknown, pson, yaml")

      handler.call(request, response)

      expect(response.body).to eq(data.render(:pson))
      expect(response.type).to eq(Puppet::Network::FormatHandler.format(:pson))
    end

    it "responds with a not_acceptable_code error when no accept header is provided" do
      data = Puppet::IndirectorTesting.new("my data")
      indirection.save(data, "my data")
      request = a_request_that_finds(data, :accept_header => nil)

      handler.call(request, response)

      expect(response.code).to eq(not_acceptable_code)
    end

    it "raises an error when no accepted formats are known" do
      data = Puppet::IndirectorTesting.new("my data")
      indirection.save(data, "my data")
      request = a_request_that_finds(data, :accept_header => "unknown, also/unknown")

      handler.call(request, response)

      expect(response.code).to eq(not_acceptable_code)
    end

    it "should pass the result through without rendering it if the result is a string" do
      data = Puppet::IndirectorTesting.new("my data")
      data_string = "my data string"
      request = a_request_that_finds(data, :accept_header => "pson")
      indirection.expects(:find).returns(data_string)

      handler.call(request, response)

      expect(response.body).to eq(data_string)
      expect(response.type).to eq(Puppet::Network::FormatHandler.format(:pson))
    end

    it "should return a not_found_code when no model instance can be found" do
      data = Puppet::IndirectorTesting.new("my data")
      request = a_request_that_finds(data, :accept_header => "unknown, pson, yaml")

      handler.call(request, response)
      expect(response.code).to eq(not_found_code)
    end
  end

  describe "when searching for model instances" do
    it "uses the first supported format for the response" do
      data = Puppet::IndirectorTesting.new("my data")
      indirection.save(data, "my data")
      request = a_request_that_searches("my", :accept_header => "unknown, pson, yaml")

      handler.call(request, response)

      expect(response.type).to eq(Puppet::Network::FormatHandler.format(:pson))
      expect(response.body).to eq(Puppet::IndirectorTesting.render_multiple(:pson, [data]))
    end

    it "should return [] when searching returns an empty array" do
      request = a_request_that_searches("nothing", :accept_header => "unknown, pson, yaml")

      handler.call(request, response)

      expect(response.body).to eq("[]")
      expect(response.type).to eq(Puppet::Network::FormatHandler.format(:pson))
    end

    it "should return a not_found_code when searching returns nil" do
      request = a_request_that_searches("nothing", :accept_header => "unknown, pson, yaml")
      indirection.expects(:search).returns(nil)

      handler.call(request, response)

      expect(response.code).to eq(not_found_code)
    end
  end

  describe "when destroying a model instance" do
    it "destroys the data indicated in the request" do
      data = Puppet::IndirectorTesting.new("my data")
      indirection.save(data, "my data")
      request = a_request_that_destroys(data)

      handler.call(request, response)

      Puppet::IndirectorTesting.indirection.find("my data").should be_nil
    end

    it "responds with yaml when no Accept header is given" do
      data = Puppet::IndirectorTesting.new("my data")
      indirection.save(data, "my data")
      request = a_request_that_destroys(data, :accept_header => nil)

      handler.call(request, response)

      expect(response.body).to eq(data.render(:yaml))
      expect(response.type).to eq(Puppet::Network::FormatHandler.format(:yaml))
    end

    it "uses the first supported format for the response" do
      data = Puppet::IndirectorTesting.new("my data")
      indirection.save(data, "my data")
      request = a_request_that_destroys(data, :accept_header => "unknown, pson, yaml")

      handler.call(request, response)

      expect(response.body).to eq(data.render(:pson))
      expect(response.type).to eq(Puppet::Network::FormatHandler.format(:pson))
    end

    it "raises an error and does not destroy when no accepted formats are known" do
      data = Puppet::IndirectorTesting.new("my data")
      indirection.save(data, "my data")
      request = a_request_that_submits(data, :accept_header => "unknown, also/unknown")

      handler.call(request, response)

      expect(response.code).to eq(not_acceptable_code)
      Puppet::IndirectorTesting.indirection.find("my data").should_not be_nil
    end
  end

  describe "when saving a model instance" do
    it "allows an empty body when the format supports it" do
      class Puppet::IndirectorTesting::Nonvalidatingmemory < Puppet::IndirectorTesting::Memory
        def validate_key(_)
          # nothing
        end
      end

      indirection.terminus_class = :nonvalidatingmemory

      data = Puppet::IndirectorTesting.new("test")
      request = a_request_that_submits(data,
                                       :content_type_header => "application/x-raw",
                                       :body => '')

      handler.call(request, response)

      Puppet::IndirectorTesting.indirection.find("test").name.should == ''
    end

    it "saves the data sent in the request" do
      data = Puppet::IndirectorTesting.new("my data")
      request = a_request_that_submits(data)

      handler.call(request, response)

      saved = Puppet::IndirectorTesting.indirection.find("my data")
      expect(saved.name).to eq(data.name)
    end

    it "responds with yaml when no Accept header is given" do
      data = Puppet::IndirectorTesting.new("my data")
      request = a_request_that_submits(data, :accept_header => nil)

      handler.call(request, response)

      expect(response.body).to eq(data.render(:yaml))
      expect(response.type).to eq(Puppet::Network::FormatHandler.format(:yaml))
    end

    it "uses the first supported format for the response" do
      data = Puppet::IndirectorTesting.new("my data")
      request = a_request_that_submits(data, :accept_header => "unknown, pson, yaml")

      handler.call(request, response)

      expect(response.body).to eq(data.render(:pson))
      expect(response.type).to eq(Puppet::Network::FormatHandler.format(:pson))
    end

    it "raises an error and does not save when no accepted formats are known" do
      data = Puppet::IndirectorTesting.new("my data")
      request = a_request_that_submits(data, :accept_header => "unknown, also/unknown")

      handler.call(request, response)

      expect(Puppet::IndirectorTesting.indirection.find("my data")).to be_nil
      expect(response.code).to eq(not_acceptable_code)
    end
  end

  describe "when performing head operation" do
    it "should not generate a response when a model head call succeeds" do
      data = Puppet::IndirectorTesting.new("my data")
      indirection.save(data, "my data")
      request = a_request_that_heads(data)

      handler.call(request, response)

      expect(response.code).to eq(nil)
    end

    it "should return a not_found_code when the model head call returns false" do
      data = Puppet::IndirectorTesting.new("my data")
      request = a_request_that_heads(data)

      handler.call(request, response)

      expect(response.code).to eq(not_found_code)
      expect(response.type).to eq("text/plain")
      expect(response.body).to eq("Not Found: Could not find indirector_testing my data")
    end
  end
end