require 'spec_helper'
require 'rack'
require 'rack/test'

describe SoarAuthenticationToken::RackMiddleware do
  include Rack::Test::Methods

  def create_valid_token_generator
    keypair_generator = SoarAuthenticationToken::KeypairGenerator.new
    private_key, public_key = keypair_generator.generate
    configuration = {
      'mode' => 'remote',
      'generator-url' => 'http://authentication-token-generator-service:9393/generate'
    }
    generator = SoarAuthenticationToken::TokenGenerator.new(configuration)
    generator.inject_store_provider(get_store)
    [ generator, private_key, public_key ]
  end

  def create_invalid_token_generator
    keypair_generator = SoarAuthenticationToken::KeypairGenerator.new
    private_key, public_key = keypair_generator.generate
    configuration = {
      'mode' => 'local',
      'private_key' => private_key,
      'public_key' => public_key
    }
    generator = SoarAuthenticationToken::TokenGenerator.new(configuration)
    generator.inject_store_provider(get_store)
    [ generator, private_key, public_key ]
  end

  def get_store
    AuthTokenStoreProvider::Client.new({ 'service_url' => 'http://authentication-token-store:9393/'})
  end

  before :all do
    @local_valid_generator,   @valid_private_key,   @valid_public_key   = create_valid_token_generator
    @local_invalid_generator, @imvalid_private_key, @invalid_public_key = create_invalid_token_generator
  end

  before :each do
    @test_app = lambda do |env|
      request = Rack::Request.new env
      session = request.session
      [200, {"Content-Type"=>"text/html"}, ["tested with authenticated user #{session['user']}"] ]
    end
    @iut_configuration = {
      'mode' => 'remote',
      'generator-url' => 'http://authentication-token-generator-service:9393/generate',
      'validator-url' => 'http://authentication-token-validator-service:9393/validate'
    }
    @iut = SoarAuthenticationToken::RackMiddleware.new(@test_app, @iut_configuration)
  end

  it 'has a version number' do
    expect(SoarAuthenticationToken::VERSION).not_to be nil
  end

  context "when initialized" do
    it 'remembers the app provided' do
      expect(@iut.instance_variable_get("@app")).to eq(@test_app)
    end

    it 'remembers the configuration provided' do
      expect(@iut.instance_variable_get("@configuration")).to eq(@iut_configuration)
    end
  end

  context "when called with an environment" do
    it "should return 401 if the request contains no authentication token" do
      opts = { }
      code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
      expect([code, env, body]).to eq([401, {"Content-Type" => "text/html"}, ["401 - Not authenticated"]])
    end

    it "should return 401 if the request contains an invalid authentication token" do
      opts = { 'HTTP_AUTHORIZATION' => @local_invalid_generator.generate(authenticated_identifier: 'a@b.com') }
      code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
      expect([code, env, body]).to eq([401, {"Content-Type" => "text/html"}, ["401 - Not authenticated"]])
    end

    it "should pass requests that are authenticated through to the application" do
      opts = { 'HTTP_AUTHORIZATION' => @local_valid_generator.generate(authenticated_identifier: 'a@b.com') }
      code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
      expect([code, env, body]).to eq([200, {"Content-Type"=>"text/html"}, ["tested with authenticated user a@b.com"] ])
    end
  end
end