import pytest

from auth.oauth import validate_bearer_auth, validate_oauth_token
from auth.validateresult import AuthKind, ValidateResult
from data import model
from test.fixtures import *


@pytest.mark.parametrize('header, expected_result', [
  ('', ValidateResult(AuthKind.oauth, missing=True)),
  ('somerandomtoken', ValidateResult(AuthKind.oauth, missing=True)),
  ('bearer some random token', ValidateResult(AuthKind.oauth, missing=True)),
  ('bearer invalidtoken',
   ValidateResult(AuthKind.oauth, error_message='OAuth access token could not be validated')),])
def test_bearer(header, expected_result, app):
  assert validate_bearer_auth(header) == expected_result


def test_valid_oauth(app):
  user = model.user.get_user('devtable')
  app = model.oauth.list_applications_for_org(model.user.get_user_or_org('buynlarge'))[0]
  token_string = '%s%s' % ('a' * 20, 'b' * 20)
  oauth_token, _ = model.oauth.create_access_token_for_testing(user, app.client_id, 'repo:read',
                                                               access_token=token_string)
  result = validate_bearer_auth('bearer ' + token_string)
  assert result.context.oauthtoken == oauth_token
  assert result.authed_user == user
  assert result.auth_valid


def test_disabled_user_oauth(app):
  user = model.user.get_user('disabled')
  token_string = '%s%s' % ('a' * 20, 'b' * 20)
  oauth_token, _ = model.oauth.create_access_token_for_testing(user, 'deadbeef', 'repo:admin',
                                                               access_token=token_string)

  result = validate_bearer_auth('bearer ' + token_string)
  assert result.context.oauthtoken is None
  assert result.authed_user is None
  assert not result.auth_valid
  assert result.error_message == 'Granter of the oauth access token is disabled'


def test_expired_token(app):
  user = model.user.get_user('devtable')
  token_string = '%s%s' % ('a' * 20, 'b' * 20)
  oauth_token, _ = model.oauth.create_access_token_for_testing(user, 'deadbeef', 'repo:admin',
                                                               access_token=token_string,
                                                               expires_in=-1000)

  result = validate_bearer_auth('bearer ' + token_string)
  assert result.context.oauthtoken is None
  assert result.authed_user is None
  assert not result.auth_valid
  assert result.error_message == 'OAuth access token has expired'