import assert = require("assert");
import AuthenticationValidator = require("../../../src/lib/routes/AuthenticationValidator");
import sinon = require("sinon");
import winston = require("winston");

import express = require("express");

import ExpressMock = require("../mocks/express");
import AccessControllerMock = require("../mocks/AccessController");

describe("test authentication token verification", function () {
  let req: ExpressMock.RequestMock;
  let res: ExpressMock.ResponseMock;
  let accessController: AccessControllerMock.AccessControllerMock;

  beforeEach(function () {
    accessController = AccessControllerMock.AccessControllerMock();
    accessController.isDomainAllowedForUser.returns(true);

    req = ExpressMock.RequestMock();
    res = ExpressMock.ResponseMock();
    req.headers = {};
    req.headers.host = "secret.example.com";
    req.app.get = sinon.stub();
    req.app.get.withArgs("config").returns({});
    req.app.get.withArgs("logger").returns(winston);
    req.app.get.withArgs("access controller").returns(accessController);
  });

  interface AuthenticationSession {
    first_factor?: boolean;
    second_factor?: boolean;
    userid?: string;
    groups?: string[];
  }

  it("should be already authenticated", function (done) {
    req.session = {};
    req.session.auth_session = {
      first_factor: true,
      second_factor: true,
      userid: "myuser",
    } as AuthenticationSession;

    res.send = sinon.spy(function () {
      assert.equal(204, res.status.getCall(0).args[0]);
      done();
    });

    AuthenticationValidator(req as express.Request, res as any);
  });

  describe("given different cases of session", function () {
    function test_session(auth_session: AuthenticationSession, status_code: number) {
      return new Promise(function (resolve, reject) {
        req.session = {};
        req.session.auth_session = auth_session;

        res.send = sinon.spy(function () {
          assert.equal(status_code, res.status.getCall(0).args[0]);
          resolve();
        });

        AuthenticationValidator(req as express.Request, res as any);
      });
    }

    function test_unauthorized(auth_session: AuthenticationSession) {
      return test_session(auth_session, 401);
    }

    function test_authorized(auth_session: AuthenticationSession) {
      return test_session(auth_session, 204);
    }

    it("should not be authenticated when second factor is missing", function () {
      return test_unauthorized({
        userid: "user",
        first_factor: true,
        second_factor: false
      });
    });

    it("should not be authenticated when first factor is missing", function () {
      return test_unauthorized({ first_factor: false, second_factor: true });
    });

    it("should not be authenticated when userid is missing", function () {
      return test_unauthorized({
        first_factor: true,
        second_factor: true,
        groups: ["mygroup"],
      });
    });

    it("should not be authenticated when first and second factor are missing", function () {
      return test_unauthorized({ first_factor: false, second_factor: false });
    });

    it("should not be authenticated when session has not be initiated", function () {
      return test_unauthorized(undefined);
    });

    it("should not be authenticated when session is partially initialized", function () {
      return test_unauthorized({ first_factor: true });
    });
  });
});