package header

import (
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/gin-gonic/gin"
	"github.com/stretchr/testify/assert"

	"github.com/photoprism/photoprism/pkg/rnd"
)

func TestAuthToken(t *testing.T) {
	t.Run("None", func(t *testing.T) {
		gin.SetMode(gin.TestMode)
		w := httptest.NewRecorder()
		c, _ := gin.CreateTestContext(w)
		c.Request = &http.Request{
			Header: make(http.Header),
		}

		// No headers have been set, so no token should be returned.
		token := AuthToken(c)
		assert.Equal(t, "", token)
	})
	t.Run("BearerToken", func(t *testing.T) {
		gin.SetMode(gin.TestMode)
		w := httptest.NewRecorder()
		c, _ := gin.CreateTestContext(w)
		c.Request = &http.Request{
			Header: make(http.Header),
		}

		// Set Bearer Authorization header to a random value generated by rnd.AuthToken().
		expected := rnd.AuthToken()
		SetAuthorization(c.Request, expected)

		// Check header for expected token.
		authToken := AuthToken(c)
		assert.Equal(t, expected, authToken)
		bearerToken := BearerToken(c)
		assert.Equal(t, authToken, bearerToken)
	})
	t.Run("XAuthToken", func(t *testing.T) {
		gin.SetMode(gin.TestMode)
		w := httptest.NewRecorder()
		c, _ := gin.CreateTestContext(w)
		c.Request = &http.Request{
			Header: make(http.Header),
		}

		// Set X-Auth-Token header to a random value generated by rnd.AuthToken().
		expected := rnd.AuthToken()
		c.Request.Header.Add(XAuthToken, expected)

		// Check header for expected token.
		authToken := AuthToken(c)
		assert.Equal(t, expected, authToken)
		bearerToken := BearerToken(c)
		assert.Equal(t, "", bearerToken)
	})
	t.Run("XSessionID", func(t *testing.T) {
		gin.SetMode(gin.TestMode)
		w := httptest.NewRecorder()
		c, _ := gin.CreateTestContext(w)
		c.Request = &http.Request{
			Header: make(http.Header),
		}

		// Set X-Session-ID header to a random value generated by rnd.AuthToken().
		expected := rnd.AuthToken()
		c.Request.Header.Add(XSessionID, expected)

		// Check header for expected token.
		authToken := AuthToken(c)
		assert.Equal(t, expected, authToken)
		bearerToken := BearerToken(c)
		assert.Equal(t, "", bearerToken)
	})
	t.Run("AuthSecret", func(t *testing.T) {
		gin.SetMode(gin.TestMode)
		w := httptest.NewRecorder()
		c, _ := gin.CreateTestContext(w)
		c.Request = &http.Request{
			Header: make(http.Header),
		}

		// Set X-Auth-Token header to a random value generated by rnd.AuthSecret().
		expected := rnd.AuthSecret()
		c.Request.Header.Add(XAuthToken, expected)

		// Check header for expected token.
		authToken := AuthToken(c)
		assert.Equal(t, expected, authToken)
		bearerToken := BearerToken(c)
		assert.Equal(t, "", bearerToken)
	})
}

func TestBearerToken(t *testing.T) {
	t.Run("None", func(t *testing.T) {
		gin.SetMode(gin.TestMode)
		w := httptest.NewRecorder()
		c, _ := gin.CreateTestContext(w)
		c.Request = &http.Request{
			Header: make(http.Header),
		}

		// No headers have been set, so no token should be returned.
		token := BearerToken(c)
		assert.Equal(t, "", token)
	})
	t.Run("Found", func(t *testing.T) {
		gin.SetMode(gin.TestMode)
		w := httptest.NewRecorder()
		c, _ := gin.CreateTestContext(w)
		c.Request = &http.Request{
			Header: make(http.Header),
		}

		// Add authorization header.
		SetAuthorization(c.Request, "69be27ac5ca305b394046a83f6fda18167ca3d3f2dbe7ac0")

		// Check result.
		token := BearerToken(c)
		assert.Equal(t, "69be27ac5ca305b394046a83f6fda18167ca3d3f2dbe7ac0", token)
	})
}

func TestAuthorization(t *testing.T) {
	t.Run("None", func(t *testing.T) {
		gin.SetMode(gin.TestMode)
		w := httptest.NewRecorder()
		c, _ := gin.CreateTestContext(w)
		c.Request = &http.Request{
			Header: make(http.Header),
		}

		// No headers have been set, so no token should be returned.
		authType, authToken := Authorization(c)
		assert.Equal(t, "", authType)
		assert.Equal(t, "", authToken)
	})
	t.Run("BearerToken", func(t *testing.T) {
		gin.SetMode(gin.TestMode)
		w := httptest.NewRecorder()
		c, _ := gin.CreateTestContext(w)
		c.Request = &http.Request{
			Header: make(http.Header),
		}

		// Add authorization header.
		c.Request.Header.Add(Auth, "Bearer 69be27ac5ca305b394046a83f6fda18167ca3d3f2dbe7ac0")

		// Check result.
		authType, authToken := Authorization(c)
		assert.Equal(t, AuthBearer, authType)
		assert.Equal(t, "69be27ac5ca305b394046a83f6fda18167ca3d3f2dbe7ac0", authToken)
	})
}

func TestBasicAuth(t *testing.T) {
	t.Run("None", func(t *testing.T) {
		gin.SetMode(gin.TestMode)
		w := httptest.NewRecorder()
		c, _ := gin.CreateTestContext(w)
		c.Request = &http.Request{
			Header: make(http.Header),
		}

		// No headers have been set, so no token should be returned.
		user, pass, key := BasicAuth(c)
		assert.Equal(t, "", user)
		assert.Equal(t, "", pass)
		assert.Equal(t, "", key)
	})
	t.Run("Found", func(t *testing.T) {
		gin.SetMode(gin.TestMode)
		w := httptest.NewRecorder()
		c, _ := gin.CreateTestContext(w)
		c.Request = &http.Request{
			Header: make(http.Header),
		}

		// Add authorization header.
		c.Request.Header.Add(Auth, AuthBasic+" QWxhZGRpbjpvcGVuIHNlc2FtZQ==")

		// Check result.
		user, pass, key := BasicAuth(c)
		assert.Equal(t, "Aladdin", user)
		assert.Equal(t, "open sesame", pass)
		assert.Equal(t, "0cdb723383eb144043424a4a254461658d887396", key)
	})
}