package auth

import (
	"os"
	"testing"
	"time"

	"code.secondbit.org/uuid.hg"
)

func init() {
	if os.Getenv("PG_TEST_DB") != "" {
		p, err := NewPostgres(os.Getenv("PG_TEST_DB"))
		if err != nil {
			panic(err)
		}
		tokenStores = append(tokenStores, &p)
	}
}

var tokenStores = []tokenStore{NewMemstore()}

func compareTokens(token1, token2 Token) (success bool, field string, val1, val2 interface{}) {
	if token1.AccessToken != token2.AccessToken {
		return false, "access token", token1.AccessToken, token2.AccessToken
	}
	if token1.RefreshToken != token2.RefreshToken {
		return false, "refresh token", token1.RefreshToken, token2.RefreshToken
	}
	if !token1.Created.Equal(token2.Created) {
		return false, "created", token1.Created, token2.Created
	}
	if token1.CreatedFrom != token2.CreatedFrom {
		return false, "created from", token1.CreatedFrom, token2.CreatedFrom
	}
	if token1.ExpiresIn != token2.ExpiresIn {
		return false, "expires in", token1.ExpiresIn, token2.ExpiresIn
	}
	if token1.TokenType != token2.TokenType {
		return false, "token type", token1.TokenType, token2.TokenType
	}
	if len(token1.Scopes) != len(token2.Scopes) {
		return false, "scopes", token1.Scopes, token2.Scopes
	}
	for pos, scope := range token1.Scopes {
		if scope != token2.Scopes[pos] {
			return false, "scopes", token1.Scopes, token2.Scopes
		}
	}
	if !token1.ProfileID.Equal(token2.ProfileID) {
		return false, "profile ID", token1.ProfileID, token2.ProfileID
	}
	if token1.Revoked != token2.Revoked {
		return false, "revoked", token1.Revoked, token2.Revoked
	}
	return true, "", nil, nil
}

func TestTokenStoreSuccess(t *testing.T) {
	t.Parallel()
	token := Token{
		AccessToken:  "access",
		RefreshToken: "refresh",
		Created:      time.Now().Round(time.Millisecond),
		ExpiresIn:    3600,
		TokenType:    "bearer",
		Scopes:       stringsToScopes([]string{"scope"}),
		ProfileID:    uuid.NewID(),
	}
	for _, store := range tokenStores {
		context := Context{tokens: store}
		retrievedAccess, err := context.GetToken(token.AccessToken, false)
		if err == nil {
			t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedAccess)
		} else if err != ErrTokenNotFound {
			t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
		}
		retrievedRefresh, err := context.GetToken(token.RefreshToken, true)
		if err == nil {
			t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedRefresh)
		} else if err != ErrTokenNotFound {
			t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
		}
		err = context.RevokeToken(token.RefreshToken)
		if err != ErrTokenNotFound {
			t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
		}
		err = context.SaveToken(token)
		if err != nil {
			t.Errorf("Error saving token to %T: %s", store, err)
		}
		err = context.SaveToken(token)
		if err != ErrTokenAlreadyExists {
			t.Errorf("Expected ErrTokenAlreadyExists from %T, got %s", store, err)
		}
		retrievedAccess, err = context.GetToken(token.AccessToken, false)
		if err != nil {
			t.Errorf("Error retrieving token from %T: %s", store, err)
		}
		success, field, expectation, result := compareTokens(token, retrievedAccess)
		if !success {
			t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
		}
		retrievedRefresh, err = context.GetToken(token.RefreshToken, true)
		if err != nil {
			t.Errorf("Error retrieving refresh token from %T: %s", store, err)
		}
		success, field, expectation, result = compareTokens(token, retrievedRefresh)
		if !success {
			t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
		}
		retrievedProfile, err := context.GetTokensByProfileID(token.ProfileID, 25, 0)
		if err != nil {
			t.Errorf("Error retrieving token by profile from %T: %s", store, err)
		}
		if len(retrievedProfile) != 1 {
			t.Errorf("Expected 1 token retrieved by profile ID from %T, got %+v", store, retrievedProfile)
		}
		success, field, expectation, result = compareTokens(token, retrievedProfile[0])
		if !success {
			t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
		}
		err = context.RevokeToken(token.RefreshToken)
		if err != nil {
			t.Errorf("Error revoking token in %T: %s", store, err)
		}
		retrievedRevoked, err := context.GetToken(token.AccessToken, false)
		if err != nil {
			t.Errorf("Error retrieving token from %T: %s", store, err)
		}
		token.Revoked = true
		success, field, expectation, result = compareTokens(token, retrievedRevoked)
		if !success {
			t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
		}
	}
}

// BUG(paddy): We need to test the refreshTokenValidate function.
// BUG(paddy): We need to test the refreshTokenInvalidate function.