<?php

namespace Engelsystem\Test\Unit\Helpers;

use Engelsystem\Helpers\Authenticator;
use Engelsystem\Models\User\User;
use Engelsystem\Test\Unit\HasDatabase;
use Engelsystem\Test\Unit\Helpers\Stub\UserModelImplementation;
use Engelsystem\Test\Unit\ServiceProviderTest;
use PHPUnit\Framework\MockObject\MockObject;
use Psr\Http\Message\ServerRequestInterface;
use Symfony\Component\HttpFoundation\Session\Session;

class AuthenticatorTest extends ServiceProviderTest
{
    use HasDatabase;

    /**
     * @covers \Engelsystem\Helpers\Authenticator::__construct(
     * @covers \Engelsystem\Helpers\Authenticator::user
     */
    public function testUser()
    {
        /** @var ServerRequestInterface|MockObject $request */
        $request = $this->getMockForAbstractClass(ServerRequestInterface::class);
        /** @var Session|MockObject $session */
        $session = $this->createMock(Session::class);
        /** @var UserModelImplementation|MockObject $userRepository */
        $userRepository = new UserModelImplementation();
        /** @var User|MockObject $user */
        $user = $this->createMock(User::class);

        $session->expects($this->exactly(3))
            ->method('get')
            ->with('user_id')
            ->willReturnOnConsecutiveCalls(
                null,
                42,
                1337
            );

        $auth = new Authenticator($request, $session, $userRepository);

        // Not in session
        $this->assertNull($auth->user());

        // Unknown user
        UserModelImplementation::$id = 42;
        $this->assertNull($auth->user());

        // User found
        UserModelImplementation::$id = 1337;
        UserModelImplementation::$user = $user;
        $this->assertEquals($user, $auth->user());

        // User cached
        UserModelImplementation::$id = null;
        UserModelImplementation::$user = null;
        $this->assertEquals($user, $auth->user());
    }

    /**
     * @covers \Engelsystem\Helpers\Authenticator::apiUser
     */
    public function testApiUser()
    {
        /** @var ServerRequestInterface|MockObject $request */
        $request = $this->getMockForAbstractClass(ServerRequestInterface::class);
        /** @var Session|MockObject $session */
        $session = $this->createMock(Session::class);
        /** @var UserModelImplementation|MockObject $userRepository */
        $userRepository = new UserModelImplementation();
        /** @var User|MockObject $user */
        $user = $this->createMock(User::class);

        $request->expects($this->exactly(3))
            ->method('getQueryParams')
            ->with()
            ->willReturnOnConsecutiveCalls(
                [],
                ['api_key' => 'iMaNot3xiSt1nGAp1Key!'],
                ['foo_key' => 'SomeSecretApiKey']
            );

        /** @var Authenticator|MockObject $auth */
        $auth = new Authenticator($request, $session, $userRepository);

        // No key
        $this->assertNull($auth->apiUser());

        // Unknown user
        UserModelImplementation::$apiKey = 'iMaNot3xiSt1nGAp1Key!';
        $this->assertNull($auth->apiUser());

        // User found
        UserModelImplementation::$apiKey = 'SomeSecretApiKey';
        UserModelImplementation::$user = $user;
        $this->assertEquals($user, $auth->apiUser('foo_key'));

        // User cached
        UserModelImplementation::$apiKey = null;
        UserModelImplementation::$user = null;
        $this->assertEquals($user, $auth->apiUser());
    }

    /**
     * @covers \Engelsystem\Helpers\Authenticator::can
     */
    public function testCan()
    {
        /** @var ServerRequestInterface|MockObject $request */
        $request = $this->getMockForAbstractClass(ServerRequestInterface::class);
        /** @var Session|MockObject $session */
        $session = $this->createMock(Session::class);
        /** @var UserModelImplementation|MockObject $userRepository */
        $userRepository = new UserModelImplementation();
        /** @var User|MockObject $user */
        $user = $this->createMock(User::class);

        $session->expects($this->once())
            ->method('get')
            ->with('user_id')
            ->willReturn(42);
        $session->expects($this->once())
            ->method('remove')
            ->with('user_id');

        /** @var Authenticator|MockObject $auth */
        $auth = $this->getMockBuilder(Authenticator::class)
            ->setConstructorArgs([$request, $session, $userRepository])
            ->onlyMethods(['getPermissionsByGroup', 'getPermissionsByUser', 'user'])
            ->getMock();
        $auth->expects($this->exactly(1))
            ->method('getPermissionsByGroup')
            ->with(-10)
            ->willReturn([]);
        $auth->expects($this->exactly(1))
            ->method('getPermissionsByUser')
            ->with($user)
            ->willReturn(['bar']);
        $auth->expects($this->exactly(2))
            ->method('user')
            ->willReturnOnConsecutiveCalls(null, $user);

        // No user, no permissions
        $this->assertFalse($auth->can('foo'));

        // User exists, has permissions
        $this->assertTrue($auth->can('bar'));

        // Permissions cached
        $this->assertTrue($auth->can('bar'));
    }

    /**
     * @covers \Engelsystem\Helpers\Authenticator::authenticate
     */
    public function testAuthenticate()
    {
        $this->initDatabase();

        /** @var ServerRequestInterface|MockObject $request */
        $request = $this->getMockForAbstractClass(ServerRequestInterface::class);
        /** @var Session|MockObject $session */
        $session = $this->createMock(Session::class);
        $userRepository = new User();

        (new User([
            'name'     => 'lorem',
            'password' => password_hash('testing', PASSWORD_DEFAULT),
            'email'    => 'lorem@foo.bar',
            'api_key'  => '',
        ]))->save();
        (new User([
            'name'     => 'ipsum',
            'password' => '',
            'email'    => 'ipsum@foo.bar',
            'api_key'  => '',
        ]))->save();

        $auth = new Authenticator($request, $session, $userRepository);
        $this->assertNull($auth->authenticate('not-existing', 'foo'));
        $this->assertNull($auth->authenticate('ipsum', 'wrong-password'));
        $this->assertInstanceOf(User::class, $auth->authenticate('lorem', 'testing'));
        $this->assertInstanceOf(User::class, $auth->authenticate('lorem@foo.bar', 'testing'));
    }

    /**
     * @covers \Engelsystem\Helpers\Authenticator::verifyPassword
     */
    public function testVerifyPassword()
    {
        $this->initDatabase();
        $password = password_hash('testing', PASSWORD_ARGON2I);
        $user = new User([
            'name'     => 'lorem',
            'password' => $password,
            'email'    => 'lorem@foo.bar',
            'api_key'  => '',
        ]);
        $user->save();

        /** @var Authenticator|MockObject $auth */
        $auth = $this->getMockBuilder(Authenticator::class)
            ->disableOriginalConstructor()
            ->onlyMethods(['setPassword'])
            ->getMock();

        $auth->expects($this->once())
            ->method('setPassword')
            ->with($user, 'testing');
        $auth->setPasswordAlgorithm(PASSWORD_BCRYPT);

        $this->assertFalse($auth->verifyPassword($user, 'randomStuff'));
        $this->assertTrue($auth->verifyPassword($user, 'testing'));
    }

    /**
     * @covers \Engelsystem\Helpers\Authenticator::setPassword
     */
    public function testSetPassword()
    {
        $this->initDatabase();
        $user = new User([
            'name'     => 'ipsum',
            'password' => '',
            'email'    => 'ipsum@foo.bar',
            'api_key'  => '',
        ]);
        $user->save();

        $auth = $this->getAuthenticator();
        $auth->setPasswordAlgorithm(PASSWORD_ARGON2I);

        $auth->setPassword($user, 'FooBar');
        $this->assertTrue($user->isClean());

        $this->assertTrue(password_verify('FooBar', $user->password));
        $this->assertFalse(password_needs_rehash($user->password, PASSWORD_ARGON2I));
    }

    /**
     * @covers \Engelsystem\Helpers\Authenticator::setPasswordAlgorithm
     * @covers \Engelsystem\Helpers\Authenticator::getPasswordAlgorithm
     */
    public function testPasswordAlgorithm()
    {
        $auth = $this->getAuthenticator();

        $auth->setPasswordAlgorithm(PASSWORD_ARGON2I);
        $this->assertEquals(PASSWORD_ARGON2I, $auth->getPasswordAlgorithm());
    }

    /**
     * @return Authenticator
     */
    protected function getAuthenticator()
    {
        return new class extends Authenticator
        {
            /** @noinspection PhpMissingParentConstructorInspection */
            public function __construct()
            {
            }
        };
    }
}