package handlers

import (
	"testing"

	"github.com/stretchr/testify/suite"

	"github.com/authelia/authelia/v4/internal/authorization"
	"github.com/authelia/authelia/v4/internal/configuration/schema"
	"github.com/authelia/authelia/v4/internal/mocks"
)

type SecondFactorAvailableMethodsFixture struct {
	suite.Suite
	mock *mocks.MockAutheliaCtx
}

func (s *SecondFactorAvailableMethodsFixture) SetupTest() {
	s.mock = mocks.NewMockAutheliaCtx(s.T())
	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&schema.Configuration{
		AccessControl: schema.AccessControlConfiguration{
			DefaultPolicy: "deny",
			Rules:         []schema.ACLRule{},
		}})
}

func (s *SecondFactorAvailableMethodsFixture) TearDownTest() {
	s.mock.Close()
}

func (s *SecondFactorAvailableMethodsFixture) TestShouldServeDefaultMethods() {
	s.mock.Ctx.Configuration = schema.Configuration{
		TOTP: &schema.TOTPConfiguration{
			Period: schema.DefaultTOTPConfiguration.Period,
		},
	}
	expectedBody := ConfigurationBody{
		AvailableMethods:    []string{"totp", "u2f"},
		SecondFactorEnabled: false,
		TOTPPeriod:          schema.DefaultTOTPConfiguration.Period,
	}

	ConfigurationGet(s.mock.Ctx)
	s.mock.Assert200OK(s.T(), expectedBody)
}

func (s *SecondFactorAvailableMethodsFixture) TestShouldServeDefaultMethodsAndMobilePush() {
	s.mock.Ctx.Configuration = schema.Configuration{
		DuoAPI: &schema.DuoAPIConfiguration{},
		TOTP: &schema.TOTPConfiguration{
			Period: schema.DefaultTOTPConfiguration.Period,
		},
	}
	expectedBody := ConfigurationBody{
		AvailableMethods:    []string{"totp", "u2f", "mobile_push"},
		SecondFactorEnabled: false,
		TOTPPeriod:          schema.DefaultTOTPConfiguration.Period,
	}

	ConfigurationGet(s.mock.Ctx)
	s.mock.Assert200OK(s.T(), expectedBody)
}

func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsDisabledWhenNoRuleIsSetToTwoFactor() {
	s.mock.Ctx.Configuration = schema.Configuration{
		TOTP: &schema.TOTPConfiguration{
			Period: schema.DefaultTOTPConfiguration.Period,
		},
	}
	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(
		&schema.Configuration{
			AccessControl: schema.AccessControlConfiguration{
				DefaultPolicy: "bypass",
				Rules: []schema.ACLRule{
					{
						Domains: []string{"example.com"},
						Policy:  "deny",
					},
					{
						Domains: []string{"abc.example.com"},
						Policy:  "single_factor",
					},
					{
						Domains: []string{"def.example.com"},
						Policy:  "bypass",
					},
				},
			}})
	ConfigurationGet(s.mock.Ctx)
	s.mock.Assert200OK(s.T(), ConfigurationBody{
		AvailableMethods:    []string{"totp", "u2f"},
		SecondFactorEnabled: false,
		TOTPPeriod:          schema.DefaultTOTPConfiguration.Period,
	})
}

func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabledWhenDefaultPolicySetToTwoFactor() {
	s.mock.Ctx.Configuration = schema.Configuration{
		TOTP: &schema.TOTPConfiguration{
			Period: schema.DefaultTOTPConfiguration.Period,
		},
	}
	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&schema.Configuration{
		AccessControl: schema.AccessControlConfiguration{
			DefaultPolicy: "two_factor",
			Rules: []schema.ACLRule{
				{
					Domains: []string{"example.com"},
					Policy:  "deny",
				},
				{
					Domains: []string{"abc.example.com"},
					Policy:  "single_factor",
				},
				{
					Domains: []string{"def.example.com"},
					Policy:  "bypass",
				},
			},
		}})
	ConfigurationGet(s.mock.Ctx)
	s.mock.Assert200OK(s.T(), ConfigurationBody{
		AvailableMethods:    []string{"totp", "u2f"},
		SecondFactorEnabled: true,
		TOTPPeriod:          schema.DefaultTOTPConfiguration.Period,
	})
}

func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabledWhenSomePolicySetToTwoFactor() {
	s.mock.Ctx.Configuration = schema.Configuration{
		TOTP: &schema.TOTPConfiguration{
			Period: schema.DefaultTOTPConfiguration.Period,
		},
	}
	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(
		&schema.Configuration{
			AccessControl: schema.AccessControlConfiguration{
				DefaultPolicy: "bypass",
				Rules: []schema.ACLRule{
					{
						Domains: []string{"example.com"},
						Policy:  "deny",
					},
					{
						Domains: []string{"abc.example.com"},
						Policy:  "two_factor",
					},
					{
						Domains: []string{"def.example.com"},
						Policy:  "bypass",
					},
				},
			}})
	ConfigurationGet(s.mock.Ctx)
	s.mock.Assert200OK(s.T(), ConfigurationBody{
		AvailableMethods:    []string{"totp", "u2f"},
		SecondFactorEnabled: true,
		TOTPPeriod:          schema.DefaultTOTPConfiguration.Period,
	})
}

func TestRunSuite(t *testing.T) {
	s := new(SecondFactorAvailableMethodsFixture)
	suite.Run(t, s)
}