package kekskurseauth

import (
	"fmt"
	"testing"

	"github.com/stretchr/testify/assert"
)

func TestNewAuthWithConfig(t *testing.T) {
	config := AuthConfig{}
	config.TokenEndpoint = "http://localhost/something"
	client, err := NewAuthWithConfig(config, "abc", "def")
	assert.Equal(t, nil, err, "should return no error while creating Auth")
	assert.Equal(t, "http://localhost/something", client.config.TokenEndpoint, "should have currect config")
	assert.Equal(t, "abc", client.clientID, "should have stored currect clientid")
	assert.Equal(t, "def", client.clientSecret, "should have stored currect client secret")
}

func TestNewAuthWithConfigurationURL(t *testing.T) {
	client, err := NewAuthWithConfigurationURL("http://localhost:8084/openid-configuration", "abc", "def")
	assert.Nil(t, err, "should create client without any error")
	assert.Equal(t, "https://auth.keks.cloud/application/o/token/", client.config.TokenEndpoint, "token endpoint should match")
	assert.Equal(t, "abc", client.clientID, "should have stored currect clientid")
	assert.Equal(t, "def", client.clientSecret, "should have stored currect client secret")
}

func TestGetAuthorizationUrl(t *testing.T) {
	tts := []struct {
		name        string
		config      AuthConfig
		redirectURL string
		scops       []string
		state       string
		exptUrl     string
		exptError   error
	}{
		{
			name:      "error-config-has-no-url",
			exptError: ErrCantGetAuthorizationURL,
		},
		{
			name:    "plain-url",
			config:  AuthConfig{AuthorizationEndpoint: "http://localhost/something"},
			exptUrl: "http://localhost/something?client_id=abc&response_type=code",
		},
		{
			name:        "url-with-redirect-and-state",
			config:      AuthConfig{AuthorizationEndpoint: "http://localhost/something"},
			exptUrl:     "http://localhost/something?client_id=abc&redirect_uri=https%3A%2F%2Fexample.com&response_type=code&state=randomStateStringWith%C3%A4and%C3%B6ok",
			redirectURL: "https://example.com",
			state:       "randomStateStringWithäandöok",
		},
		{
			name:    "url-with-scopes",
			config:  AuthConfig{AuthorizationEndpoint: "http://localhost/something"},
			scops:   []string{"some", "söäüöäüßcopes"},
			exptUrl: "http://localhost/something?client_id=abc&response_type=code&scope=some%2Bs%C3%B6%C3%A4%C3%BC%C3%B6%C3%A4%C3%BC%C3%9Fcopes",
		},
	}

	for _, tt := range tts {
		t.Run(tt.name, func(t *testing.T) {
			client, err := NewAuthWithConfig(tt.config, "abc", "def")
			assert.Nil(t, err, "should be able to create client without error")

			url, err := client.GetAuthorizationURL(tt.redirectURL, tt.scops, tt.state)
			if tt.exptError == nil {
				assert.Nil(t, err, "should get link without error")
			} else {
				assert.ErrorIs(t, err, tt.exptError, "should return right error")
			}
			assert.Equal(t, tt.exptUrl, url, "should return right url")
		})
	}
}

func TestAuthenticLogin(t *testing.T) {
	client, err := NewAuthWithConfigurationURL("http://localhost:8084/openid-configuration", "abc", "def")
	assert.Nil(t, err, "should be able to create client without error")
	url, err := client.GetAuthorizationURL("http://localhost/something", []string{}, "")
	assert.Nil(t, err, "should be able to create url without error")
	fmt.Println(url)
}