''' Tests for ordr2.resources.account '''

import pytest

from pyramid.testing import DummyRequest

from .. import app_config, dbsession, get_user

# helper function

def get_root_resource(role_name=None, **kwargs):
    ''' return a root resource '''
    from ordr2.resources import RootResource
    user = get_user(role_name) if role_name else None
    request = DummyRequest(user=user, **kwargs)
    return RootResource(request)


# tests for token resources

def test_registration_token_acl():
    ''' test the access controll list of the registration token resource '''
    from pyramid.security import Allow, Authenticated, Deny, Everyone, DENY_ALL
    from ordr2.resources.account import RegistrationToken

    root = get_root_resource()
    resource = RegistrationToken(None, root, None)

    assert resource.__acl__() == [
        (Deny, Authenticated, 'register'),
        (Allow, Everyone, 'register'),
        DENY_ALL
        ]


def test_email_verification_token_acl(app_config):
    ''' test the access controll list of the email token resource '''
    from pyramid.security import Allow, Authenticated, Deny, Everyone, DENY_ALL
    from ordr2.models.account import User, Token
    from ordr2.resources.account import EmailVerificationToken

    root = get_root_resource('user')
    token = Token(owner=root.request.user)
    resource = EmailVerificationToken(None, root, token)

    assert resource.__acl__() == [(Allow, 'user:3', 'settings'), DENY_ALL]


def test_password_reset_token_acl():
    ''' test the access controll list of the password token resource '''
    from pyramid.security import Allow, Everyone, DENY_ALL
    from ordr2.resources.account import ForgottenPasswordToken

    root = get_root_resource()
    resource = ForgottenPasswordToken(None, root, None)

    assert resource.__acl__() == [
        (Allow, Everyone, 'reset password'),
        DENY_ALL
        ]


def test_account_resource_init():
    ''' test __init__ function of base resource '''
    from ordr2.resources.account import AccountResource

    root = get_root_resource('user')
    resource = AccountResource('resource name', root)

    assert resource.__name__ == 'resource name'
    assert resource.__parent__ == root
    assert resource.request == root.request
    assert resource.model == root.request.user


def test_account_resource_acl():
    ''' test the access controll list of the account resource '''
    from pyramid.security import Allow, Authenticated, Deny, Everyone, DENY_ALL
    from ordr2.resources.account import AccountResource

    root = get_root_resource()
    resource = AccountResource('resource name', root)

    assert resource.__acl__() == [
            (Allow, Everyone, 'login'),
            (Allow, Everyone, 'logout'),
            (Deny, Authenticated, 'register'),
            (Allow, Everyone, 'register'),
            (Allow, Everyone, 'reset password'),
            (Allow, Authenticated, 'settings'),
            DENY_ALL
        ]


def test_account_resource_getitem_token_ok(app_config, dbsession):
    ''' test __getitem__ method returns correct token '''
    from ordr2.models.account import TokenSubject
    from ordr2.resources.account import (
        AccountResource,
        EmailVerificationToken
        )

    root = get_root_resource('user', dbsession=dbsession)
    user = root.request.user
    dbsession.add(user)
    hash = user.issue_token(root.request, TokenSubject.CHANGE_EMAIL)
    account = AccountResource(None, root)
    resource = account[hash]

    assert isinstance(resource, EmailVerificationToken)
    assert resource.__name__ == hash
    assert resource.__parent__ == account
    assert resource.model.hash == hash
    assert resource.model.owner == root.request.user


def test_account_resource_getitem_token_not_found(dbsession):
    ''' test __getitem__ raises KeyError on unknown token hash '''
    from ordr2.resources.account import AccountResource

    root = get_root_resource('user', dbsession=dbsession)
    account = AccountResource(None, root)

    with pytest.raises(KeyError):
        resource = account['unknown token hash']


def test_account_resource_getitem_token_expired(dbsession):
    ''' test __getitem__ raises KeyError on unknown token hash '''
    from datetime import datetime
    from ordr2.models.account import Token, TokenSubject
    from ordr2.resources.account import (
        AccountResource,
        EmailVerificationToken
        )

    root = get_root_resource('user', dbsession=dbsession)
    token = Token.issue(
        root.request,
        root.request.user,
        TokenSubject.CHANGE_EMAIL
        )
    token.expires = datetime(year=2000, month=1, day=1)
    dbsession.add(token)
    account = AccountResource(None, root)

    with pytest.raises(KeyError) as excinfo:
        resource = account[token.hash]
        assert f'Token {token.hash} has expired' in str(excinfo.value)