''' Tests for ordr2.security '''

import pytest

from . import app_config, dbsession, create_users


# tests for ordr2.security.AuthenticationPolicy

def test_authenticated_userid_no_user():
    ''' test if authenticated user id is None if no active user present '''
    from pyramid.testing import DummyRequest
    from ordr2.security import AuthenticationPolicy

    request = DummyRequest(user=None)
    policy = AuthenticationPolicy(secret='')

    assert policy.authenticated_userid(request) is None


def test_authenticated_userid_with_user():
    ''' test if authenticated user id is the id of the user '''
    from pyramid.testing import DummyRequest
    from ordr2.models import User
    from ordr2.security import AuthenticationPolicy

    user = User(id=3)
    request = DummyRequest(user=user)
    policy = AuthenticationPolicy(secret='')

    assert policy.authenticated_userid(request) == 3


def test_effective_principals_no_user():
    ''' test the effective principals if no user is authenticated '''
    from pyramid.testing import DummyRequest
    from pyramid.security import Everyone
    from ordr2.security import AuthenticationPolicy

    request = DummyRequest(user=None)
    policy = AuthenticationPolicy(secret='')

    assert policy.effective_principals(request) == [Everyone]


@pytest.mark.parametrize(
    'role_name, role_principals', [
        ('UNVALIDATED', ['role:unvalidated']),
        ('NEW', ['role:new']),
        ('USER', ['role:user']),
        ('PURCHASER', ['role:purchaser', 'role:user']),
        ('ADMIN', ['role:admin', 'role:purchaser', 'role:user']),
        ('INACTIVE', ['role:inactive'])
        ]
    )
def test_effective_principals_with_user(role_name, role_principals):
    ''' test the effective principals if a user is authenticated '''
    from pyramid.testing import DummyRequest
    from pyramid.security import Authenticated, Everyone
    from ordr2.models import User, Role
    from ordr2.security import AuthenticationPolicy

    role = Role[role_name]
    user = User(id=3, role=role)
    request = DummyRequest(user=user)
    policy = AuthenticationPolicy(secret='')

    expected = [Everyone, Authenticated, 'user:3']
    expected.extend(role_principals)
    assert policy.effective_principals(request) == expected


# tests for the get_user function

def test_get_user_no_unauthenticated_user_id():
    ''' get_user() should return None if unauthenticated_userid is None '''
    from pyramid.testing import DummyRequest
    from ordr2.security import get_user

    request = DummyRequest(unauthenticated_userid=None)

    assert get_user(request) is None


@pytest.mark.parametrize(
    'user_id', [
        3,  # active user, must work
        pytest.mark.xfail(1),  # inactive user, must fail
        pytest.mark.xfail(1969),  # unknown user id, must fail
        ]
    )
def test_get_user_no_unauthenticated_user_id(user_id, dbsession):
    ''' get_user() should return None if unauthenticated_userid is None '''
    from collections import namedtuple
    from ordr2.models import User, Role
    from ordr2.security import get_user

    create_users(dbsession)
    # pyramid.testing.DummyRequest can't be used, since the parameter
    # unauthenticated_userid cannot be set. A named tuple is used instead
    Request = namedtuple('Request', 'dbsession, unauthenticated_userid')
    request = Request(dbsession=dbsession, unauthenticated_userid=user_id)
    user = get_user(request)

    assert isinstance(user, User)