import base64
import unittest

import distixapi


class GetCredentialsTests(unittest.TestCase):

    def test_raises_error_if_no_Authentication_header(self):
        request = DummyRequest()
        with self.assertRaises(distixapi.AuthenticationError):
            distixapi.get_credentials(request)

    def test_raises_error_if_empty_Authentication_header(self):
        request = DummyRequest()
        request.add_header('Authorization', '')
        with self.assertRaises(distixapi.AuthenticationError):
            distixapi.get_credentials(request)

    def test_raises_error_if_not_BasicAuth_header(self):
        request = DummyRequest()
        request.add_header('Authorization', 'Bearer token')
        with self.assertRaises(distixapi.AuthenticationError):
            distixapi.get_credentials(request)

    def test_raises_error_if_no_BasicAuth_value(self):
        request = DummyRequest()
        request.add_header('Authorization', 'Basic')
        with self.assertRaises(distixapi.AuthenticationError):
            distixapi.get_credentials(request)

    def test_returns_username_password(self):
        username = 'fooser'
        password = 'secret'
        request = make_request(username, password)
        u, p = distixapi.get_credentials(request)
        self.assertEqual(username, u)
        self.assertEqual(password, p)


class EncryptPasswordTests(unittest.TestCase):

    def test_returns_value_not_containing_cleartext_password(self):
        cleartext = 'secret'
        salt = 'salt'
        encrypted = distixapi.encrypt_password(salt, cleartext)
        self.assertFalse(cleartext in encrypted)

    def test_returns_different_values_with_different_salt(self):
        cleartext = 'secret'
        salt_1 = 'salt'
        salt_2 = 'salt2'
        encrypted_1 = distixapi.encrypt_password(salt_1, cleartext)
        encrypted_2 = distixapi.encrypt_password(salt_2, cleartext)
        self.assertNotEqual(encrypted_1, encrypted_2)


class PasswordCheckingTests(unittest.TestCase):

    def test_raises_exception_if_user_not_known(self):
        users = {
            'users': [],
        }
        request = make_request('unknown', 'password')
        with self.assertRaises(distixapi.AuthenticationError):
            distixapi.get_scopes(users, request)

    def test_raises_exception_if_password_is_wrong(self):
        username = 'fooser'
        salt = 'nacl'
        password = 'passwooooord'
        wrong_password = password + 'foo'
        scopes = ['get', 'put']

        users = {
            'users': {
                username: {
                    'salt': salt,
                    'password': distixapi.encrypt_password(salt, password),
                    'name': 'J. Random User',
                    'scopes': scopes,
                }
            },
        }

        request = make_request(username, wrong_password)
        with self.assertRaises(distixapi.AuthenticationError):
            distixapi.get_scopes(users, request)

    def test_returns_scopes_for_correct_creds(self):
        username = 'fooser'
        salt = 'nacl'
        password = 'passwooooord'
        scopes = ['get', 'put']

        users = {
            'users': {
                username: {
                    'salt': salt,
                    'password': distixapi.encrypt_password(salt, password),
                    'name': 'J. Random User',
                    'scopes': scopes,
                }
            },
        }

        request = make_request(username, password)
        self.assertEqual(distixapi.get_scopes(users, request), scopes)


class DummyRequest(object):

    def __init__(self):
        self._headers = {}

    def add_header(self, header, value):
        self._headers[header] = value

    def get_header(self, header):
        return self._headers.get(header)


def make_request(username, password):
    value = base64.b64encode('{}:{}'.format(username, password))
    request = DummyRequest()
    request.add_header('Authorization', 'Basic {}'.format(value))
    return request