<!--

Copyright 2017 Lars Wirzenius

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

-->

# Scenario step implementations for locally managed Qvisqve

## Configure Qvisqve and its API client

    IMPLEMENTS GIVEN an API client "(\S+)"
    V['client_id'] = get_next_match()

    IMPLEMENTS GIVEN API client has secret "(.+)"
    V['client_secret'] = get_next_match()

    IMPLEMENTS GIVEN API client has allowed scopes "(.+)"
    scopes = get_next_match()
    V['allowed_scopes'] = scopes.split()

    IMPLEMENTS GIVEN API client has subject "(.+)"
    sub = get_next_match()
    V['sub'] = sub

    IMPLEMENTS GIVEN a Qvisqve configuration for "(.+)"
    V['iss'] = get_next_match()

    IMPLEMENTS GIVEN Qvisqve configuration has a token lifetime of (\d+)
    V['lifetime'] = int(get_next_match())

    IMPLEMENTS GIVEN Qvisqve configuration has user account (\S+) with password (\S+)
    username = get_next_match()
    password = get_next_match()
    user = {
        'password': password,
    }
    users = V['users'] or {}
    users[username] = {'password': password}
    V['users'] = users

    IMPLEMENTS GIVEN Qvisqve configuration allows user (\S+) scopes (.+)
    username = get_next_match()
    scopes = get_next_match()
    users = V['users']
    print('users', users)
    user = users[username]
    user['scopes'] = scopes.split()
    users[username] = user
    V['users'] = users

    IMPLEMENTS GIVEN Qvisqve configuration has application (\S+) with callback url (\S+) and secret (\S+) and allowed scopes (.+)
    app = get_next_match()
    callback = get_next_match()
    secret = get_next_match()
    scopestr = get_next_match()
    # FIXME: store secret somewhere
    V['applications'] = { app: callback }
    V['client_id'] = app
    V['client_secret'] = secret
    V['allowed_scopes'] = scopestr.split()


## Authentication setup

    IMPLEMENTS GIVEN an RSA key pair for token signing
    argv = [
        os.path.join(srcdir, 'generate-rsa-key'),
        'token.key',
    ]
    cliapp.runcmd(argv, stdout=None, stderr=None)

    IMPLEMENTS GIVEN an access token for (\S+) with scopes (.+)
    user = get_next_match()
    scopes = get_next_match()
    key = V['privkey']
    issuer = V['iss']
    audience = V['aud']
    token = create_token(key, issuer, audience, scopes)
    V['token'] = token

## Start Qvisqve

    IMPLEMENTS GIVEN a running Qvisqve instance
    start_qvisqve()
    assert V['API_URL'] is not None

## Stop a Qvisqve we started

    IMPLEMENTS FINALLY Qvisqve is stopped
    stop_qvisqve()