import pytest
from django.contrib.auth.models import Group
from oauthlib.common import Request

from mainsite.oauth2 import validators
from peeringdb_server import models

from .util import reset_group_ids


@pytest.fixture
def organization():
    reset_group_ids()
    return models.Organization.objects.create(name="test org", status="ok")


@pytest.fixture(autouse=True)
def network(organization):
    return models.Network.objects.create(
        name="test network", org=organization, asn=123, status="ok"
    )


@pytest.fixture
def verified_user(organization):
    user_group = Group.objects.get(name="user")

    user = models.User.objects.create_user(
        "testuser", "testuser@example.net", first_name="Test", last_name="User"
    )

    # This makes the user verified
    user_group.user_set.add(user)

    organization.usergroup.user_set.add(user)
    return user


@pytest.fixture
def oauth_request(verified_user):
    request = Request("/")
    request.user = verified_user
    request.scopes = []
    request.client = None
    request.decoded_body = [("code", "testcode")]
    return request


@pytest.mark.django_db
def test_oidc_validator_produces_profile_claims(oauth_request):
    oauth_request.scopes = ["openid", "profile"]
    validator = validators.OIDCValidator()
    claims = validator.get_oidc_claims(None, None, oauth_request)

    assert claims == {
        "sub": f"{oauth_request.user.id}",
        "id": oauth_request.user.id,
        "family_name": "User",
        "given_name": "Test",
        "name": "Test User",
        "verified_user": True,
        "email": None,
        "email_verified": None,
        "networks": None,
        "amr": [],
    }


@pytest.mark.django_db
def test_oidc_validator_produces_email_claims(oauth_request):
    oauth_request.scopes = ["openid", "email"]
    validator = validators.OIDCValidator()
    claims = validator.get_oidc_claims(None, None, oauth_request)

    assert claims == {
        "sub": f"{oauth_request.user.id}",
        "id": None,
        "family_name": None,
        "given_name": None,
        "verified_user": None,
        "name": None,
        "email": "testuser@example.net",
        "email_verified": False,
        "networks": None,
        "amr": [],
    }


@pytest.mark.django_db
def test_oidc_validator_produces_network_claims(oauth_request, network):
    oauth_request.scopes = ["openid", "networks"]
    validator = validators.OIDCValidator()
    claims = validator.get_oidc_claims(None, None, oauth_request)

    assert claims == {
        "sub": f"{oauth_request.user.id}",
        "id": None,
        "family_name": None,
        "given_name": None,
        "verified_user": None,
        "name": None,
        "email": None,
        "email_verified": None,
        "networks": [
            {
                "id": network.id,
                "asn": 123,
                "name": "test network",
                "perms": 1,
            },
        ],
        "amr": [],
    }