#!/usr/bin/env perl
use warnings;
use strict;

use lib 't/lib';
use Test::More tests => 70;
use TestApp::Plugin::OAuth::Test;

use Jifty::Test::WWW::Mechanize;

# setup {{{
start_server();
# create two consumers {{{
my $consumer = Jifty::Plugin::OAuth::Model::Consumer->new(current_user => Jifty::CurrentUser->superuser);
my ($ok, $msg) = $consumer->create(
    consumer_key => 'foo',
    secret       => 'bar',
    name         => 'FooBar Industries',
    url          => 'http://foo.bar.example.com',
    rsa_key      => $pubkey,
);
ok($ok, $msg);

my $rsaless = Jifty::Plugin::OAuth::Model::Consumer->new(current_user => Jifty::CurrentUser->superuser);
($ok, $msg) = $rsaless->create(
    consumer_key => 'foo2',
    secret       => 'bar2',
    name         => 'Backwater.org',
    url          => 'http://backwater.org',
);
ok($ok, $msg);
# }}}
# create user and log in {{{
my $u = TestApp::Plugin::OAuth::Model::User->new(current_user => TestApp::Plugin::OAuth::CurrentUser->superuser);
$u->create( name => 'You Zer', email => 'youzer@example.com', password => 'secret', email_confirmed => 1);
ok($u->id, "New user has valid id set");

$umech->get_ok($URL . '/login');
$umech->fill_in_action_ok($umech->moniker_for('TestApp::Plugin::OAuth::Action::Login'), email => 'youzer@example.com', password => 'secret');
$umech->submit;
$umech->content_contains('Logout');
# }}}
# }}}
# basic working access token {{{
get_authorized_token();
my $request_token = $token_obj->token;
response_is(
    url                    => '/oauth/access_token',
    code                   => 200,
    testname               => "200 - plaintext signature",
    consumer_secret        => 'bar',
    oauth_consumer_key     => 'foo',
    oauth_signature_method => 'PLAINTEXT',
);
isnt($token_obj->token, $request_token, "different token for request and access");
# }}}
# try to get an access token from denied request token {{{
get_request_token();
deny_ok();
response_is(
    url                    => '/oauth/access_token',
    code                   => 401,
    testname               => "401 - denied token",
    consumer_secret        => 'bar',
    oauth_consumer_key     => 'foo',
    oauth_signature_method => 'PLAINTEXT',
);
# }}}
# try to get an access token as a different consumer {{{
get_authorized_token();
$request_token = $token_obj;
response_is(
    url                    => '/oauth/access_token',
    code                   => 401,
    testname               => "401 - denied token",
    consumer_secret        => 'bar2',
    oauth_consumer_key     => 'foo2',
    oauth_signature_method => 'PLAINTEXT',
);
# }}}
# get that same access token as the original consumer {{{
$token_obj = $request_token;
response_is(
    url                    => '/oauth/access_token',
    code                   => 200,
    testname               => "200 - got token",
    consumer_secret        => 'bar',
    oauth_consumer_key     => 'foo',
    oauth_signature_method => 'PLAINTEXT',
);
# }}}
# same timestamp, different nonce {{{
get_authorized_token();
--$timestamp;
response_is(
    url                    => '/oauth/access_token',
    code                   => 200,
    testname               => "200 - plaintext signature",
    consumer_secret        => 'bar',
    oauth_consumer_key     => 'foo',
    oauth_signature_method => 'PLAINTEXT',
    oauth_nonce            => 'kjfh',
);
# }}}
# different timestamp, same nonce {{{
get_authorized_token();
response_is(
    url                    => '/oauth/access_token',
    code                   => 200,
    testname               => "200 - plaintext signature",
    consumer_secret        => 'bar',
    oauth_consumer_key     => 'foo',
    oauth_signature_method => 'PLAINTEXT',
    oauth_nonce            => 'kjfh',
);
# }}}
# duplicate timestamp and nonce as previous access token {{{
get_authorized_token();
$timestamp -= 2;
response_is(
    url                    => '/oauth/access_token',
    code                   => 401,
    testname               => "401 - duplicate ts/nonce as previous access",
    consumer_secret        => 'bar',
    oauth_consumer_key     => 'foo',
    oauth_signature_method => 'PLAINTEXT',
);
$timestamp += 100;
# }}}
# duplicate timestamp and nonce as request token {{{
get_authorized_token();
--$timestamp;
response_is(
    url                    => '/oauth/access_token',
    code                   => 401,
    testname               => "401 - duplicate ts/nonce for request token",
    consumer_secret        => 'bar',
    oauth_consumer_key     => 'foo',
    oauth_signature_method => 'PLAINTEXT',
);
# }}}
# same request token {{{
$token_obj = $request_token;
response_is(
    url                    => '/oauth/access_token',
    code                   => 401,
    testname               => "401 - already used",
    consumer_secret        => 'bar',
    oauth_consumer_key     => 'foo',
    oauth_signature_method => 'PLAINTEXT',
);
# }}}
# expired request token {{{
get_authorized_token();
$token_obj->set_valid_until(DateTime->now(time_zone => "GMT")->subtract(days => 1));
response_is(
    url                    => '/oauth/access_token',
    code                   => 401,
    testname               => "401 - expired",
    consumer_secret        => 'bar',
    oauth_consumer_key     => 'foo',
    oauth_signature_method => 'PLAINTEXT',
);
# }}}
# wrong consumer secret {{{
get_authorized_token();
response_is(
    url                    => '/oauth/access_token',
    code                   => 401,
    testname               => "401 - wrong secret",
    consumer_secret        => 'bah!',
    oauth_consumer_key     => 'foo',
    oauth_signature_method => 'PLAINTEXT',
);
# }}}