#!perl

use strict;
use warnings;

use Test::More;
use Plack::Test;

use JSON;
use HTTP::Request::Common;

use Pinto::Server;
use Pinto::Constants qw(:protocol);

use lib 't/lib';
use Pinto::Tester;
use Pinto::Tester::Util qw(make_htpasswd_file);

#------------------------------------------------------------------------------
# Create a repository and configure server

my $t             = Pinto::Tester->new;
my @credentials   = qw(my_login my_password);
my $htpasswd_file = make_htpasswd_file(@credentials);
my $auth          = { backend => 'Passwd', path => $htpasswd_file->stringify };
my %opts          = ( root => $t->pinto->root, auth => $auth );
my $app           = Pinto::Server->new(%opts)->to_app;

my $auth_required_rx = qr/authorization required/i;
my @headers          = (Accept => $PINTO_PROTOCOL_ACCEPT);

#------------------------------------------------------------------------------

test_psgi
    app    => $app,
    client => sub {
    my $cb = shift;

    my $post_req = POST("/action/list", @headers);
    my $post_res = $cb->($post_req);

    ok !$post_res->is_success, 'POST request without authentication failed';
    like $post_res->content, $auth_required_rx, 'Expected content';

    my $get_req = GET("/init/modules/02packages.details.txt.gz");
    my $get_res = $cb->($get_req);

    ok !$get_res->is_success, 'GET request without authentication failed';
    like $get_res->content, $auth_required_rx, 'Expected content';

    };

#------------------------------------------------------------------------------

test_psgi
    app    => $app,
    client => sub {
    my $cb = shift;

    my $post_req = POST("/action/list", @headers);
    $post_req->authorization_basic(@credentials);
    my $post_res = $cb->($post_req);

    ok $post_res->is_success, 'POST request with correct password succeeded';
    like $post_res->content, qr{$PINTO_PROTOCOL_STATUS_OK\n$}, 'Got status-ok';

    my $get_req = GET("modules/02packages.details.txt.gz");
    $get_req->authorization_basic(@credentials);
    my $get_res = $cb->($get_req);

    ok $get_res->is_success, 'POST request with correct password succeeded';

    # TODO: maybe test headers, body.
    };

#------------------------------------------------------------------------------

test_psgi
    app    => $app,
    client => sub {
    my $cb = shift;

    my @bad_credentials = qw(my_login my_bogus_password);

    my $post_req = POST("/action/list", @headers);
    $post_req->authorization_basic(@bad_credentials);
    my $post_res = $cb->($post_req);

    ok !$post_res->is_success, 'POST request with invalid password failed';
    like $post_res->content, $auth_required_rx, 'Expected content';

    my $get_req = GET("/init/modules/02packages.details.txt.gz");
    $get_req->authorization_basic(@bad_credentials);
    my $get_res = $cb->($get_req);

    ok !$get_res->is_success, 'GET request without authentication failed';
    like $get_res->content, $auth_required_rx, 'Expected content';
    };

#------------------------------------------------------------------------------

done_testing;