<?php

$_REDIRECT = false;
require(dirname(__DIR__) . '/../config/sneakerstrap.inc');       // and load the namaste environment
use  PHPUnit\Framework\TestCase;

class apiClientAuthTest extends TestCase
{
    protected ?gacBrokerClient $readBrokerClient = null;
    protected static ?array $meta = null;


    /**
     * setUpBeforeClass() -- public static unit test method
     *
     * this method is called first, and once, on execution.  This method calls the setUpBeforeClass() method and then
     * established the meta data payloads we'll use for client and admin event requests.
     *
     * NOTE:
     * -----
     * You have to ensure that the GUID value assigned to CLIENT_AUTH_TOKEN exists and that the same value has been
     * set in the gatTestMongo template constructor.
     *
     *
     * @author  mike@givingassistant.org
     * @version 1.0
     *
     *
     * HISTORY:
     * ========
     * 06-02-20     mks     ECI-108: original coding
     *
     */
    public static function setUpBeforeClass()
    {
        parent::setUpBeforeClass();

        // meta data (for namaste)
        static::$meta = [
            META_DO_CACHE => false,                     // disable cache-mapping for the request
            META_LIMIT => 1,                            // return one record only in the test-fetch query
            META_CLIENT => CLIENT_API_USER,             // simulate an API call to Namaste
            CLIENT_AUTH_TOKEN => '79344859-5403-1556-7663-4E34D6B4CBE4',
            META_CLIENT_IP => STRING_SESSION_HOME,
            META_SYSTEM_NOTES => STRING_ORIGIN_UT,
            META_TEMPLATE => TEMPLATE_CLASS_TEST_MONGO
        ];
    }


    /**
     * setUp() -- unit test reserved method
     *
     * the setUp method is executed prior to each test, executing the following tasks:
     *
     * 1. validate that the meta data persisted across tests
     * 2. validate that we successfully created a read-broker client
     *
     *
     * @author  mike@givingassistant.org
     * @version 1.0
     *
     *
     * HISTORY:
     * ========
     * 06-02-20     mks     ECI-108: original coding
     *
     */
    protected function setUp()
    {
        parent::setUp();
        $file = basename(__FILE__);
        // validate the meta data for the pending query
        $this->assertTrue(!empty(static::$meta), $file . AT . __LINE__ . COLON . ERROR_DATA_META_404);
        $this->assertTrue(is_array(static::$meta), $file . AT . __LINE__ . COLON . ERROR_META_INVALID_FORMAT_ARRAY);
        $this->assertTrue(array_key_exists(META_TEMPLATE, static::$meta), $file . AT . __LINE__ . COLON . ERROR_DATA_META_KEY_404 . META_TEMPLATE);
        $this->assertTrue(array_key_exists(CLIENT_AUTH_TOKEN, static::$meta), $file . AT . __LINE__ . COLON . ERROR_DATA_META_KEY_404 . CLIENT_AUTH_TOKEN);
        // create the read broker client
        $this->readBrokerClient = new gacBrokerClient(BROKER_QUEUE_R, $file . AT . __LINE__);
        $this->assertTrue($this->readBrokerClient->status, $file . AT . __LINE__ . COLON . ERROR_BROKER_QUEUE_DECLARE . BROKER_QUEUE_R);

    }


    /**
     * tearDown() -- unit test method
     *
     * This is the (reserved) tearDown method which is executed at the end of every test.  The method deletes the
     * current broker client to clean-up the heap.
     *
     *
     * @author  mike@givingassistant.org
     * @version 1.0
     *
     * HISTORY:
     * ========
     * 06-02-20     mks     ECI-108: original coding
     *
     */
    protected function tearDown()
    {
        if (is_object($this->readBrokerClient)) $this->readBrokerClient->__destruct();
        unset($this->readBrokerClient);
    }


    /**
     * testFetch() -- unit test method
     *
     * This test is a positive test - we expect this test to successfully fetch a random record with the implication
     * being that the request was validated in Namaste by comparing the meta-payload's auth key to the authKey token
     * stored in the template.
     *
     * As such, we don't really care about the return payload other than we returned a record, and only record.  We're
     * testing the ability to successfully fetch a record while mimic'ing an API request.  Tests for the accuracy of
     * the data are handled in other tests.
     *
     *
     * @author  mike@givingassistant.org
     * @version 1.0
     *
     * HISTORY:
     * ========
     * 06-02-20     mks     ECI-108: original coding
     *
     */
    /**
     */
    public function testFetch()
    {
        $meth = basename(__METHOD__);
        // assertions that the static data is set and accessible
        $this->assertTrue(is_array(static::$meta), sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
        $this->assertNotEmpty(static::$meta, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
        $query = null;    // fetch any active record
        // set-up the broker fetch payload
        $payload = [
            BROKER_REQUEST => BROKER_REQUEST_FETCH,
            BROKER_DATA => [
                STRING_QUERY_DATA => $query
            ],
            BROKER_META_DATA => static::$meta
        ];
        // submit generic fetch request to namaste read broker
        $response = json_decode(gzuncompress($this->readBrokerClient->call(gzcompress(json_encode($payload)))),true);
        // test the response payload
        $this->assertTrue($response[PAYLOAD_STATUS], sprintf(INFO_LOC, $meth, __LINE__) . sprintf(ERROR_UT_BROKER_EVENT_FAIL, BROKER_REQUEST_FETCH, $response[PAYLOAD_STATE]));
        $recCount = count($response[PAYLOAD_RESULTS][STRING_QUERY_RESULTS]);
        $this->assertEquals(1, $recCount, sprintf(INFO_LOC, $meth, __LINE__) . sprintf(ERROR_UT_INTEGER_MISMATCH, 1, $recCount));
    }


    /**
     * testNegativeNoAuthToken() -- unit test method
     *
     * This unit test is a negative test; we expect the request to Namaste to fail with the reason being is that we've
     * pulled/deleted the client-auth-token from the meta payload.  This should cause the request to be rejected by
     * namaste (in the functions.inc validation, rather than in the factory-class validation code) returning a meta
     * data error for the error state and an white-box error message.  (We'll test for both.)
     *
     * @author  mike@givingassistant.org
     * @version 1.0
     *
     *
     * HISTORY:
     * ========
     * 06-02-20     mks     ECI-108: original coding
     *
     */
    public function testNegativeNoAuthToken()
    {
        $meth = basename(__METHOD__);
        // assertions that the static data is set and accessible
        $this->assertTrue(is_array(static::$meta), sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
        $this->assertNotEmpty(static::$meta, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
        $metaCopy = static::$meta;
        unset($metaCopy[CLIENT_AUTH_TOKEN]);
        $this->assertArrayNotHasKey(CLIENT_AUTH_TOKEN, $metaCopy, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_GENERIC_FAIL . 'did not remove client auth key from meta copy');
        $query = null;
        $payload = [
            BROKER_REQUEST => BROKER_REQUEST_FETCH,
            BROKER_DATA => [
                STRING_QUERY_DATA => $query
            ],
            BROKER_META_DATA => $metaCopy
        ];
        // submit generic fetch request to namaste read broker
        $response = json_decode(gzuncompress($this->readBrokerClient->call(gzcompress(json_encode($payload)))),true);
        // we expect a failed (false) return because the meta payload is missing the client auth key token
        $this->assertFalse($response[PAYLOAD_STATUS], sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_EXPECTING_FALSE . PAYLOAD_STATUS);
        $this->assertEquals(STATE_META_ERROR, $response[PAYLOAD_STATE], sprintf($meth, __LINE__) . sprintf(ERROR_UT_STRING_MISMATCH, STATE_META_ERROR, $response[PAYLOAD_STATE]));
    }


    /**
     * testNegativeMalformedToken() -- unit test method
     *
     * This is another negative unit test; we expect this test to fail because we're passing a malformed token value
     * as the client-auth-token value.  As in the previous test, this request should be rejected by Namaste at the
     * broker-level instead of allowing the request to proceed deeper into the class-instantiation level.
     *
     *
     * @author  mike@givingassistant.org
     * @version 1.0
     *
     * HISTORY:
     * ========
     * 06-02-20     mks     ECI-108: original coding
     *
     */
    public function testNegativeMalformedToken()
    {
        $meth = basename(__METHOD__);
        // assertions that the static data is set and accessible
        $this->assertTrue(is_array(static::$meta), sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
        $this->assertNotEmpty(static::$meta, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
        $metaCopy = static::$meta;
        // token is malformed
        $metaCopy[CLIENT_AUTH_TOKEN] = '18D5C150-4639-32C8-07CD';
        $query = null;
        $payload = [
            BROKER_REQUEST => BROKER_REQUEST_FETCH,
            BROKER_DATA => [
                STRING_QUERY_DATA => $query
            ],
            BROKER_META_DATA => $metaCopy
        ];
        // submit generic fetch request to namaste read broker
        $response = json_decode(gzuncompress($this->readBrokerClient->call(gzcompress(json_encode($payload)))),true);
        // we expect a failed (false) return because the meta payload is missing the client auth key token
        $this->assertFalse($response[PAYLOAD_STATUS], sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_EXPECTING_FALSE . PAYLOAD_STATUS);
        $this->assertEquals(STATE_DATA_ERROR, $response[PAYLOAD_STATE], sprintf(INFO_LOC, $meth, __LINE__) . sprintf(ERROR_UT_STRING_MISMATCH, STATE_META_ERROR, $response[PAYLOAD_STATE]));
    }


    /**
     * testNegativeWrongToken() -- unit test method
     *
     * This test makes a request against a template requiring authentication but provides the wrong (incorrect)
     * authentication token in the payload.  As such, we should return, in this limited case an authentication error
     * as opposed to a not-found error.
     *
     * Think of two scenarios - one is that we submit a superfluous token that doesn't exist (this test) or we submit
     * a token that's exists, but isn't the correct value as defined in the data template (next test).
     *
     *
     * @author  mike@givingassistant.org
     * @version 1.0
     *
     * HISTORY:
     * ========
     * 06-04-20     mks     ECI-108: Original coding
     *
     */
    public function testNegativeMeaninglessToken()
    {
        $meth = basename(__METHOD__);
        // assertions that the static data is set and accessible
        $this->assertTrue(is_array(static::$meta), sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
        $this->assertNotEmpty(static::$meta, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
        $metaCopy = static::$meta;
        // token is incorrect, but valid - but doesn't like to any record in the db
        $metaCopy[CLIENT_AUTH_TOKEN] = '18D5C150-4639-32C8-07CD-C7CD5970675F';
        $query = null;
        $payload = [
            BROKER_REQUEST => BROKER_REQUEST_FETCH,
            BROKER_DATA => [
                STRING_QUERY_DATA => $query
            ],
            BROKER_META_DATA => $metaCopy
        ];
        // submit generic fetch request to namaste read broker
        $response = json_decode(gzuncompress($this->readBrokerClient->call(gzcompress(json_encode($payload)))),true);
        // we expect a failed (false) return because the meta payload is missing the client auth key token
        $this->assertFalse($response[PAYLOAD_STATUS], sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_EXPECTING_FALSE . PAYLOAD_STATUS);
        $this->assertEquals(STATE_DATA_ERROR, $response[PAYLOAD_STATE], sprintf(INFO_LOC, $meth, __LINE__) . sprintf(ERROR_UT_STRING_MISMATCH, STATE_AUTH_ERROR, $response[PAYLOAD_STATE]));
    }


    /**
     * testNegativeWrongClient() -- unit test method
     *
     * This unit test is designed to fail - we're going to submit a request for a record and the client auth token
     * is linked to an active, valid, smax-token record.  However, it's not the record that's defined in the template.
     * This test covers the case were Partner A attempts to instantiate a data template belonging to Partner B.
     *
     * @author  mike@givingassistant.org
     * @version 1.0
     *
     * HISTORY:
     * ========
     * 06-04-20     mks     ECI-108: Original coding
     *
     */
    public function testNegativeWrongClient()
    {
        $meth = basename(__METHOD__);
        // assertions that the static data is set and accessible
        $this->assertTrue(is_array(static::$meta), sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
        $this->assertNotEmpty(static::$meta, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
        $metaCopy = static::$meta;
        // token is to another active record other than the one defined in the template
        $metaCopy[CLIENT_AUTH_TOKEN] = '136EA67A-B1E2-0A4B-2BD8-EE34D39DFDE1';
        $query = null;
        $payload = [
            BROKER_REQUEST => BROKER_REQUEST_FETCH,
            BROKER_DATA => [
                STRING_QUERY_DATA => $query
            ],
            BROKER_META_DATA => $metaCopy
        ];
        // submit generic fetch request to namaste read broker
        $response = json_decode(gzuncompress($this->readBrokerClient->call(gzcompress(json_encode($payload)))),true);
        // we expect a failed (false) return because the meta payload is missing the client auth key token
        $this->assertFalse($response[PAYLOAD_STATUS], sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_EXPECTING_FALSE . PAYLOAD_STATUS);
        $this->assertEquals(STATE_DATA_ERROR, $response[PAYLOAD_STATE], sprintf(INFO_LOC, $meth, __LINE__) . sprintf(ERROR_UT_STRING_MISMATCH, STATE_AUTH_ERROR, $response[PAYLOAD_STATE]));
    }


    /**
     * testNegativeRequestFromDeletedClient() -- unit test method
     *
     * This test is a negative test - we expect the request to fail.  In this test, we're submitting a fetch request
     * using a client auth token from a deleted record; the smax token record is no longer in an active state.
     *
     * The return message doesn't give away the status of the record - we don't want the white-box user to know anything
     * other than they encountered an authentication error.
     *
     *
     * @author  mike@givingassistant.org
     * @version 1.0
     *
     * HISTORY:
     * ========
     * 06-04-20     mks     ECI-108: Original coding
     *
     */
    public function testNegativeRequestFromDeletedClient()
    {
        $meth = basename(__METHOD__);
        // assertions that the static data is set and accessible
        $this->assertTrue(is_array(static::$meta), sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
        $this->assertNotEmpty(static::$meta, sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_LOST_VARIABLE . STRING_META);
        $metaCopy = static::$meta;
        // token is to a deleted record other than the one defined in the template
        $metaCopy[CLIENT_AUTH_TOKEN] = 'B79652AA-6EA5-27CB-74DD-814E7BFAAD66';
        $query = null;
        $payload = [
            BROKER_REQUEST => BROKER_REQUEST_FETCH,
            BROKER_DATA => [
                STRING_QUERY_DATA => $query
            ],
            BROKER_META_DATA => $metaCopy
        ];
        // submit generic fetch request to namaste read broker
        $response = json_decode(gzuncompress($this->readBrokerClient->call(gzcompress(json_encode($payload)))),true);
        // we expect a failed (false) return because the meta payload is missing the client auth key token
        $this->assertFalse($response[PAYLOAD_STATUS], sprintf(INFO_LOC, $meth, __LINE__) . ERROR_UT_EXPECTING_FALSE . PAYLOAD_STATUS);
        $this->assertEquals(STATE_DATA_ERROR, $response[PAYLOAD_STATE], sprintf(INFO_LOC, $meth, __LINE__) . sprintf(ERROR_UT_STRING_MISMATCH, STATE_AUTH_ERROR, $response[PAYLOAD_STATE]));
    }
}