package dehub

import (
	"testing"

	"dehub.dev/src/dehub.git/accessctl"
	"dehub.dev/src/dehub.git/sigcred"

	"gopkg.in/src-d/go-git.v4/plumbing"
)

func TestConfigChange(t *testing.T) {
	h := newHarness(t)

	var gitCommits []GitCommit

	// commit the initial staged changes, which merely include the config and
	// public key
	gitCommit := h.changeCommit("commit configuration", h.cfg.Accounts[0].ID, h.sig)
	gitCommits = append(gitCommits, gitCommit)

	// create a new account and add it to the configuration. That commit should
	// not be verifiable, though
	newSig, newPubKeyBody := sigcred.SignifierPGPTmp("toot", h.rand)
	h.cfg.Accounts = append(h.cfg.Accounts, Account{
		ID: "toot",
		Signifiers: []sigcred.Signifier{{PGPPublicKey: &sigcred.SignifierPGP{
			Body: string(newPubKeyBody),
		}}},
	})

	h.stageCfg()
	badCommit, err := h.repo.NewCommitChange("add toot user")
	if err != nil {
		t.Fatalf("creating CommitChange: %v", err)
	}
	h.tryCommit(false, badCommit, h.cfg.Accounts[1].ID, newSig)

	// now add with the root user, this should work.
	h.stageCfg()
	gitCommit = h.changeCommit("add toot user", h.cfg.Accounts[0].ID, h.sig)
	gitCommits = append(gitCommits, gitCommit)

	// _now_ the toot user should be able to do things.
	h.stage(map[string]string{"foo/bar": "what a cool file"})
	gitCommit = h.changeCommit("add a cool file", h.cfg.Accounts[1].ID, newSig)
	gitCommits = append(gitCommits, gitCommit)

	if err := h.repo.VerifyCommits(MainRefName, gitCommits); err != nil {
		t.Fatal(err)
	}
}

func TestMainAncestryRequirement(t *testing.T) {
	otherBranch := plumbing.NewBranchReferenceName("other")
	t.Run("empty repo", func(t *testing.T) {
		h := newHarness(t)
		h.checkout(otherBranch)

		// stage and try to add to the "other" branch, it shouldn't work though
		h.stageCfg()
		badCommit, err := h.repo.NewCommitChange("starting new branch at other")
		if err != nil {
			t.Fatalf("creating CommitChange: %v", err)
		}
		h.tryCommit(false, badCommit, h.cfg.Accounts[0].ID, h.sig)
	})

	t.Run("new branch, single commit", func(t *testing.T) {
		h := newHarness(t)
		h.stageCfg()
		h.changeCommit("add cfg", h.cfg.Accounts[0].ID, h.sig)

		// set HEAD to this other branch which doesn't really exist
		ref := plumbing.NewSymbolicReference(plumbing.HEAD, otherBranch)
		if err := h.repo.GitRepo.Storer.SetReference(ref); err != nil {
			h.t.Fatal(err)
		}

		h.stageCfg()
		badCommit, err := h.repo.NewCommitChange("starting new branch at other")
		if err != nil {
			t.Fatalf("creating CommitChange: %v", err)
		}
		h.tryCommit(false, badCommit, h.cfg.Accounts[0].ID, h.sig)
	})
}

func TestAnonymousCommits(t *testing.T) {
	h := newHarness(t)
	anonSig, anonPubKeyBody := sigcred.SignifierPGPTmp("", h.rand)

	h.cfg.AccessControls = []accessctl.AccessControl{{
		Action: accessctl.ActionAllow,
		Filters: []accessctl.Filter{
			{Signature: &accessctl.FilterSignature{Any: true}},
		},
	}}
	h.stageCfg()

	// manually accredit the commit this time
	goodCommit, err := h.repo.NewCommitChange("this will work")
	if err != nil {
		t.Fatalf("creating CommitChange: %v", err)
	} else if goodCommit, err = h.repo.AccreditCommit(goodCommit, anonSig); err != nil {
		t.Fatalf("accreditting CommitChange: %v", err)
	}
	// There is, unfortunately, not a prettier way to do this
	goodCommit.Common.Credentials[0].PGPSignature.PubKeyBody = string(anonPubKeyBody)
	h.tryCommit(true, goodCommit, "", nil)
}