package dehub

import (
	"dehub/sigcred"
	"testing"

	"gopkg.in/src-d/go-git.v4"
	"gopkg.in/src-d/go-git.v4/plumbing"
	yaml "gopkg.in/yaml.v2"
)

func TestConfigChange(t *testing.T) {
	h := newHarness(t)

	var hashes []plumbing.Hash

	// commit the initial staged changes, which merely include the config and
	// public key
	_, hash := h.changeCommit("commit configuration", h.cfg.Accounts[0].ID, h.sig)
	hashes = append(hashes, hash)

	// create a new account and add it to the configuration. That commit should
	// not be verifiable, though
	newSig, newPubKeyBody := sigcred.SignifierPGPTmp("toot", h.rand)
	h.cfg.Accounts = append(h.cfg.Accounts, Account{
		ID: "toot",
		Signifiers: []sigcred.Signifier{{PGPPublicKey: &sigcred.SignifierPGP{
			Body: string(newPubKeyBody),
		}}},
	})
	h.cfg.AccessControls[0].ChangeAccessControls[0].Condition.Signature.AccountIDs = []string{"root", "toot"}
	h.cfg.AccessControls[0].ChangeAccessControls[0].Condition.Signature.Count = "1"

	cfgBody, err := yaml.Marshal(h.cfg)
	if err != nil {
		t.Fatal(err)
	}
	h.stage(map[string]string{ConfigPath: string(cfgBody)})
	_, badHash := h.changeCommit("add toot user", h.cfg.Accounts[1].ID, newSig)

	if err := h.repo.VerifyCommit(MainRefName, badHash); err == nil {
		t.Fatal("toot user shouldn't be able to add itself to config")
	}
	h.reset(hash, git.HardReset)

	// now add with the root user, this should work.
	h.stage(map[string]string{ConfigPath: string(cfgBody)})
	_, hash = h.changeCommit("add toot user", h.cfg.Accounts[0].ID, h.sig)
	hashes = append(hashes, hash)

	// _now_ the toot user should be able to do things.
	h.stage(map[string]string{"foo/bar": "what a cool file"})
	_, hash = h.changeCommit("add a cool file", h.cfg.Accounts[1].ID, newSig)
	hashes = append(hashes, hash)

	for i, hash := range hashes {
		if err := h.repo.VerifyCommit(MainRefName, hash); err != nil {
			t.Fatalf("commit %d (%v) should have been verified but wasn't: %v", i, hash, err)
		}
	}
}