_G.spy = spy
local mock_env = require("spec.env_mock")

describe("smr login",function()
	setup(mock_env.setup)
	teardown(mock_env.teardown)
	it("should allow someone to claim an account",function()
		mock_env.mockdb()
		local claim_post = require("endpoints.claim_post")
		configure()
		claim_req = {
			method = "POST",
			host = "test.host",
			path = "/_claim",
			args = {
				user = "user"
			}
		}
		claim_post(claim_req)
		assert(
			claim_req.responsecode == 200,
			"Login did not respond with a 200 code"
		)
		assert(
			claim_req.response_headers,
			"Login did not have response headers."
		)
		assert(
			claim_req.response_headers["Content-Disposition"],
			"Login did not have a Content Disposition header to set filename"
		)
		assert(
			string.find(claim_req.response_headers["Content-Disposition"],"attachment"),
			"Login did not mark passfile as an attachment"
		)
		assert(
			claim_req.response_headers["Content-Disposition"]:find(".passfile"),
			"Login did not name the returned file with the .passfile extension."
		)
		assert(
			claim_req.response_headers["Content-Type"],
			"Login did not respond with a Content-Type"
		)
		assert(
			claim_req.response_headers["Content-Type"] == "application/octet-stream",
			"Login did not mark Content-Type correctly (application/octet-stream)"
		)
		assert(
			claim_req.response,
			"Login did not return a passfile"
		)
	end)
	it("should give a session cookie when logging in with a user",function()
		mock_env.mockdb()
		local claim_post = require("endpoints.claim_post")
		local login_post = require("endpoints.login_post")
		local config = require("config")
		configure()
		local claim_req = {
			method = "POST",
			host = "test.host",
			path = "/_claim",
			args = {
				user = "user"
			}
		}
		claim_post(claim_req)
		login_req = {
			method = "POST",
			host = "test.host",
			path = "/_login",
			args = {
				user = "user"
			},
			file = {
				pass = claim_req.response
			}
		}
		login_post(login_req)
		local code = login_req.responsecode
		assert(
			code >= 300 and code <= 400,
			"Sucessful login should redirect the user"
		)
		assert(
			login_req.response_headers,
			"Sucessful login should have response headers"
		)
		assert(
			login_req.response_headers["set-cookie"],
			"Sucessful login should set a cookie on the client"
		)
		local cookie = login_req.response_headers["set-cookie"]
		local domain_noport = string.match(config.domain,"(.-):?%d*$")
		assert(
			string.find(cookie,"session="),
			"Sucessful login should set a cookie named 'session'"
		)
		assert(
			string.find(cookie,"Domain="..domain_noport),
			"Cookies should only be set for the configured domain"
		)
		assert(
			string.find(cookie,"HttpOnly"),
			"Cookies should have the HttpOnly flag set"
		)
		assert(
			string.find(cookie,"Secure"),
			"Cookies should have the secure flag set"
		)
		assert(
			login_req.response_headers["Location"],
			"Sucessful login should redirect to a location"
		)
		assert(
			login_req.response_headers["Location"] == "https://user." .. config.domain,
			"Login redirect should get domain from config file"
		)
	end)
end)