package auth

import (
	"context"
	"github.com/Nerzal/gocloak/v13"
	"github.com/Nerzal/gocloak/v13/pkg/jwx"
	"os"
	"reflect"
	"testing"
)

var cli = gocloak.NewClient(os.Getenv("JWT_ISSUER"))

func TestDecodeClaims(t *testing.T) {
	tests := []struct {
		token   string
		realm   string
		want    *Claims
		wantErr bool
	}{
		{
			token: "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJzTEFaZEJKUF93OHdZRWI4aDlQNmxNSTltSS1WMlNCX1JRREpmZG5Qek1JIn0.eyJleHAiOjE2OTQ0MDY4MzUsImlhdCI6MTY5NDQwNjUzNSwianRpIjoiMjMzODg1MjAtNmQ5Yi00ZTNiLTkzODItYTk5NWQ1MGZiMzI2IiwiaXNzIjoiaHR0cDovLzIwLjIxMC4xMTUuMjQ1L3JlYWxtcy8zMmE4MzQ4Ni0xNTMwLTUwN2MtYWRkNy1kOTdmNDMxNmIyOGIiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiM2U1NmQxYjMtNjBkMy00OWQxLWExNzQtZDY5Y2ZhNjI1NDE4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibWFzdGVyIiwic2Vzc2lvbl9zdGF0ZSI6ImQxMTg2YmE2LWQyYzEtNGRiZC04MjNiLTJiODM4ZGE0OWVhMCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiIsImRlZmF1bHQtcm9sZXMtZGVtbyJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJzaWQiOiJkMTE4NmJhNi1kMmMxLTRkYmQtODIzYi0yYjgzOGRhNDllYTAiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImJlZWpheSJ9.UGJf4utoJAUL0TzaaRwiAew_r5movdt_zrQab0wUt7kfIeV-3x8VPegeHSwKpc3Aera7RPjGjQMF4_rPgxjowMNXKPVY3kxIj0g9Mx0A80t3-iUcYuVzRYYqw0WUEDonFxWSo1i4kbuZeBv55Q3mHNYp_umKn_Fp2AzH3o1vLQoBLoX1_zj9MjljFTJtwAjHQ96AYHfO0lc-gREJFdFOSlNNvNXYlAZott_3vilhbGu0JhbpHmNgIibnNFsV444K0toa2BeMrcr-dL09FKVb0mcZt3lj5UfHF2BXDJSsrL0nUXgb7ZoBKjaGDqkvL8GFViDr7wRpiFABBBWwAQyaNA",
			realm: "32a83486-1530-507c-add7-d97f4316b28b",
			want: &Claims{
				Acr:            "1",
				AllowedOrigins: []string{"*"},
				Aud:            "account",
				Azp:            "master",
				EmailVerified:  false,
				ExpiresAr:      1694406835,
				IssuedAt:       1694406535,
				Issuer:         "http://20.210.115.245/realms/32a83486-1530-507c-add7-d97f4316b28b",
				Jti:            "b489568f-5236-4c97-aa81-172cf18036bc",
				Username:       "beejay",
				RealmAccess: jwx.RealmAccess{
					Roles: []string{"offline_access", "uma_authorization", "default-roles-demo"},
				},
				ResourceAccess: jwx.ResourceAccess{
					Account: jwx.Account{
						Roles: []string{"manage-account", "manage-account-links", "view-profile"},
					},
				},
				Scope:        "openid email profile",
				SessionState: "d1186ba6-d2c1-4dbd-823b-2b838da49ea0",
				Sid:          "d1186ba6-d2c1-4dbd-823b-2b838da49ea0",
				Sub:          "3e56d1b3-60d3-49d1-a174-d69cfa625418",
				Typ:          "Bearer",
			},
			wantErr: false,
		},
	}

	for _, tt := range tests {
		t.Run("TestDecodeClaims", func(t *testing.T) {
			token, _, err := cli.DecodeAccessToken(context.TODO(), tt.token, tt.realm)
			if (err != nil) != tt.wantErr {
				t.Errorf("DecodeClaims() error = %v, wantErr %v", err, tt.wantErr)
				return
			}

			got, err := DecodeClaims(token)
			if (err != nil) != tt.wantErr {
				t.Errorf("DecodeClaims() error = %v, wantErr %v", err, tt.wantErr)
				return
			}

			if !reflect.DeepEqual(got, tt.want) {
				t.Errorf("DecodeClaims() got = %v, want %v", got, tt.want)
			}
		})
	}
}