<?php

namespace Pterodactyl\Tests\Integration\Api\Application\Users;

use Pterodactyl\Models\User;
use Illuminate\Http\Response;
use Pterodactyl\Services\Acl\Api\AdminAcl;
use Pterodactyl\Transformers\Api\Application\UserTransformer;
use Pterodactyl\Transformers\Api\Application\ServerTransformer;
use Pterodactyl\Tests\Integration\Api\Application\ApplicationApiIntegrationTestCase;

class UserControllerTest extends ApplicationApiIntegrationTestCase
{
    /**
     * Test the response when requesting all users on the panel.
     */
    public function testGetUsers()
    {
        $user = factory(User::class)->create();

        $response = $this->getJson('/api/application/users');
        $response->assertStatus(Response::HTTP_OK);
        $response->assertJsonCount(2, 'data');
        $response->assertJsonStructure([
            'object',
            'data' => [
                ['object', 'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at']],
                ['object', 'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at']],
            ],
            'meta' => ['pagination' => ['total', 'count', 'per_page', 'current_page', 'total_pages']],
        ]);

        $response
            ->assertJson([
                'object' => 'list',
                'data' => [[], []],
                'meta' => [
                    'pagination' => [
                        'total' => 2,
                        'count' => 2,
                        'per_page' => 50,
                        'current_page' => 1,
                        'total_pages' => 1,
                    ],
                ],
            ])
            ->assertJsonFragment([
                'object' => 'user',
                'attributes' => [
                    'id' => $this->getApiUser()->id,
                    'external_id' => $this->getApiUser()->external_id,
                    'uuid' => $this->getApiUser()->uuid,
                    'username' => $this->getApiUser()->username,
                    'email' => $this->getApiUser()->email,
                    'first_name' => $this->getApiUser()->name_first,
                    'last_name' => $this->getApiUser()->name_last,
                    'language' => $this->getApiUser()->language,
                    'root_admin' => (bool) $this->getApiUser()->root_admin,
                    '2fa' => (bool) $this->getApiUser()->totp_enabled,
                    'created_at' => $this->formatTimestamp($this->getApiUser()->created_at),
                    'updated_at' => $this->formatTimestamp($this->getApiUser()->updated_at),
                ],
            ])
            ->assertJsonFragment([
                'object' => 'user',
                'attributes' => [
                    'id' => $user->id,
                    'external_id' => $user->external_id,
                    'uuid' => $user->uuid,
                    'username' => $user->username,
                    'email' => $user->email,
                    'first_name' => $user->name_first,
                    'last_name' => $user->name_last,
                    'language' => $user->language,
                    'root_admin' => (bool) $user->root_admin,
                    '2fa' => (bool) $user->totp_enabled,
                    'created_at' => $this->formatTimestamp($user->created_at),
                    'updated_at' => $this->formatTimestamp($user->updated_at),
                ],
            ]);
    }

    /**
     * Test getting a single user.
     */
    public function testGetSingleUser()
    {
        $user = factory(User::class)->create();

        $response = $this->getJson('/api/application/users/' . $user->id);
        $response->assertStatus(Response::HTTP_OK);
        $response->assertJsonCount(2);
        $response->assertJsonStructure([
            'object',
            'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at'],
        ]);

        $response->assertJson([
            'object' => 'user',
            'attributes' => [
                'id' => $user->id,
                'external_id' => $user->external_id,
                'uuid' => $user->uuid,
                'username' => $user->username,
                'email' => $user->email,
                'first_name' => $user->name_first,
                'last_name' => $user->name_last,
                'language' => $user->language,
                'root_admin' => (bool) $user->root_admin,
                '2fa' => (bool) $user->totp_enabled,
                'created_at' => $this->formatTimestamp($user->created_at),
                'updated_at' => $this->formatTimestamp($user->updated_at),
            ],
        ]);
    }

    /**
     * Test that the correct relationships can be loaded.
     */
    public function testRelationshipsCanBeLoaded()
    {
        $user = factory(User::class)->create();
        $server = $this->createServerModel(['user_id' => $user->id]);

        $response = $this->getJson('/api/application/users/' . $user->id . '?include=servers');
        $response->assertStatus(Response::HTTP_OK);
        $response->assertJsonCount(2);
        $response->assertJsonStructure([
            'object',
            'attributes' => [
                'id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at',
                'relationships' => ['servers' => ['object', 'data' => [['object', 'attributes' => []]]]],
            ],
        ]);

        $response->assertJsonFragment([
            'object' => 'list',
            'data' => [
                [
                    'object' => 'server',
                    'attributes' => $this->getTransformer(ServerTransformer::class)->transform($server),
                ],
            ],
        ]);
    }

    /**
     * Test that attempting to load a relationship that the key does not have permission
     * for returns a null object.
     */
    public function testKeyWithoutPermissionCannotLoadRelationship()
    {
        $this->createNewDefaultApiKey($this->getApiUser(), ['r_servers' => 0]);

        $user = factory(User::class)->create();
        $this->createServerModel(['user_id' => $user->id]);

        $response = $this->getJson('/api/application/users/' . $user->id . '?include=servers');
        $response->assertStatus(Response::HTTP_OK);
        $response->assertJsonCount(2)->assertJsonCount(1, 'attributes.relationships');
        $response->assertJsonStructure([
            'attributes' => [
                'relationships' => [
                    'servers' => ['object', 'attributes'],
                ],
            ],
        ]);

        // Just assert that we see the expected relationship IDs in the response.
        $response->assertJson([
            'attributes' => [
                'relationships' => [
                    'servers' => [
                        'object' => 'null_resource',
                        'attributes' => null,
                    ],
                ],
            ],
        ]);
    }

    /**
     * Test that an invalid external ID returns a 404 error.
     */
    public function testGetMissingUser()
    {
        $response = $this->getJson('/api/application/users/nil');
        $this->assertNotFoundJson($response);
    }

    /**
     * Test that an authentication error occurs if a key does not have permission
     * to access a resource.
     */
    public function testErrorReturnedIfNoPermission()
    {
        $user = factory(User::class)->create();
        $this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);

        $response = $this->getJson('/api/application/users/' . $user->id);
        $this->assertAccessDeniedJson($response);
    }

    /**
     * Test that a users's existence is not exposed unless an API key has permission
     * to access the resource.
     */
    public function testResourceIsNotExposedWithoutPermissions()
    {
        $this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);

        $response = $this->getJson('/api/application/users/nil');
        $this->assertAccessDeniedJson($response);
    }

    /**
     * Test that a user can be created.
     */
    public function testCreateUser()
    {
        $response = $this->postJson('/api/application/users', [
            'username' => 'testuser',
            'email' => 'test@example.com',
            'first_name' => 'Test',
            'last_name' => 'User',
        ]);

        $response->assertStatus(Response::HTTP_CREATED);
        $response->assertJsonCount(3);
        $response->assertJsonStructure([
            'object',
            'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at'],
            'meta' => ['resource'],
        ]);

        $this->assertDatabaseHas('users', ['username' => 'testuser', 'email' => 'test@example.com']);

        $user = User::where('username', 'testuser')->first();
        $response->assertJson([
            'object' => 'user',
            'attributes' => $this->getTransformer(UserTransformer::class)->transform($user),
            'meta' => [
                'resource' => route('api.application.users.view', $user->id),
            ],
        ], true);
    }

    /**
     * Test that a user can be updated.
     */
    public function testUpdateUser()
    {
        $user = factory(User::class)->create();

        $response = $this->patchJson('/api/application/users/' . $user->id, [
            'username' => 'new.test.name',
            'email' => 'new@emailtest.com',
            'first_name' => $user->name_first,
            'last_name' => $user->name_last,
        ]);
        $response->assertStatus(Response::HTTP_OK);
        $response->assertJsonCount(2);
        $response->assertJsonStructure([
            'object',
            'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at'],
        ]);

        $this->assertDatabaseHas('users', ['username' => 'new.test.name', 'email' => 'new@emailtest.com']);
        $user = $user->fresh();

        $response->assertJson([
            'object' => 'user',
            'attributes' => $this->getTransformer(UserTransformer::class)->transform($user),
        ]);
    }

    /**
     * Test that a user can be deleted from the database.
     */
    public function testDeleteUser()
    {
        $user = factory(User::class)->create();
        $this->assertDatabaseHas('users', ['id' => $user->id]);

        $response = $this->delete('/api/application/users/' . $user->id);
        $response->assertStatus(Response::HTTP_NO_CONTENT);

        $this->assertDatabaseMissing('users', ['id' => $user->id]);
    }

    /**
     * Test that an API key without write permissions cannot create, update, or
     * delete a user model.
     *
     * @param string $method
     * @param string $url
     *
     * @dataProvider userWriteEndpointsDataProvider
     */
    public function testApiKeyWithoutWritePermissions(string $method, string $url)
    {
        $this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => AdminAcl::READ]);

        if (str_contains($url, '{id}')) {
            $user = factory(User::class)->create();
            $url = str_replace('{id}', $user->id, $url);
        }

        $response = $this->$method($url);
        $this->assertAccessDeniedJson($response);
    }

    /**
     * Endpoints that should return a 403 error when the key does not have write
     * permissions for user management.
     *
     * @return array
     */
    public function userWriteEndpointsDataProvider(): array
    {
        return [
            ['postJson', '/api/application/users'],
            ['patchJson', '/api/application/users/{id}'],
            ['delete', '/api/application/users/{id}'],
        ];
    }
}