/*
© Copyright IBM Corporation 2021, 2024

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include "log.h"
#include "simpleauth.h"
#include "simpleauth_test.h"
#include <stdlib.h>
#include <string.h>
// Headers for multi-threaded tests
#include <pthread.h>

// Start a test and log the function name
#define test_start() printf("=== RUN: %s\n", __func__)

// Indicate test has passed
#define test_pass() printf("--- PASS: %s\n", __func__)

// Indicate test has failed
void test_fail(const char *test_name)
{
  printf("--- FAIL: %s\n", test_name);
  exit(1);
}

// ----------------------------------------------------------------------------
// Simple test to read secret
// ----------------------------------------------------------------------------

void test_read_secret_ok()
{
  test_start();
  char *pwd = read_secret("./src/mqAdminPassword");
  char *password = "fred:$2y$05$3Fp9";
  if (0 != strcmp(pwd, password))
  {
    printf("%s: pwd: '%s'; password: '%s'\n", __func__, pwd, password);
    test_fail(__func__);
  }

  test_pass();
}

// ----------------------------------------------------------------------------
// Simple tests for authentication
// ----------------------------------------------------------------------------

void test_simpleauth_valid_user_app_valid()
{
  test_start();
  bool validUser = simpleauth_valid_user(APP_USER_NAME);
  printf("%s: app - %d\n", __func__, validUser);

  if (!validUser)
    test_fail(__func__);
  test_pass();
}

void test_simpleauth_valid_user_admin_valid()
{
  test_start();
  bool validUser = simpleauth_valid_user(ADMIN_USER_NAME);
  printf("%s: admin - %d\n", __func__, validUser);
  if (!validUser)
    test_fail(__func__);
  test_pass();
}

void test_simpleauth_valid_user_george_invalid()
{
  test_start();
  bool validUser = simpleauth_valid_user("george");
  printf("%s: george - %d\n", __func__, validUser);
  if (validUser)
    test_fail(__func__);
  test_pass();
}

void test_simpleauth_authenticate_user_fred_unknown()
{
  test_start();
  test_set_app_password_env("passw0rd-fred-env");
  int rc = simpleauth_authenticate_user("fred", "passw0rd-fred-env");
  printf("%s: fred - %d\n", __func__, rc);
  if (rc != SIMPLEAUTH_INVALID_USER)
    test_fail(__func__);
  test_pass();
}

void test_simpleauth_authenticate_user_app_ok()
{
  test_start();
  test_set_app_password_env("passw0rd-app-env");
  int rc = simpleauth_authenticate_user("app", "passw0rd-app-env");
  printf("%s: app - %d\n", __func__, rc);
  if (rc != SIMPLEAUTH_VALID)
    test_fail(__func__);
  test_pass();
}

void test_simpleauth_authenticate_user_admin_ok()
{
  test_start();
  test_set_admin_password_env("passw0rd-admin-env");
  int rc = simpleauth_authenticate_user("admin", "passw0rd-admin-env");
  printf("%s: admin - %d\n", __func__, rc);
  if (rc != SIMPLEAUTH_VALID)
    test_fail(__func__);
  test_pass();
}

void test_simpleauth_authenticate_user_admin_invalidpasswords()
{
  test_start();
  test_set_admin_password_env("password-admin-env");
  const char *bad_passwords[] = {
      "",
      "passw0rd-admin-env",
      "Password-admin-env",
      "pass",
      "password",
      "password-app",
      "password-app-env",
      "password-admin-env-123"};
  size_t bad_pass_len = sizeof(bad_passwords) / sizeof(bad_passwords[0]);

  for (int i = 0; i < bad_pass_len; i++)
  {
    int rc = simpleauth_authenticate_user("admin", bad_passwords[i]);
    printf("%s: admin/%s - %d\n", __func__, bad_passwords[i], rc);
    if (rc != SIMPLEAUTH_INVALID_PASSWORD)
      test_fail(__func__);
    test_pass();
  }
}

void test_simpleauth_authenticate_user_admin_secret_file_valid()
{
  test_start();
  test_set_admin_password_file("password-admin-file");
  int rc = simpleauth_authenticate_user("admin", "password-admin-file");
  printf("%s: admin - %d\n", __func__, rc);
  if (rc != SIMPLEAUTH_VALID)
    test_fail(__func__);
  test_pass();
}

void test_simpleauth_authenticate_user_admin_secret_file_long()
{
  test_start();

  const int test_password_length = MAX_PASSWORD_LENGTH + 7;
  char test_password[test_password_length];
  char truncated_password[MAX_PASSWORD_LENGTH + 1];
  for (int i = 0; i < test_password_length; i++)
  {
    test_password[i] = '0' + ((i + 1) % 10);
    if (i < MAX_PASSWORD_LENGTH)
    {
      truncated_password[i] = test_password[i];
    }
  }
  test_password[test_password_length] = 0;
  truncated_password[MAX_PASSWORD_LENGTH] = 0;
  test_set_admin_password_file(test_password);

  int rc = simpleauth_authenticate_user("admin", test_password);
  if (rc != SIMPLEAUTH_INVALID_PASSWORD)
  {
    printf("%s: admin/'%s' - %d\n", __func__, test_password, rc);
    test_fail(__func__);
  }

  rc = simpleauth_authenticate_user("admin", truncated_password);
  if (rc != SIMPLEAUTH_VALID)
  {
    printf("%s: admin/'%s' - %d\n", __func__, truncated_password, rc);
    test_fail(__func__);
  }

  test_pass();
}

void test_simpleauth_authenticate_user_admin_secret_file_invalid()
{
  test_start();

  test_set_admin_password_file("password-admin-file");
  const char *bad_passwords[] = {
      "",
      "passw0rd-admin-file",
      "Password-admin-file",
      "pass",
      "password",
      "password-app-file",
      "password-admin-file-123"};
  size_t bad_pass_len = sizeof(bad_passwords) / sizeof(bad_passwords[0]);

  for (int i = 0; i < bad_pass_len; i++)
  {
    int rc = simpleauth_authenticate_user("admin", bad_passwords[i]);
    printf("%s: admin/%s - %d\n", __func__, bad_passwords[i], rc);
    if (rc != SIMPLEAUTH_INVALID_PASSWORD)
      test_fail(__func__);
    test_pass();
  }
}

void test_simpleauth_authenticate_user_app_secret_file_valid()
{
  test_start();
  test_set_app_password_file("password-app-file");
  int rc = simpleauth_authenticate_user("app", "password-app-file");
  printf("%s: admin - %d\n", __func__, rc);
  if (rc != SIMPLEAUTH_VALID)
    test_fail(__func__);
  test_pass();
}

void test_simpleauth_authenticate_user_app_secret_file_invalid()
{
  test_start();

  test_set_app_password_file("password-app-file");
  const char *bad_passwords[] = {
      "",
      "passw0rd-app-file",
      "Password-app-file",
      "pass",
      "password",
      "password-admin-file",
      "password-app-file-123"};
  size_t bad_pass_len = sizeof(bad_passwords) / sizeof(bad_passwords[0]);

  for (int i = 0; i < bad_pass_len; i++)
  {
    int rc = simpleauth_authenticate_user("app", bad_passwords[i]);
    printf("%s: app/%s - %d\n", __func__, bad_passwords[i], rc);
    if (rc != SIMPLEAUTH_INVALID_PASSWORD)
      test_fail(__func__);
    test_pass();
  }
}

// ----------------------------------------------------------------------------
// Multi-threaded test
// ----------------------------------------------------------------------------

#define NUM_THREADS 5
// Number of tests to perform per thread.  Higher numbers are more likely to trigger timing issue.
#define NUM_TESTS_PER_THREAD 1000
// Maximum number of JSON errors to report (log can get flooded)
#define MAX_JSON_ERRORS 10

// Authenticate multiple users, multiple times
void *authenticate_many_times(void *p)
{
  test_set_admin_password_env("passw0rd");
  test_set_app_password_env("passw0rd");
  for (int i = 0; i < NUM_TESTS_PER_THREAD; i++)
  {
    int rc = simpleauth_authenticate_user("admin", "passw0rd");
    if (rc != SIMPLEAUTH_VALID)
      test_fail(__func__);
    rc = simpleauth_authenticate_user("app", "passw0rd");
    if (rc != SIMPLEAUTH_VALID)
      test_fail(__func__);
  }
  pthread_exit(NULL);
}

void check_log_file_valid(char *filename)
{
  int errors = 0;
  printf("--- Checking log file is valid\n");
  // Check that the JSON log file isn't corrupted
  FILE *log = fopen(filename, "r");
  if (log == NULL)
  {
    test_fail(__func__);
  }
  const size_t line_size = 1024;
  char *line = malloc(line_size);
  while (fgets(line, line_size, log) != NULL)
  {
    if ((line[0] != '{') && (errors < MAX_JSON_ERRORS))
    {
      printf("*** Invalid JSON detected: %s\n", line);
      errors++;
    }
  }
  if (line)
  {
    free(line);
  }
  fclose(log);
}

// Test authenticate_user with multiple threads, each doing many authentications
void test_simpleauth_authenticate_user_multithreaded(char *logfile)
{
  pthread_t threads[NUM_THREADS];
  int rc;
  test_start();
  // Re-initialize the log to use a file for the multi-threaded test
  log_init(logfile);
  for (int i = 0; i < NUM_THREADS; i++)
  {
    printf("Creating thread %d\n", i);
    rc = pthread_create(&threads[i], NULL, authenticate_many_times, NULL);
    if (rc)
    {
      printf("Error: Unable to create thread, %d\n", rc);
      test_fail(__func__);
    }
  }
  // Wait for all the threads to complete
  for (int i = 0; i < NUM_THREADS; i++)
  {
    pthread_join(threads[i], NULL);
  }
  check_log_file_valid(logfile);
  test_pass();
}

// ----------------------------------------------------------------------------
// Test utility functions
// ----------------------------------------------------------------------------
int write_secret(const char *const secretFile, const char *const value)
{
  FILE *fp = fopen(secretFile, "w");
  if (fp)
  {
    int rc;
    rc = fprintf(fp, "%s\n", value);
    fclose(fp);
    return rc;
  }
  else
  {
    return 1;
  }
}

void test_set_admin_password_env(const char *const password)
{
  setenv("MQ_ADMIN_PASSWORD", password, 1);
  _mq_admin_secret_file = MQ_ADMIN_SECRET_FILE_DEFAULT;
}

void test_set_app_password_env(const char *const password)
{
  setenv("MQ_APP_PASSWORD", password, 1);
  _mq_app_secret_file = MQ_APP_SECRET_FILE_DEFAULT;
}

void test_set_admin_password_file(const char *const password)
{
  write_secret(MQ_ADMIN_SECRET_FILE_TEST, password);
  _mq_admin_secret_file = MQ_ADMIN_SECRET_FILE_TEST;
  unsetenv("MQ_ADMIN_PASSWORD");
}

void test_set_app_password_file(const char *const password)
{
  write_secret(MQ_APP_SECRET_FILE_TEST, password);
  _mq_app_secret_file = MQ_APP_SECRET_FILE_TEST;
  unsetenv("MQ_APP_PASSWORD");
}

// ----------------------------------------------------------------------------

int main()
{
  // Turn on debugging for the tests
  setenv("DEBUG", "true", true);
  log_init("simpleauth_test.log");

  test_read_secret_ok();
  test_simpleauth_valid_user_app_valid();
  test_simpleauth_valid_user_admin_valid();
  test_simpleauth_valid_user_george_invalid();
  test_simpleauth_authenticate_user_fred_unknown();
  test_simpleauth_authenticate_user_app_ok();
  test_simpleauth_authenticate_user_admin_ok();
  test_simpleauth_authenticate_user_admin_invalidpasswords();
  test_simpleauth_authenticate_user_admin_secret_file_valid();
  test_simpleauth_authenticate_user_admin_secret_file_long();
  test_simpleauth_authenticate_user_admin_secret_file_invalid();
  test_simpleauth_authenticate_user_app_secret_file_valid();
  test_simpleauth_authenticate_user_app_secret_file_invalid();

  log_close();

  // Call multi-threaded test last, because it re-initializes the log to use a file
  test_simpleauth_authenticate_user_multithreaded("simpleauth_test_multithreaded.log");
}