//
// Copyright Amazon.com Inc. or its affiliates.
// All Rights Reserved.
//
// SPDX-License-Identifier: Apache-2.0
//

import XCTest
@testable import Amplify
@testable import AmplifyTestCommon
@testable import AWSDataStorePlugin
@testable import AWSPluginsCore

class StorageEngineSyncRequirementsTests: XCTestCase {

    // MARK: - RequiresAuthPlugin tests

    func testRequiresAuthPluginFalseForMissingAuthRules() {
        let apiPlugin = MockAPICategoryPlugin()
        let result = StorageEngine.requiresAuthPlugin(apiPlugin)
        XCTAssertFalse(result)
    }

    func testRequiresAuthPluginSingleAuthRuleAPIKey() {
        let apiPlugin = MockAPICategoryPlugin()
        let authRules = [AuthRule(allow: .owner, provider: .apiKey)]
        XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginSingleAuthRuleOIDC() {
        let apiPlugin = MockAPICategoryPlugin()
        let authRules = [AuthRule(allow: .owner, provider: .oidc)]
        XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginSingleAuthRuleFunction() {
        let apiPlugin = MockAPICategoryPlugin()
        let authRules = [AuthRule(allow: .private, provider: .function)]
        XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginSingleAuthRuleUserPools() {
        let apiPlugin = MockAPICategoryPlugin()
        let authRules = [AuthRule(allow: .owner, provider: .userPools)]
        XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginSingleAuthRuleIAM() {
        let apiPlugin = MockAPICategoryPlugin()
        let authRules = [AuthRule(allow: .owner, provider: .iam)]
        XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginNoProvidersWithAuthTypeFunction() {
        let authRules = [AuthRule(allow: .owner)]
        let apiPlugin = MockAPIAuthInformationPlugin()
        apiPlugin.authType = .function
        XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginNoProvidersWithAuthTypeAPIKey() {
        let authRules = [AuthRule(allow: .owner)]
        let apiPlugin = MockAPIAuthInformationPlugin()
        apiPlugin.authType = .apiKey
        XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginNoProvidersWithAuthTypeUserPools() {
        let authRules = [AuthRule(allow: .owner)]
        let apiPlugin = MockAPIAuthInformationPlugin()
        apiPlugin.authType = .amazonCognitoUserPools
        XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginNoProvidersWithAuthTypeIAM() {
        let authRules = [AuthRule(allow: .owner)]
        let apiPlugin = MockAPIAuthInformationPlugin()
        apiPlugin.authType = .awsIAM
        XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginNoProvidersWithAuthTypeODIC() {
        let authRules = [AuthRule(allow: .owner)]
        let apiPlugin = MockAPIAuthInformationPlugin()
        apiPlugin.authType = .openIDConnect
        XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginNoProvidersWithAuthTypeNone() {
        let authRules = [AuthRule(allow: .owner)]
        let apiPlugin = MockAPIAuthInformationPlugin()
        apiPlugin.authType = AWSAuthorizationType.none
        XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginOIDCProvider() {
        let authRules = [AuthRule(allow: .owner)]
        let apiPlugin = MockAPIAuthInformationPlugin()
        apiPlugin.defaultAuthTypeError = APIError.unknown("Could not get default auth type", "", nil)
        let oidcProvider = MockOIDCAuthProvider()
        apiPlugin.authProviderFactory = MockAPIAuthProviderFactory(oidcProvider: oidcProvider)
        XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginFunctionProvider() {
        let authRules = [AuthRule(allow: .owner)]
        let apiPlugin = MockAPIAuthInformationPlugin()
        apiPlugin.defaultAuthTypeError = APIError.unknown("Could not get default auth type", "", nil)
        let functionProvider = MockFunctionAuthProvider()
        apiPlugin.authProviderFactory = MockAPIAuthProviderFactory(functionProvider: functionProvider)
        XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    func testRequiresAuthPluginWithAuthRules() {
        let authRules = [AuthRule(allow: .owner)]
        let apiPlugin = MockAPIAuthInformationPlugin()
        apiPlugin.defaultAuthTypeError = APIError.unknown("Could not get default auth type", "", nil)
        XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
    }

    // MARK: - AuthRules tests

    /// Given: a list of auth rules
    /// When: if one or more provider is user pools
    /// Then: Auth plugin is required
    func testRequireAuthPluginWithOIDCProvider() {
        let authRules: AuthRules = [
            AuthRule(allow: .owner, provider: .oidc),
            AuthRule(allow: .private, provider: .iam),
            AuthRule(allow: .owner, provider: .userPools)
        ]
        XCTAssertTrue(authRules.requireAuthPlugin!)
    }

    /// Given: a list of auth rules
    /// When: if one or more provider is iam
    /// Then: Auth plugin is required
    func testRequireAuthPluginWithFunctionProvider() {
        let authRules: AuthRules = [
            AuthRule(allow: .owner, provider: .function),
            AuthRule(allow: .owner, provider: .iam)
        ]
        XCTAssertTrue(authRules.requireAuthPlugin!)
    }

    /// Given: a list of auth rules
    /// When: if all providers are odic/function/apikey,
    /// Then: Auth plugin is not required
    func testDoesNotRequireAuthPlugin() {
        let authRules: AuthRules = [
            AuthRule(allow: .owner, provider: .oidc),
            AuthRule(allow: .owner, provider: .function),
            AuthRule(allow: .public, provider: .apiKey)
        ]
        XCTAssertFalse(authRules.requireAuthPlugin!)
    }

    /// Given: a list of auth rules
    /// When: if the provider is `nil`
    /// Then: cannot be determined
    func testRequireAuthPluginIfProviderIsNil() {
        let authRules: AuthRules = [
            AuthRule(allow: .owner, provider: nil)
        ]
        XCTAssertNil(authRules.requireAuthPlugin)
    }

    /// Given: a list of auth rules
    /// When: if one of the providers is `nil`
    /// Then: cannot be determined
    func testRequireAuthPluginIfOneRulHasProviderNil() {
        let authRules: AuthRules = [
            AuthRule(allow: .owner, provider: nil),
            AuthRule(allow: .public, provider: .apiKey)
        ]
        XCTAssertNil(authRules.requireAuthPlugin)
    }

    // MARK: - Helpers

    class MockAPIAuthInformationPlugin: MockAPICategoryPlugin, AWSAPIAuthInformation {

        var authType: AWSAuthorizationType?

        var defaultAuthTypeError: APIError?

        func defaultAuthType() throws -> AWSAuthorizationType {
            try defaultAuthType(for: nil)
        }

        func defaultAuthType(for apiName: String?) throws -> AWSAuthorizationType {
            if let error = defaultAuthTypeError {
                throw error
            } else if let authType = authType {
                return authType
            } else {
                return .amazonCognitoUserPools
            }
        }
    }
}