#!/usr/bin/env python

from base64 import encodebytes as b64encode

import pytest

from saml2.authn_context import INTERNETPROTOCOLPASSWORD
from saml2.saml import NAMEID_FORMAT_TRANSIENT
from saml2.samlp import NameIDPolicy
from saml2.server import Server


try:
    from saml2.s2repoze.plugins.sp import make_plugin
except ImportError:
    make_plugin = None

ENV1 = {
    "SERVER_SOFTWARE": "CherryPy/3.1.2 WSGI Server",
    "SCRIPT_NAME": "",
    "ACTUAL_SERVER_PROTOCOL": "HTTP/1.1",
    "REQUEST_METHOD": "GET",
    "PATH_INFO": "/krissms",
    "SERVER_PROTOCOL": "HTTP/1.1",
    "QUERY_STRING": "",
    "REMOTE_ADDR": "127.0.0.1",
    "HTTP_USER_AGENT": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) ",
    "HTTP_CONNECTION": "keep-alive",
    "SERVER_NAME": "lingon-catalogix-se-2.local",
    "REMOTE_PORT": "57309",
    "wsgi.url_scheme": "http",
    "SERVER_PORT": "8087",
    "HTTP_HOST": "127.0.0.1:8087",
    "wsgi.multithread": True,
    "HTTP_ACCEPT": "application/xml,application/xhtml+xml,text/html;q=0.9," "text/plain;q=0.8,image/png,*/*;q=0.5",
    "wsgi.version": (1, 0),
    "wsgi.run_once": False,
    "wsgi.multiprocess": False,
    "HTTP_ACCEPT_LANGUAGE": "en-us",
    "HTTP_ACCEPT_ENCODING": "gzip, deflate",
}

trans_name_policy = NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT, allow_create="true")

AUTHN = {"class_ref": INTERNETPROTOCOLPASSWORD, "authn_auth": "http://www.example.com/login"}


@pytest.mark.skipif(not make_plugin, reason="s2repoze dependencies not installed")
class TestSP:
    def setup_class(self):
        self.sp = make_plugin("rem", saml_conf="server_conf")
        # Explicitly allow unsigned responses for this test
        self.sp.saml_client.want_response_signed = False
        self.server = Server(config_file="idp_conf")

    def teardown_class(self):
        self.server.close()

    def test_setup(self):
        assert self.sp

    def test_identify(self):
        # Create a SAMLResponse
        ava = {"givenName": ["Derek"], "surName": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": ["The man"]}

        resp_str = "%s" % self.server.create_authn_response(
            ava,
            "id1",
            "http://lingon.catalogix.se:8087/",
            "urn:mace:example.com:saml:roland:sp",
            trans_name_policy,
            "foba0001@example.com",
            authn=AUTHN,
        )

        resp_str = b64encode(resp_str.encode("utf-8"))
        self.sp.outstanding_queries = {"id1": "http://www.example.com/service"}
        session_info = self.sp._eval_authn_response({}, {"SAMLResponse": [resp_str]})

        assert len(session_info) > 1
        assert session_info["came_from"] == "http://www.example.com/service"
        assert session_info["ava"] == {
            "givenName": ["Derek"],
            "mail": ["derek@nyy.mlb.com"],
            "sn": ["Jeter"],
            "title": ["The man"],
        }


if __name__ == "__main__":
    _sp = TestSP()
    _sp.setup_class()
    _sp.test_identify()