def test_get_playbooks(client):
    without_login = client.get('/api/playbook/all')
    authenticate(client)
    playbooks = client.get('/api/playbook/all').json
    logout(client)
    assert without_login.status_code == 302
    assert isinstance(playbooks['playbooks'], list)

def test_save_playbook(client):
    without_login = client.post('/api/playbook/save')
    wrong_method = client.get('/api/playbook/save')
    authenticate(client)
    change_pb = client.post('/api/playbook/get', data={
        'key': 1,
    }).json
    change_pb['name'] = 'Modified initial setup'
    change_pb['description'] = 'Modified description'
    save_pb = client.post('/api/playbook/save', data=change_pb).json
    check_pb = client.post('/api/playbook/get', data={
        'key': 1,
    }).json
    wrong_id = client.post('/api/playbook/save', data={
        'key': 0,
        'name': 'Not Good',
        'description': 'This is a test of a non valid id'
    }).json
    logout(client)
    assert without_login.status_code == 302
    assert wrong_method.status_code == 405
    assert save_pb['messageMode'] == 0
    assert wrong_id['messageMode'] == 1
    assert check_pb['name'] == 'Modified initial setup'
    assert check_pb['description'] == 'Modified description'
    assert isinstance(check_pb['tasks'], list)

def test_get_inventory(client):
    without_login = client.get('/api/inventory/all')
    authenticate(client)
    room = client.get('/api/inventory/all').json
    logout(client)
    assert without_login.status_code == 302
    assert isinstance(room['rooms'], list)

def test_change_password(client):
    # TODO: Fix the change password repetition code
    without_login = client.post('/change',
                                data={"password": "password",
                                      "new_password": "new_password",
                                      "new_password_confirm": "new_password"})

    authenticate(client)
    new_password = client.post(
        '/change',
        data={
            "password": "password",
            "new_password": "new_password",
            "new_password_confirm": "new_password",
        }
    )
    password = client.post(
        '/change',
        data={
            "password": "new_password",
            "new_password": "password",
            "new_password_confirm": "password",
        }
    )
    logout(client)
    assert without_login.status_code == 302
    print new_password.data
    assert '/#/settings/user' in new_password.location
    assert password.status_code == 302
    assert '/#/settings/user' in password.location

	def decorated(*args, **kwargs):
		auth = request.authorization
		if not auth:
			return authenticate()
		elif not check_auth(auth.username, auth.password):
			return authenticate()
		return f(*args, **kwargs)

def test_get_all(client):
    without_login = client.get('/api/user/all')
    authenticate(client)
    user_login = client.get('/api/user/all')
    logout(client)
    users = user_login.json
    assert without_login.status_code == 302
    assert 2 == len(users['users'])

    def process_request(self, request):
        """
        Writes the signed_request into the Session
        """
        fb = get_session(request)
        setattr(request, 'fb_session', fb)
        application = get_app_dict()

        logger.debug('Request Method = %s\n, AccessToken=%s' % (request.method, fb.access_token))

        if 'feincms' in settings.INSTALLED_APPS:
            # if feincms is installed, try to get the application from the page
            from facebook.feincms.utils import get_application_from_request
            page_app = get_application_from_request(request)
            if application:
                application = get_app_dict(page_app)

        # Temporary OAuth2.0 fix due to missing access_token in cookie sr:
        if 'access_token' in request.GET:
            fb.store_token(request.GET.get('access_token'))

        # default POST/GET request from facebook with a signed request
        if 'signed_request' in request.POST:
            parsed_request = parseSignedRequest(request.POST['signed_request'], application['SECRET'])
            logger.debug(u'got signed_request from facebook: %s' % parsed_request)
            if 'user' in parsed_request:
                language = parsed_request['user']['locale']
                logger.debug('language: %s' %language)
                request.LANGUAGE_CODE = language
                translation.activate(language)
            fb.signed_request = parsed_request
            logger.debug('stored signed_request')
            expires = None
            # rewrite important data
            if 'oauth_token' in parsed_request:
                expires = datetime.fromtimestamp(float(parsed_request['expires']))
                fb.store_token(parsed_request['oauth_token'], expires)
            elif 'access_token' in parsed_request:
                expires = datetime.fromtimestamp(float(parsed_request['expires']))
                fb.store_token(parsed_request['access_token'], expires)
            else:
                #The chance is good that there is already a valid token in the session. Remove it.
                fb.store_token(None)

            if 'user_id' in parsed_request:
                fb.user_id = parsed_request['user_id']

            else:
                logger.debug("Signed Request didn't contain public user info.")
            if expires:
                logger.debug('Signed Request issued at: %s' % datetime.fromtimestamp(float(parsed_request['issued_at'])))
        
        # auth via callback from facebook
        elif 'code' in request.GET and 'facebook' in request.META.get('HTTP_REFERER', u''):
            authenticate(request.REQUEST['code'], fb, application,
                         request.build_absolute_uri().split('?')[0] \
                            .replace(application['CANVAS-URL'], application['CANVAS-PAGE']))

def test_custom_post_change_view(client):
    authenticate(client)
    response = client.post('/change', data={
        'password': 'password',
        'new_password': 'newpassword',
        'new_password_confirm': 'newpassword'
    }, follow_redirects=True)

    assert b'Profile Page' in response.data

def test_roles_accepted(client):
    for user in ("[email protected]", "[email protected]"):
        authenticate(client, user)
        response = client.get("/admin_or_editor")
        assert b'Admin or Editor Page' in response.data
        logout(client)

    authenticate(client, "[email protected]")
    response = client.get("/admin_or_editor", follow_redirects=True)
    assert b'Home Page' in response.data

def test_multiple_role_required(client):
    for user in ("[email protected]", "[email protected]"):
        authenticate(client, user)
        response = client.get("/admin_and_editor", follow_redirects=True)
        assert b'Home Page' in response.data
        client.get('/logout')

    authenticate(client, '[email protected]')
    response = client.get("/admin_and_editor", follow_redirects=True)
    assert b'Admin and Editor Page' in response.data

def test_user_deleted_during_session_reverts_to_anonymous_user(app, client):
    authenticate(client)

    with app.test_request_context('/'):
        user = app.security.datastore.find_user(email='[email protected]')
        app.security.datastore.delete_user(user)
        app.security.datastore.commit()

    response = client.get('/')
    assert b'Hello [email protected]' not in response.data

def test_categories(client):
    without_login = client.get('/api/task/categories')
    authenticate(client)

    categories = client.get('/api/task/categories').json

    logout(client)
    assert without_login.status_code == 302
    assert isinstance(categories, dict)
    assert isinstance(categories['categories'], list)

def test_context_processors(client, app):
    @app.security.forgot_password_context_processor
    def forgot_password():
        return {"foo": "bar"}

    response = client.get("/reset")
    assert b"bar" in response.data

    @app.security.login_context_processor
    def login():
        return {"foo": "bar"}

    response = client.get("/login")
    assert b"bar" in response.data

    @app.security.register_context_processor
    def register():
        return {"foo": "bar"}

    response = client.get("/register")
    assert b"bar" in response.data

    @app.security.reset_password_context_processor
    def reset_password():
        return {"foo": "bar"}

    response = client.get("/reset")
    assert b"bar" in response.data

    @app.security.change_password_context_processor
    def change_password():
        return {"foo": "bar"}

    authenticate(client)
    response = client.get("/change")
    assert b"bar" in response.data

    @app.security.send_confirmation_context_processor
    def send_confirmation():
        return {"foo": "bar"}

    response = client.get("/confirm")
    assert b"bar" in response.data

    @app.security.mail_context_processor
    def mail():
        return {"foo": "bar"}

    with app.mail.record_messages() as outbox:
        client.post("/reset", data=dict(email="[email protected]"))

    email = outbox[0]
    assert "bar" in email.html

def test_category(client):
    without_login = client.post('/api/task/category')
    authenticate(client)

    category = client.post('/api/task/category',
                           data={'name': 'cloud'}).json
    not_valid_form = client.post('/api/task/category').json
    logout(client)
    assert without_login.status_code == 302
    assert isinstance(category['modules'], list)
    assert category['category_name'] == 'cloud'
    assert isinstance(not_valid_form, dict)

def test_basic_custom_forms(app, sqlalchemy_datastore):
    class MyLoginForm(LoginForm):
        email = StringField('My Login Email Address Field')

    class MyRegisterForm(RegisterForm):
        email = StringField('My Register Email Address Field')

    class MyForgotPasswordForm(ForgotPasswordForm):
        email = StringField(
            'My Forgot Email Address Field',
            validators=[
                email_required,
                email_validator,
                valid_user_email])

    class MyResetPasswordForm(ResetPasswordForm):
        password = StringField('My Reset Password Field')

    class MyChangePasswordForm(ChangePasswordForm):
        password = PasswordField('My Change Password Field')

    app.security = Security(app,
                            datastore=sqlalchemy_datastore,
                            login_form=MyLoginForm,
                            register_form=MyRegisterForm,
                            forgot_password_form=MyForgotPasswordForm,
                            reset_password_form=MyResetPasswordForm,
                            change_password_form=MyChangePasswordForm)

    populate_data(app)
    client = app.test_client()

    response = client.get('/login')
    assert b'My Login Email Address Field' in response.data

    response = client.get('/register')
    assert b'My Register Email Address Field' in response.data

    response = client.get('/reset')
    assert b'My Forgot Email Address Field' in response.data

    with capture_reset_password_requests() as requests:
        response = client.post('/reset', data=dict(email='[email protected]'))

    token = requests[0]['token']
    response = client.get('/reset/' + token)
    assert b'My Reset Password Field' in response.data

    authenticate(client)

    response = client.get('/change')
    assert b'My Change Password Field' in response.data

def test_trackable_flag(app, client):
    e = '[email protected]'
    authenticate(client, email=e)
    logout(client)
    authenticate(client, email=e, headers={'X-Forwarded-For': '127.0.0.1'})

    with app.app_context():
        user = app.security.datastore.find_user(email=e)
        assert user.last_login_at is not None
        assert user.current_login_at is not None
        assert user.last_login_ip == 'untrackable'
        assert user.current_login_ip == '127.0.0.1'
        assert user.login_count == 2

def test_get_user(client):
    user = {
        "admin": True,
        "email": "[email protected]",
        "key": 1,
        "username": "admin"
    }
    without_login = client.get('/api/user/get')
    authenticate(client)
    user_login = client.get('/api/user/get')
    logout(client)
    assert without_login.status_code == 302
    assert user == user_login.json

def test_get_playbook(client):
    wrong_method = client.get('/api/playbook/get')
    without_login = client.post('/api/playbook/get')
    authenticate(client)
    check_pb = client.post('/api/playbook/get', data={
        'key': 1,
    }).json
    logout(client)
    assert without_login.status_code == 302
    assert wrong_method.status_code == 405
    assert check_pb['name'] == 'Initial setup'
    assert check_pb['description'] == 'Hardening of the operative system'
    assert isinstance(check_pb['tasks'], list)

def test_trackable_with_multiple_ips_in_headers(app, client):
    e = '[email protected]'
    authenticate(client, email=e)
    logout(client)
    authenticate(client, email=e, headers={
        'X-Forwarded-For': '99.99.99.99, 88.88.88.88'})

    with app.app_context():
        user = app.security.datastore.find_user(email=e)
        assert user.last_login_at is not None
        assert user.current_login_at is not None
        assert user.last_login_ip == 'untrackable'
        assert user.current_login_ip == '88.88.88.88'
        assert user.login_count == 2

def test_set_unauthorized_handler(app, client):
    @app.security.unauthorized_handler
    def unauthorized():
        app.unauthorized_handler_set = True
        return 'unauthorized-handler-set', 401

    app.unauthorized_handler_set = False

    authenticate(client, "[email protected]")
    response = client.get("/admin", follow_redirects=True)

    assert app.unauthorized_handler_set is True
    assert b'unauthorized-handler-set' in response.data
    assert response.status_code == 401