#!/usr/bin/env python3
"""
Test script for Debian Forge Composer Client with Authentication

This script tests the enhanced composer client functionality including:
- User authentication
- Permission-based access control
- Secure API operations
"""

from composer_client import ComposerClient
from user_management import UserManager
import os

def test_composer_authentication():
    """Test the composer client authentication and permissions"""
    
    # Use a test database
    test_db = "test_users.db"
    
    # Clean up any existing test database
    if os.path.exists(test_db):
        os.remove(test_db)
    
    print("🧪 Testing Debian Forge Composer Client Authentication")
    print("=" * 60)
    
    # Initialize user manager and create test users
    user_mgr = UserManager(test_db)
    
    # Create test users
    user_mgr.create_user("admin", "admin@debian-forge.org", "admin123", "admin")
    user_mgr.create_user("user1", "user1@debian-forge.org", "user123", "user")
    user_mgr.create_user("viewer1", "viewer1@debian-forge.org", "viewer123", "viewer")
    
    print("✅ Test users created")
    
    # Test 1: Composer client without authentication
    print("\n1. Testing composer client without authentication...")
    
    client_no_auth = ComposerClient()
    
    # Should not have any permissions
    if not client_no_auth.check_permission("read"):
        print("   ✅ Unauthenticated client correctly has no permissions")
    else:
        print("   ❌ Unauthenticated client incorrectly has permissions")
        return False
    
    # Test 2: Composer client with admin authentication
    print("\n2. Testing composer client with admin authentication...")
    
    client_admin = ComposerClient(username="admin", password="admin123")
    
    # Admin should have all permissions
    if client_admin.check_permission("read"):
        print("   ✅ Admin client can read")
    else:
        print("   ❌ Admin client cannot read")
        return False
    
    if client_admin.check_permission("build"):
        print("   ✅ Admin client can build")
    else:
        print("   ❌ Admin client cannot build")
        return False
    
    if client_admin.check_permission("admin"):
        print("   ✅ Admin client can admin")
    else:
        print("   ❌ Admin client cannot admin")
        return False
    
    # Test 3: Composer client with user authentication
    print("\n3. Testing composer client with user authentication...")
    
    client_user = ComposerClient(username="user1", password="user123")
    
    # User should have read and build permissions
    if client_user.check_permission("read"):
        print("   ✅ User client can read")
    else:
        print("   ❌ User client cannot read")
        return False
    
    if client_user.check_permission("build"):
        print("   ✅ User client can build")
    else:
        print("   ❌ User client cannot build")
        return False
    
    if not client_user.check_permission("admin"):
        print("   ✅ User client correctly cannot admin")
    else:
        print("   ❌ User client incorrectly can admin")
        return False
    
    # Test 4: Composer client with viewer authentication
    print("\n4. Testing composer client with viewer authentication...")
    
    client_viewer = ComposerClient(username="viewer1", password="viewer123")
    
    # Viewer should only have read permissions
    if client_viewer.check_permission("read"):
        print("   ✅ Viewer client can read")
    else:
        print("   ❌ Viewer client cannot read")
        return False
    
    if not client_viewer.check_permission("build"):
        print("   ✅ Viewer client correctly cannot build")
    else:
        print("   ❌ Viewer client incorrectly can build")
        return False
    
    if not client_viewer.check_permission("admin"):
        print("   ✅ Viewer client correctly cannot admin")
    else:
        print("   ❌ Viewer client incorrectly can admin")
        return False
    
    # Test 5: Dynamic authentication
    print("\n5. Testing dynamic authentication...")
    
    client_dynamic = ComposerClient()
    
    # Initially no permissions
    if not client_dynamic.check_permission("read"):
        print("   ✅ Dynamic client initially has no permissions")
    else:
        print("   ❌ Dynamic client initially has permissions")
        return False
    
    # Authenticate as admin
    client_dynamic.authenticate("admin", "admin123")
    
    # Now should have admin permissions
    if client_dynamic.check_permission("admin"):
        print("   ✅ Dynamic client can admin after authentication")
    else:
        print("   ❌ Dynamic client cannot admin after authentication")
        return False
    
    # Test 6: Permission-based method access
    print("\n6. Testing permission-based method access...")
    
    # Create a test blueprint file
    test_blueprint = "test-blueprint.json"
    with open(test_blueprint, 'w') as f:
        f.write('{"name": "test", "version": "0.0.1"}')
    
    # Admin should be able to submit blueprint
    try:
        client_admin.submit_blueprint(test_blueprint)
        print("   ✅ Admin can submit blueprint (permission check passed)")
    except PermissionError:
        print("   ❌ Admin cannot submit blueprint (permission check failed)")
        return False
    except Exception as e:
        # Expected to fail due to no actual composer server, but permission check should pass
        if "permission" in str(e).lower():
            print("   ❌ Admin permission check failed")
            return False
        else:
            print("   ✅ Admin can submit blueprint (permission check passed, server error expected)")
    
    # Viewer should not be able to submit blueprint
    try:
        client_viewer.submit_blueprint(test_blueprint)
        print("   ❌ Viewer incorrectly can submit blueprint")
        return False
    except PermissionError:
        print("   ✅ Viewer correctly cannot submit blueprint")
    except Exception as e:
        if "permission" in str(e).lower():
            print("   ✅ Viewer correctly cannot submit blueprint")
        else:
            print("   ❌ Viewer permission check failed")
            return False
    
    # Clean up test files
    if os.path.exists(test_blueprint):
        os.remove(test_blueprint)
    
    print("\n" + "=" * 60)
    print("🎉 All composer authentication tests passed successfully!")
    
    # Clean up test database
    if os.path.exists(test_db):
        os.remove(test_db)
        print("🧹 Test database cleaned up")
    
    return True

if __name__ == "__main__":
    try:
        success = test_composer_authentication()
        if success:
            print("\n✅ Composer client authentication is working correctly")
            exit(0)
        else:
            print("\n❌ Composer client authentication has issues")
            exit(1)
    except Exception as e:
        print(f"\n💥 Test failed with exception: {e}")
        exit(1)