import os
import re
import time

import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')


def test_website_group(host):
    """
    Tests if website group has been created correctly.
    """

    group = host.group('web-parameters-optional_local')

    assert group.exists
    assert group.gid == 5001


def test_website_admin_user(host):
    """
    Tests if website administrator user has been created correctly.
    """

    user = host.user('admin-parameters-optional_local')

    assert user.exists
    assert user.uid == 5000
    assert user.group == 'web-parameters-optional_local'
    assert user.groups == ['web-parameters-optional_local']
    assert user.shell == '/bin/bash'
    assert user.home == '/var/www/parameters-optional.local'


def test_website_admin_home(host):
    """
    Tests if permissions on website admin home directory are correct.
    """

    home = host.file('/var/www/parameters-optional.local')

    assert home.is_directory
    assert home.user == 'admin-parameters-optional_local'
    assert home.group == 'web-parameters-optional_local'
    assert home.mode == 0o750


def test_home_profile_directory(host):
    """
    Tests if profile directory has been set-up correctly for the website
    administrator/application user.
    """

    with host.sudo():

        directory = host.file('/var/www/parameters-optional.local/.profile.d')
        assert directory.is_directory
        assert directory.user == 'admin-parameters-optional_local'
        assert directory.group == 'web-parameters-optional_local'
        assert directory.mode == 0o750


def test_website_application_user(host):
    """
    Tests if website application user has been created correctly.
    """

    user = host.user('web-parameters-optional_local')

    assert user.exists
    assert user.uid == 5001
    assert user.group == 'web-parameters-optional_local'
    assert user.groups == ['web-parameters-optional_local']
    assert user.shell == '/bin/sh'
    assert user.home == '/var/www/parameters-optional.local'

    with host.sudo():
        umask = host.run("su -l web-parameters-optional_local -c 'bash -c umask'")
        assert umask.stdout == '0007\n'


def test_nginx_user(host):
    """
    Tests if web server user has been added to website group.
    """

    user = host.user('www-data')
    assert 'web-parameters-optional_local' in user.groups


def test_forward_file(host):
    """
    Tests if the forward file has correct permissions and content.
    """

    with host.sudo():

        config = host.file('/var/www/parameters-optional.local/.forward')
        assert config.is_file
        assert config.user == 'root'
        assert config.group == 'web-parameters-optional_local'
        assert config.mode == 0o640
        assert config.content == "user\n"


def test_mail_forwarding(host):
    """
    Tests if mail forwarding works as expected.
    """

    hostname = host.run('hostname').stdout.strip()

    send = host.run('swaks --suppress-data --to web-parameters-optional_local@localhost')
    assert send.rc == 0
    message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)

    # Sleep for a couple of seconds so the mail can get delivered.
    time.sleep(5)

    with host.sudo():
        mail_log = host.file('/var/log/mail.log')

        # First extract message ID of forwarded mail.
        pattern = r"%s: to=<web-parameters-optional_local@localhost>.*status=sent \(forwarded as ([^)]*)\)" % message_id
        message_id = re.search(pattern, mail_log.content).group(1)

        # Now try to determine where the forward ended-up at.
        pattern = "%s: to=<user@%s>, orig_to=<web-parameters-optional_local@localhost>.*status=sent" % (message_id, hostname)
        assert re.search(pattern, mail_log.content) is not None


def test_installed_packages(host):
    """
    Tests if additional packages are installed.
    """

    ansible_facts = host.ansible("setup")["ansible_facts"]

    if ansible_facts['ansible_distribution_release'] == 'jessie':
        php_ldap_package = 'php5-ldap'
        php_json_package = 'php5-json'
        mariadb_compat_package = 'libmariadb-client-lgpl-dev-compat'
    elif ansible_facts['ansible_distribution_release'] == 'stretch':
        php_ldap_package = 'php-ldap'
        php_json_package = 'php-json'
        mariadb_compat_package = 'libmariadbclient-dev-compat'

    assert host.package(php_ldap_package).is_installed
    assert host.package(php_json_package).is_installed
    assert host.package(mariadb_compat_package).is_installed


def test_nginx_tls_files(host):
    """
    Tests if TLS private key and certificate have been deployed correctly.
    """

    with host.sudo():

        tls_file = host.file('/etc/ssl/private/parameters-optional.local_https.key')
        assert tls_file.is_file
        assert tls_file.user == 'root'
        assert tls_file.group == 'root'
        assert tls_file.mode == 0o640
        assert tls_file.content == open("tests/data/x509/parameters-optional.local_https.key.pem", "r").read().rstrip()

        tls_file = host.file('/etc/ssl/certs/parameters-optional.local_https.pem')
        assert tls_file.is_file
        assert tls_file.user == 'root'
        assert tls_file.group == 'root'
        assert tls_file.mode == 0o644
        assert tls_file.content == open("tests/data/x509/parameters-optional.local_https.cert.pem", "r").read().rstrip()


def test_certificate_validity_check_configuration(host):
    """
    Tests if certificate validity check configuration file has been deployed
    correctly.
    """

    config = host.file('/etc/check_certificate/parameters-optional.local_https.conf')
    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644
    assert config.content == "/etc/ssl/certs/parameters-optional.local_https.pem"


def test_vhost_file(host):
    """
    Tests permissions of vhost configuration file.
    """

    config = host.file('/etc/nginx/sites-available/parameters-optional.local')

    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o640


def test_website_enabled(host):
    """
    Tests if website has been enabled.
    """

    config = host.file('/etc/nginx/sites-enabled/parameters-optional.local')

    assert config.is_symlink
    assert config.linked_to == '/etc/nginx/sites-available/parameters-optional.local'


def test_https_enforcement(host):
    """
    Tests if HTTPS is (not) being enforced.
    """

    https_enforcement = host.run('curl -I http://parameters-optional.local/')

    assert https_enforcement.rc == 0
    assert 'HTTP/1.1 200 OK' in https_enforcement.stdout
    assert 'HTTP/1.1 301 Moved Permanently' not in https_enforcement.stdout
    assert 'Location: https://parameters-optional/' not in https_enforcement.stdout

    https_enforcement = host.run('curl -I https://parameters-optional.local/')

    assert https_enforcement.rc == 0
    assert 'Strict-Transport-Security' not in https_enforcement.stdout


def test_index_page(host):
    """
    Tests if index page is served correctly (should be php file served statically).
    """

    page = host.run('curl https://parameters-optional.local/')

    assert page.rc == 0
    assert page.stdout == open("tests/data/php/optional/myindex.php").read().rstrip()


def test_additional_fpm_config(host):
    """
    Tests if additional FPM configuration is processed correctly.
    """

    page = host.run('curl https://parameters-optional.local/path.myphp')

    assert page.rc == 0
    assert page.stdout == "/usr/local/bin:/usr/bin:/bin"


def test_additional_nginx_config(host):
    """
    Tests if additional Nginx configuration has been applied (custom 404 page).
    """

    page = host.run('curl https://parameters-optional.local/non-existing-page')

    assert page.rc == 0
    assert page.stdout == "This is custom error page."


def test_deny_files_regex(host):
    """
    Tests if regex used for denying access is applied correctly.
    """

    page = host.run('curl -I https://parameters-optional.local/secretfile.txt')

    assert page.rc == 0
    assert "HTTP/1.1 403 Forbidden" in page.stdout


def test_environment_indicator(host):
    """
    Tests if environment indicator is applied correctly.
    """

    page = host.run('curl https://parameters-optional.local/info.myphp')

    assert page.rc == 0
    assert "<div id='website-environment' style='background-color: #ff0000; width: 100%; text-align: center; position: fixed; bottom: 5px; color: #00ff00; " \
        "font-weight: bold; z-index: 999999;'>parameters-optional</div></body>" in page.stdout


def test_php_rewrire_urls(host):
    """
    Tests if PHP rewrite URLs are processed correctly.
    """

    page = host.run('curl https://parameters-optional.local/rewrite1/this/is/some/path')

    assert page.rc == 0
    assert page.stdout == "/rewrite1/this/is/some/path"

    page = host.run('curl https://parameters-optional.local/rewrite2/this/is/some/other/path')

    assert page.rc == 0
    assert page.stdout == "/rewrite2/this/is/some/other/path"


def test_regular_rewrites(host):
    """
    Tests if regular rewrites are working as expected.
    """

    page = host.run('curl https://parameters-optional.local/rewrite_to_index1/some/path')

    assert page.rc == 0
    assert page.stdout == open("tests/data/php/optional/myindex.php").read().rstrip()

    page = host.run('curl https://parameters-optional.local/rewrite_to_index2/some/path')

    assert page.rc == 0
    assert page.stdout == open("tests/data/php/optional/myindex.php").read().rstrip()