from flask_jwt_extended import create_access_token, decode_token
from app.model import Roles
from .conftest import MOCK_USER_1, MOCK_ADMIN_USER, assert_200, assert_in, assert_equal, assert_response_json_equal, assert_401


def test_access_token(client):
    good_token = create_access_token(MOCK_ADMIN_USER)
    url = '/api/admin/ajax/access_token'

    # We should get a token for an applicant user if we call this endpoint
    headers = {'Auth-Token': f'Bearer {good_token}'}
    resp = client.get(url, headers=headers, data={'user_id': MOCK_USER_1.user_id})
    assert_200(resp)
    assert_in('access_token', resp.json)
    retrieved_token = resp.json['access_token']
    decoded = decode_token(retrieved_token)
    assert_equal(decoded['roles'], Roles.APPLICANT)

    # This token should work for applicant endpoints...
    resp = client.post('/api/auth/ajax/test_access_token', headers={'Auth-Token': f'Bearer {retrieved_token}'})
    assert_200(resp)
    assert_response_json_equal(resp, {'user_id': MOCK_USER_1.user_id})

    # if we revoke the token, things should fail
    resp = client.delete(url, headers=headers, data={'access_token': retrieved_token})
    assert_200(resp)
    resp = client.post('/api/auth/ajax/test_access_token', headers={'Auth-Token': f'Bearer {retrieved_token}'})
    assert_401(resp)