require 'test_helper'

class VerificationTestController < ActionController::Base
  verify only: :guarded_one, params: 'one',
         add_flash: { error: 'unguarded' },
         redirect_to: { action: 'unguarded' }

  verify only: :guarded_two, params: %w( one two ),
         redirect_to: { action: 'unguarded' }

  verify only: :guarded_with_flash, params: 'one',
         add_flash: { notice: 'prereqs failed' },
         redirect_to: { action: 'unguarded' }

  verify only: :guarded_in_session, session: 'one',
         redirect_to: { action: 'unguarded' }

  verify only: [:multi_one, :multi_two], session: %w( one two ),
         redirect_to: { action: 'unguarded' }

  verify only: :guarded_by_method, method: :post,
         redirect_to: { action: 'unguarded' }

  verify only: :guarded_by_xhr, xhr: true,
         redirect_to: { action: 'unguarded' }

  verify only: :guarded_by_not_xhr, xhr: false,
         redirect_to: { action: 'unguarded' }

  before_filter :unconditional_redirect, only: :two_redirects
  verify only: :two_redirects, method: :post,
         redirect_to: { action: 'unguarded' }

  verify only: :must_be_post, method: :post, render: { status: 405, text: 'Must be post' }, add_headers: { 'Allow' => 'POST' }

  verify only: :guarded_one_for_named_route_test, params: 'one',
         redirect_to: :foo_url

  verify only: :no_default_action, params: 'santa'

  verify only: :guarded_with_back, method: :post,
         redirect_to: :back

  def guarded_one
    render text: "#{params[:one]}"
  end

  def guarded_one_for_named_route_test
    render text: "#{params[:one]}"
  end

  def guarded_with_flash
    render text: "#{params[:one]}"
  end

  def guarded_two
    render text: "#{params[:one]}:#{params[:two]}"
  end

  def guarded_in_session
    render text: "#{session['one']}"
  end

  def multi_one
    render text: "#{session['one']}:#{session['two']}"
  end

  def multi_two
    render text: "#{session['two']}:#{session['one']}"
  end

  def guarded_by_method
    render text: "#{request.method}"
  end

  def guarded_by_xhr
    render text: "#{!!request.xhr?}"
  end

  def guarded_by_not_xhr
    render text: "#{!!request.xhr?}"
  end

  def unguarded
    render text: "#{params[:one]}"
  end

  def two_redirects
    render nothing: true
  end

  def must_be_post
    render text: 'Was a post!'
  end

  def guarded_with_back
    render text: "#{params[:one]}"
  end

  def no_default_action
    # Will never run
  end

  protected

  def unconditional_redirect
    redirect_to action: 'unguarded'
  end
end

class VerificationTest < ActionController::TestCase
  tests ::VerificationTestController

  def test_using_symbol_back_with_no_referrer
    assert_raise(ActionController::RedirectBackError) { get :guarded_with_back }
  end

  def test_using_symbol_back_redirects_to_referrer
    @request.env['HTTP_REFERER'] = '/foo'
    get :guarded_with_back
    assert_redirected_to '/foo'
  end

  def test_no_deprecation_warning_for_named_route
    assert_not_deprecated do
      with_routing do |set|
        set.draw do
          match 'foo', to: 'test#foo', as: :foo
          match 'verification_test/:action', to: ::VerificationTestController
        end
        get :guarded_one_for_named_route_test, two: 'not one'
        assert_redirected_to '/foo'
      end
    end
  end

  def test_guarded_one_with_prereqs
    get :guarded_one, one: 'here'
    assert_equal 'here', @response.body
  end

  def test_guarded_one_without_prereqs
    get :guarded_one
    assert_redirected_to action: 'unguarded'
    assert_equal 'unguarded', flash[:error]
  end

  def test_guarded_with_flash_with_prereqs
    get :guarded_with_flash, one: 'here'
    assert_equal 'here', @response.body
    assert flash.empty?
  end

  def test_guarded_with_flash_without_prereqs
    get :guarded_with_flash
    assert_redirected_to action: 'unguarded'
    assert_equal 'prereqs failed', flash[:notice]
  end

  def test_guarded_two_with_prereqs
    get :guarded_two, one: 'here', two: 'there'
    assert_equal 'here:there', @response.body
  end

  def test_guarded_two_without_prereqs_one
    get :guarded_two, two: 'there'
    assert_redirected_to action: 'unguarded'
  end

  def test_guarded_two_without_prereqs_two
    get :guarded_two, one: 'here'
    assert_redirected_to action: 'unguarded'
  end

  def test_guarded_two_without_prereqs_both
    get :guarded_two
    assert_redirected_to action: 'unguarded'
  end

  def test_unguarded_with_params
    get :unguarded, one: 'here'
    assert_equal 'here', @response.body
  end

  def test_unguarded_without_params
    get :unguarded
    assert @response.body.blank?
  end

  def test_guarded_in_session_with_prereqs
    get :guarded_in_session, {}, 'one' => 'here'
    assert_equal 'here', @response.body
  end

  def test_guarded_in_session_without_prereqs
    get :guarded_in_session
    assert_redirected_to action: 'unguarded'
  end

  def test_multi_one_with_prereqs
    get :multi_one, {}, 'one' => 'here', 'two' => 'there'
    assert_equal 'here:there', @response.body
  end

  def test_multi_one_without_prereqs
    get :multi_one
    assert_redirected_to action: 'unguarded'
  end

  def test_multi_two_with_prereqs
    get :multi_two, {}, 'one' => 'here', 'two' => 'there'
    assert_equal 'there:here', @response.body
  end

  def test_multi_two_without_prereqs
    get :multi_two
    assert_redirected_to action: 'unguarded'
  end

  def test_guarded_by_method_with_prereqs
    post :guarded_by_method
    assert_equal 'POST', @response.body
  end

  def test_guarded_by_method_without_prereqs
    get :guarded_by_method
    assert_redirected_to action: 'unguarded'
  end

  def test_guarded_by_xhr_with_prereqs
    xhr :post, :guarded_by_xhr
    assert_equal 'true', @response.body
  end

  def test_guarded_by_xhr_without_prereqs
    get :guarded_by_xhr
    assert_redirected_to action: 'unguarded'
  end

  def test_guarded_by_not_xhr_with_prereqs
    get :guarded_by_not_xhr
    assert_equal 'false', @response.body
  end

  def test_guarded_by_not_xhr_without_prereqs
    xhr :post, :guarded_by_not_xhr
    assert_redirected_to action: 'unguarded'
  end

  def test_guarded_post_and_calls_render_succeeds
    post :must_be_post
    assert_equal 'Was a post!', @response.body
  end

  def test_default_failure_should_be_a_bad_request
    post :no_default_action
    assert_response :bad_request
  end

  def test_guarded_post_and_calls_render_fails_and_sets_allow_header
    get :must_be_post
    assert_response 405
    assert_equal 'Must be post', @response.body
    assert_equal 'POST', @response.headers['Allow']
  end

  def test_second_redirect
    assert_nothing_raised { get :two_redirects }
  end

  def test_guarded_http_method_respects_overwritten_request_method
    # Overwrite http method on application level like Rails supports via sending a _method parameter
    @request.stub(:request_method).and_return('POST')

    put :must_be_post
    assert_equal 'Was a post!', @response.body
  end
end