from subprocess import CompletedProcess

pfctl_stdout_lines = b'''
block drop quick proto tcp from <f2b-sendmail-auth> to any port = submission
block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtps
block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtp
block drop quick proto tcp from <f2b-sshd> to any port = ssh
block drop quick proto tcp from <f2b-recidive> to any
'''.strip() + b'\n'

pfctl_stdout_lines_scratch = b'table <f2b-dovecot> persist counters\n' \
                             b'block quick proto tcp from <f2b-dovecot>' \
                             b' to any port ' \
                             b'{pop3,pop3s,imap,imaps,submission,465,sieve}\n'


def test_register_unauth(client):
    json_payload = {"port":
                    "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
                    "name": "dovecot", "protocol": "tcp"}
    response = client.put("/register", json=json_payload)

    assert response.json['error'] == 'Access Denied'


def test_unregister_valid(client, mocker, valid_credentials):
    def noop():
        pass
    run_res = CompletedProcess(args=['true'], returncode=0)
    run_res.stdout = pfctl_stdout_lines
    run_res.check_returncode = noop

    mocker.patch('jail2ban.pfctl.run', return_value=run_res)

    json_payload = {"port":
                    "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
                    "name": "dovecot", "protocol": "tcp"}

    response = client.delete("/register",
                             json=json_payload,
                             headers={"Authorization":
                                      "Basic " + valid_credentials})

    assert response.json['action'] == 'stop'


def test_register_valid(client, mocker, valid_credentials):
    def noop():
        pass
    run_res = CompletedProcess(args=['true'], returncode=0)
    run_res.stdout = pfctl_stdout_lines
    run_res.check_returncode = noop

    pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)

    json_payload = {"port":
                    "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
                    "name": "dovecot", "protocol": "tcp"}

    response = client.put("/register",
                          json=json_payload,
                          headers={"Authorization":
                                   "Basic " + valid_credentials})

    pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
    for existing_line in pfctl_stdout_lines.splitlines():
        assert existing_line in pfctl_run_input_arg.splitlines()

    assert response.json['action'] == 'start'


def test_register_valid_from_scratch(client, mocker, valid_credentials):
    def noop():
        pass
    run_res = CompletedProcess(args=['true'], returncode=0)
    run_res.stdout = b''
    run_res.check_returncode = noop

    pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)

    json_payload = {"port":
                    "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
                    "name": "dovecot", "protocol": "tcp"}

    response = client.put("/register",
                          json=json_payload,
                          headers={"Authorization":
                                   "Basic " + valid_credentials})

    pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
    assert pfctl_run_input_arg == pfctl_stdout_lines_scratch
    assert response.json['action'] == 'start'


def test_register_invalid(client, mocker, valid_credentials):
    def noop():
        pass
    run_res = CompletedProcess(args=['true'], returncode=0)
    run_res.stdout = pfctl_stdout_lines
    run_res.check_returncode = noop

    mocker.patch('jail2ban.pfctl.run', return_value=run_res)

    json_payload = {"port":
                    "not a pf statement",
                    "name": "dovecot", "protocol": "tcp"}

    response = client.put("/register",
                          json=json_payload,
                          headers={"Authorization":
                                   "Basic " + valid_credentials})

    assert response.json['error'] == '"not a pf statement" is tainted'