// Copyright (C) 2020 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.gerrit.acceptance.server.permissions;

import static com.google.common.collect.ImmutableList.toImmutableList;
import static com.google.common.collect.ImmutableSet.toImmutableSet;
import static com.google.common.truth.Truth.assertThat;
import static com.google.gerrit.acceptance.testsuite.project.TestProjectUpdate.allow;
import static com.google.gerrit.acceptance.testsuite.project.TestProjectUpdate.permissionKey;
import static com.google.gerrit.server.group.SystemGroupBackend.ANONYMOUS_USERS;
import static com.google.gerrit.server.group.SystemGroupBackend.REGISTERED_USERS;
import static com.google.gerrit.testing.GerritJUnit.assertThrows;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.gerrit.acceptance.AbstractDaemonTest;
import com.google.gerrit.acceptance.config.GerritConfig;
import com.google.gerrit.acceptance.testsuite.change.ChangeOperations;
import com.google.gerrit.acceptance.testsuite.group.GroupOperations;
import com.google.gerrit.acceptance.testsuite.project.ProjectOperations;
import com.google.gerrit.entities.AccountGroup;
import com.google.gerrit.entities.Change;
import com.google.gerrit.entities.GroupDescription;
import com.google.gerrit.entities.GroupReference;
import com.google.gerrit.entities.PatchSet;
import com.google.gerrit.entities.Permission;
import com.google.gerrit.entities.RefNames;
import com.google.gerrit.extensions.registration.DynamicSet;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.ExternalUser;
import com.google.gerrit.server.PropertyMap;
import com.google.gerrit.server.account.GroupBackend;
import com.google.gerrit.server.account.GroupMembership;
import com.google.gerrit.server.account.externalids.ExternalIdKeyFactory;
import com.google.gerrit.server.notedb.ChangeNotes;
import com.google.gerrit.server.permissions.ChangePermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.AbstractModule;
import com.google.inject.Module;
import java.util.Collection;
import java.util.Set;
import java.util.stream.StreamSupport;
import javax.inject.Inject;
import org.eclipse.jgit.lib.Ref;
import org.eclipse.jgit.lib.Repository;
import org.junit.Before;
import org.junit.Test;

/** Tests that permission logic used by {@link ExternalUser} works as expected. */
public class ExternalUserPermissionIT extends AbstractDaemonTest {
  private static final AccountGroup.UUID EXTERNAL_GROUP =
      AccountGroup.uuid("company-auth:it-department");

  @Inject private ChangeOperations changeOperations;
  @Inject private ProjectOperations projectOperations;
  @Inject private PermissionBackend permissionBackend;
  @Inject private ChangeNotes.Factory changeNotesFactory;
  @Inject private ExternalUser.Factory externalUserFactory;
  @Inject private GroupOperations groupOperations;
  @Inject private ExternalIdKeyFactory externalIdKeyFactory;

  @Before
  public void setUp() {
    // Allow only read on refs/heads/master by default
    projectOperations
        .project(allProjects)
        .forUpdate()
        .remove(permissionKey(Permission.READ).ref("refs/heads/*").group(ANONYMOUS_USERS))
        .add(allow(Permission.READ).ref("refs/heads/master").group(ANONYMOUS_USERS))
        .update();
  }

  @Override
  public Module createModule() {
    /**
     * Binding a {@link GroupBackend} that pretends a user is part of a group if the external ID
     * starts with the group UUID.
     *
     * <p>Example: Users "company-auth:it-department-1" and "company-auth:it-department-2" are a
     * member of the group "company-auth:it-department"
     */
    return new AbstractModule() {
      @Override
      protected void configure() {
        DynamicSet.bind(binder(), GroupBackend.class)
            .toInstance(
                new GroupBackend() {
                  @Override
                  public boolean handles(AccountGroup.UUID uuid) {
                    return uuid.get().startsWith("company-auth:");
                  }

                  @Override
                  public GroupDescription.Basic get(AccountGroup.UUID uuid) {
                    return new GroupDescription.Basic() {
                      @Override
                      public AccountGroup.UUID getGroupUUID() {
                        return uuid;
                      }

                      @Override
                      public String getName() {
                        return uuid.get();
                      }

                      @Override
                      public String getEmailAddress() {
                        return uuid.get() + "@example.com";
                      }

                      @Override
                      public String getUrl() {
                        return null;
                      }
                    };
                  }

                  @Override
                  public Collection<GroupReference> suggest(String name, ProjectState project) {
                    throw new UnsupportedOperationException("not implemented");
                  }

                  @Override
                  public GroupMembership membershipsOf(CurrentUser user) {
                    return new GroupMembership() {
                      @Override
                      public boolean contains(AccountGroup.UUID groupId) {
                        return user.getExternalIdKeys().stream()
                            .anyMatch(e -> e.get().startsWith(groupId.get()));
                      }

                      @Override
                      public boolean containsAnyOf(Iterable<AccountGroup.UUID> groupIds) {
                        return StreamSupport.stream(groupIds.spliterator(), /* parallel= */ false)
                            .anyMatch(g -> contains(g));
                      }

                      @Override
                      public Set<AccountGroup.UUID> intersection(
                          Iterable<AccountGroup.UUID> groupIds) {
                        return StreamSupport.stream(groupIds.spliterator(), /* parallel= */ false)
                            .filter(g -> contains(g))
                            .collect(toImmutableSet());
                      }

                      @Override
                      public Set<AccountGroup.UUID> getKnownGroups() {
                        return ImmutableSet.of();
                      }
                    };
                  }

                  @Override
                  public boolean isVisibleToAll(AccountGroup.UUID uuid) {
                    return false;
                  }
                });
      }
    };
  }

  @Test
  public void defaultRefFilter_changeVisibilityIsAgnosticOfProvidedGroups() throws Exception {
    ExternalUser user = createUserInGroup("1", "it-department");

    Change.Id changeOnMaster = changeOperations.newChange().project(project).create();
    Change.Id changeOnRefsMetaConfig =
        changeOperations.newChange().project(project).branch("refs/meta/config").create();
    // Check that only the change on the default branch is visible
    assertThat(getVisibleRefNames(user))
        .containsExactly(
            "HEAD",
            "refs/heads/master",
            RefNames.changeMetaRef(changeOnMaster),
            RefNames.patchSetRef(PatchSet.id(changeOnMaster, 1)));
    // Grant access
    projectOperations
        .project(project)
        .forUpdate()
        .add(allow(Permission.READ).ref("refs/meta/config").group(EXTERNAL_GROUP))
        .update();
    // Check that both changes are visible now
    assertThat(getVisibleRefNames(user))
        .containsExactly(
            "HEAD",
            "refs/heads/master",
            "refs/meta/config",
            RefNames.changeMetaRef(changeOnMaster),
            RefNames.patchSetRef(PatchSet.id(changeOnMaster, 1)),
            RefNames.changeMetaRef(changeOnRefsMetaConfig),
            RefNames.patchSetRef(PatchSet.id(changeOnRefsMetaConfig, 1)));
  }

  @Test
  public void defaultRefFilter_refVisibilityIsAgnosticOfProvidedGroups() throws Exception {
    ExternalUser user = createUserInGroup("1", "it-department");
    // Check that refs/meta/config isn't visible by default
    assertThat(getVisibleRefNames(user)).containsExactly("HEAD", "refs/heads/master");
    // Grant access
    projectOperations
        .project(project)
        .forUpdate()
        .add(allow(Permission.READ).ref("refs/meta/config").group(EXTERNAL_GROUP))
        .update();
    // Check that refs/meta/config became visible
    assertThat(getVisibleRefNames(user))
        .containsExactly("HEAD", "refs/heads/master", "refs/meta/config");
  }

  @Test
  public void changeVisibility_changeOnInvisibleBranchNotVisible() throws Exception {
    // Create a change that is not visible to members of 'externalGroup'
    Change.Id invisibleChange =
        changeOperations.newChange().project(project).branch("refs/meta/config").create();
    ExternalUser user = createUserInGroup("1", "it-department");
    AuthException thrown =
        assertThrows(
            AuthException.class,
            () ->
                permissionBackend
                    .user(user)
                    .change(changeNotesFactory.create(project, invisibleChange))
                    .check(ChangePermission.READ));
    assertThat(thrown).hasMessageThat().isEqualTo("read not permitted");
  }

  @Test
  public void changeVisibility_changeOnBranchVisibleToAnonymousIsVisible() throws Exception {
    Change.Id changeId = changeOperations.newChange().project(project).create();
    ExternalUser user = createUserInGroup("1", "it-department");
    permissionBackend
        .user(user)
        .change(changeNotesFactory.create(project, changeId))
        .check(ChangePermission.READ);
  }

  @Test
  public void changeVisibility_changeOnBranchVisibleToRegisteredUsersIsVisible() throws Exception {
    Change.Id changeId = changeOperations.newChange().project(project).create();
    ExternalUser user = createUserInGroup("1", "it-department");
    blockAnonymousRead();
    permissionBackend
        .user(user)
        .change(changeNotesFactory.create(project, changeId))
        .check(ChangePermission.READ);
  }

  @Test
  public void externalUser_isContainedInternalGroupThatContainsExternalGroup() {
    AccountGroup.UUID internalGroup =
        groupOperations.newGroup().addSubgroup(EXTERNAL_GROUP).create();
    ExternalUser user = createUserInGroup("1", "it-department");
    assertThat(user.getEffectiveGroups().contains(internalGroup)).isTrue();
    assertThat(user.getEffectiveGroups().contains(EXTERNAL_GROUP)).isTrue();
    assertThat(user.getEffectiveGroups().contains(REGISTERED_USERS)).isTrue();
    assertThat(user.getEffectiveGroups().contains(ANONYMOUS_USERS)).isTrue();
  }

  @GerritConfig(name = "groups.includeExternalUsersInRegisteredUsersGroup", value = "true")
  @Test
  public void externalUser_isContainedInRegisteredUsersIfConfigured() {
    ExternalUser user = createUserInGroup("1", "it-department");
    assertThat(user.getEffectiveGroups().contains(REGISTERED_USERS)).isTrue();
  }

  @GerritConfig(name = "groups.includeExternalUsersInRegisteredUsersGroup", value = "false")
  @Test
  public void externalUser_isNotContainedInRegisteredUsersIfNotConfigured() {
    ExternalUser user = createUserInGroup("1", "it-department");
    assertThat(user.getEffectiveGroups().contains(REGISTERED_USERS)).isFalse();
  }

  private ImmutableList<String> getVisibleRefNames(CurrentUser user) throws Exception {
    try (Repository repo = repoManager.openRepository(project)) {
      return permissionBackend.user(user).project(project)
          .filter(
              repo.getRefDatabase().getRefs(), repo, PermissionBackend.RefFilterOptions.defaults())
          .stream()
          .map(Ref::getName)
          .collect(toImmutableList());
    }
  }

  ExternalUser createUserInGroup(String userId, String groupId) {
    return externalUserFactory.create(
        ImmutableSet.of(),
        ImmutableSet.of(externalIdKeyFactory.parse("company-auth:" + groupId + "-" + userId)),
        PropertyMap.EMPTY);
  }
}