<?php
/**
 * Copyright © Magento, Inc. All rights reserved.
 * See COPYING.txt for license details.
 */

declare(strict_types=1);

namespace Magento\Backend\App\Request;

use Magento\Backend\App\AbstractAction;
use Magento\Backend\App\Action\Context;
use Magento\Backend\Model\Auth;
use Magento\Framework\App\ActionInterface;
use Magento\Framework\App\CsrfAwareActionInterface;
use Magento\Framework\App\Request\InvalidRequestException;
use Magento\Framework\App\RequestInterface;
use Magento\Framework\App\ResponseInterface;
use Magento\Framework\Controller\ResultInterface;
use Magento\Framework\Data\Form\FormKey;
use Magento\Framework\Exception\NotFoundException;
use Magento\Framework\Phrase;
use Magento\TestFramework\Request;
use Magento\TestFramework\Response;
use PHPUnit\Framework\TestCase;
use Magento\TestFramework\Helper\Bootstrap;
use Magento\TestFramework\Bootstrap as TestBootstrap;
use Magento\Framework\App\Request\Http as HttpRequest;
use Magento\Framework\App\Response\Http as HttpResponse;
use Zend\Stdlib\Parameters;
use Magento\Backend\Model\UrlInterface as BackendUrl;
use Magento\Framework\App\Response\HttpFactory as HttpResponseFactory;

/**
 * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
 */
class BackendValidatorTest extends TestCase
{
    private const AWARE_VALIDATION_PARAM = 'test_param';

    private const AWARE_LOCATION_VALUE = 'test1';

    private const CSRF_AWARE_MESSAGE = 'csrf_aware';

    /**
     * @var ActionInterface
     */
    private $mockUnawareAction;

    /**
     * @var AbstractAction
     */
    private $mockAwareAction;

    /**
     * @var BackendValidator
     */
    private $validator;

    /**
     * @var Request
     */
    private $request;

    /**
     * @var FormKey
     */
    private $formKey;

    /**
     * @var BackendUrl
     */
    private $url;

    /**
     * @var Auth
     */
    private $auth;

    /**
     * @var CsrfAwareActionInterface
     */
    private $mockCsrfAwareAction;

    /**
     * @var HttpResponseFactory
     */
    private $httpResponseFactory;

    /**
     * @return ActionInterface
     */
    private function createUnawareAction(): ActionInterface
    {
        return new class implements ActionInterface {
            /**
             * @inheritDoc
             */
            public function execute()
            {
                throw new NotFoundException(new Phrase('Not implemented'));
            }
        };
    }

    /**
     * @return AbstractAction
     */
    private function createAwareAction(): AbstractAction
    {
        $l = self::AWARE_LOCATION_VALUE;
        $p = self::AWARE_VALIDATION_PARAM;

        return new class($l, $p) extends AbstractAction{

            /**
             * @var string
             */
            private $locationValue;

            /**
             * @var string
             */
            private $param;

            /**
             * @param string $locationValue
             * @param string $param
             */
            public function __construct(
                string $locationValue,
                string $param
            ) {
                parent::__construct(
                    Bootstrap::getObjectManager()->get(Context::class)
                );
                $this->locationValue= $locationValue;
                $this->param = $param;
            }

            /**
             * @inheritDoc
             */
            public function execute()
            {
                throw new NotFoundException(new Phrase('Not implemented'));
            }

            /**
             * @inheritDoc
             */
            public function _processUrlKeys()
            {
                if ($this->_request->getParam($this->param)) {
                    return true;
                } else {
                    /** @var Response $response */
                    $response = $this->_response;
                    $response->setHeader('Location', $this->locationValue);

                    return false;
                }
            }
        };
    }

    /**
     * @return CsrfAwareActionInterface
     */
    private function createCsrfAwareAction(): CsrfAwareActionInterface
    {
        $r = Bootstrap::getObjectManager()
            ->get(ResponseInterface::class);
        $m = self::CSRF_AWARE_MESSAGE;

        return new class ($r, $m) implements CsrfAwareActionInterface {

            /**
             * @var ResponseInterface
             */
            private $response;

            /**
             * @var string
             */
            private $message;

            /**
             * @param ResponseInterface $response
             * @param string $message
             */
            public function __construct(
                ResponseInterface $response,
                string $message
            ) {
                $this->response = $response;
                $this->message = $message;
            }

            /**
             * @inheritDoc
             */
            public function execute()
            {
                return $this->response;
            }

            /**
             * @inheritDoc
             */
            public function createCsrfValidationException(
                RequestInterface $request
            ): ?InvalidRequestException {
                return new InvalidRequestException(
                    $this->response,
                    [new Phrase($this->message)]
                );
            }

            /**
             * @inheritDoc
             */
            public function validateForCsrf(RequestInterface $request): ?bool
            {
                return false;
            }

        };
    }

    /**
     * @inheritDoc
     */
    protected function setUp()
    {
        $objectManager = Bootstrap::getObjectManager();
        $this->request = $objectManager->get(RequestInterface::class);
        $this->validator = $objectManager->get(BackendValidator::class);
        $this->mockUnawareAction = $this->createUnawareAction();
        $this->mockAwareAction = $this->createAwareAction();
        $this->formKey = $objectManager->get(FormKey::class);
        $this->url = $objectManager->get(BackendUrl::class);
        $this->auth = $objectManager->get(Auth::class);
        $this->mockCsrfAwareAction = $this->createCsrfAwareAction();
        $this->httpResponseFactory = $objectManager->get(
            HttpResponseFactory::class
        );
    }

    /**
     * @magentoConfigFixture admin/security/use_form_key 1
     * @magentoAppArea adminhtml
     */
    public function testValidateWithValidKey()
    {
        $this->request->setMethod(HttpRequest::METHOD_GET);
        $this->auth->login(
            TestBootstrap::ADMIN_NAME,
            TestBootstrap::ADMIN_PASSWORD
        );
        $this->request->setParams([
            BackendUrl::SECRET_KEY_PARAM_NAME => $this->url->getSecretKey(),
        ]);

        $this->validator->validate(
            $this->request,
            $this->mockUnawareAction
        );
    }

    /**
     * @expectedException \Magento\Framework\App\Request\InvalidRequestException
     *
     * @magentoConfigFixture admin/security/use_form_key 1
     * @magentoAppArea adminhtml
     */
    public function testValidateWithInvalidKey()
    {
        $invalidKey = $this->url->getSecretKey() .'Invalid';
        $this->request->setParams([
            BackendUrl::SECRET_KEY_PARAM_NAME => $invalidKey,
        ]);
        $this->request->setMethod(HttpRequest::METHOD_GET);
        $this->auth->login(
            TestBootstrap::ADMIN_NAME,
            TestBootstrap::ADMIN_PASSWORD
        );

        $this->validator->validate(
            $this->request,
            $this->mockUnawareAction
        );
    }

    /**
     * @expectedException \Magento\Framework\App\Request\InvalidRequestException
     *
     * @magentoConfigFixture admin/security/use_form_key 0
     * @magentoAppArea adminhtml
     */
    public function testValidateWithInvalidFormKey()
    {
        $this->request->setPost(
            new Parameters(['form_key' => $this->formKey->getFormKey() .'1'])
        );
        $this->request->setMethod(HttpRequest::METHOD_POST);

        $this->validator->validate(
            $this->request,
            $this->mockUnawareAction
        );
    }

    /**
     * @magentoConfigFixture admin/security/use_form_key 0
     * @magentoAppArea adminhtml
     */
    public function testValidateInvalidWithAwareAction()
    {
        $this->request->setParams([self::AWARE_VALIDATION_PARAM => '']);

        /** @var InvalidRequestException|null $caught */
        $caught = null;
        try {
            $this->validator->validate(
                $this->request,
                $this->mockAwareAction
            );
        } catch (InvalidRequestException $exception) {
            $caught = $exception;
        }

        $this->assertNotNull($caught);
        /** @var Response $response */
        $response = $caught->getReplaceResult();
        $this->assertInstanceOf(Response::class, $response);
        $this->assertEquals(
            self::AWARE_LOCATION_VALUE,
            $response->getHeader('Location')->getFieldValue()
        );
        $this->assertNull($caught->getMessages());
    }

    /**
     * @magentoAppArea adminhtml
     */
    public function testValidateValidWithAwareAction()
    {
        $this->request->setParams(
            [self::AWARE_VALIDATION_PARAM => '1']
        );

        $this->validator->validate(
            $this->request,
            $this->mockAwareAction
        );
    }

    /**
     * @magentoConfigFixture admin/security/use_form_key 1
     * @magentoAppArea adminhtml
     */
    public function testValidateWithCsrfAwareAction()
    {
        //Setting up request that would be valid for default validation.
        $this->request->setMethod(HttpRequest::METHOD_GET);
        $this->auth->login(
            TestBootstrap::ADMIN_NAME,
            TestBootstrap::ADMIN_PASSWORD
        );
        $this->request->setParams([
            BackendUrl::SECRET_KEY_PARAM_NAME => $this->url->getSecretKey(),
        ]);

        /** @var InvalidRequestException|null $caught */
        $caught = null;
        try {
            $this->validator->validate(
                $this->request,
                $this->mockCsrfAwareAction
            );
        } catch (InvalidRequestException $exception) {
            $caught = $exception;
        }

        //Checking that custom validation was called and invalidated
        //valid request.
        $this->assertNotNull($caught);
        $this->assertCount(1, $caught->getMessages());
        $this->assertEquals(
            self::CSRF_AWARE_MESSAGE,
            $caught->getMessages()[0]->getText()
        );
    }

    public function testInvalidAjaxRequest()
    {
        //Setting up AJAX request with invalid secret key.
        $this->request->setMethod(HttpRequest::METHOD_GET);
        $this->auth->login(
            TestBootstrap::ADMIN_NAME,
            TestBootstrap::ADMIN_PASSWORD
        );
        $this->request->setParams([
            BackendUrl::SECRET_KEY_PARAM_NAME => 'invalid',
            'isAjax' => '1'
        ]);

        /** @var InvalidRequestException|null $caught */
        $caught = null;
        try {
            $this->validator->validate(
                $this->request,
                $this->mockUnawareAction
            );
        } catch (InvalidRequestException $exception) {
            $caught = $exception;
        }

        $this->assertNotNull($caught);
        $this->assertInstanceOf(
            ResultInterface::class,
            $caught->getReplaceResult()
        );
        /** @var ResultInterface $result */
        $result = $caught->getReplaceResult();
        /** @var HttpResponse $response */
        $response = $this->httpResponseFactory->create();
        $result->renderResult($response);
        $this->assertEmpty($response->getBody());
        $this->assertEquals(401, $response->getHttpResponseCode());
    }
}