#!/usr/share/ucs-test/runner python
## -*- coding: utf-8 -*-
## desc: create user in azure with group, deactivate/reactivate user, check membership
## tags: [apptest]
## exposure: dangerous
## packages:
##   - univention-office365
## bugs: [52159]

import time

import univention.testing.strings as uts
import univention.testing.ucr as ucr_test
import univention.testing.udm as udm_test
import univention.testing.utils as utils
from univention.config_registry import handler_set, handler_unset

from helpers.office365_test_helpers import listener_attributes_data, udm_user_args, setup_logging
from univention.office365.listener import Office365Listener
from univention.office365.azure_auth import AzureAuth, AzureADConnectionHandler


logger = setup_logging()
adconnection_aliases = AzureADConnectionHandler.get_adconnection_aliases()
initialized_adconnections = [adconnection_alias for adconnection_alias in adconnection_aliases if AzureAuth.is_initialized(adconnection_alias)]

print("*** adconnection_aliases={!r}.".format(adconnection_aliases))
print("*** initialized_adconnections={!r}.".format(initialized_adconnections))

with utils.AutomaticListenerRestart():
	with udm_test.UCSTestUDM() as udm:
		with ucr_test.UCSTestConfigRegistry() as ucr:
			ucr.load()

			class _listener(object):
				configRegistry = ucr

			handler_set(["office365/groups/sync=yes"])
			utils.restart_listener()

			adconnection_alias = initialized_adconnections[0]
			ol = Office365Listener(_listener(), "ucs-test", listener_attributes_data, {}, "dn", adconnection_alias)

			# create a groups
			group_name1 = uts.random_name()
			group_dn1 = udm.create_object(
				"groups/group",
				set=dict(name=group_name1),
				position="cn=groups,{}".format(ucr.get("ldap/base")),
			)
			group_name2 = uts.random_name()
			group_dn2 = udm.create_object(
				"groups/group",
				set=dict(name=group_name2),
				position="cn=groups,{}".format(ucr.get("ldap/base")),
			)


			# create user (just so that group_dn2 is not empty)
			user_args = udm_user_args(ucr, minimal=True)
			user_args["set"]["UniventionOffice365Enabled"] = 1
			user_args["set"]["UniventionOffice365ADConnectionAlias"] = adconnection_alias
			user_args["set"]["groups"] = group_dn2
			udm.create_user(**user_args)
			# create user
			user_args = udm_user_args(ucr, minimal=True)
			user_args["set"]["UniventionOffice365Enabled"] = 1
			user_args["set"]["UniventionOffice365ADConnectionAlias"] = adconnection_alias
			user_args["set"]["primaryGroup"] = group_dn1
			user_args["set"]["groups"] = group_dn2
			user_dn, username = udm.create_user(**user_args)

			# wait for user to be created in azure
			udm_user = None
			for i in range(60):
				print('waiting for user to be created in azure')
				time.sleep(1)
				udm_user = ol.udm.get_udm_user(user_dn)
				if udm_user.get("UniventionOffice365Data", None):
					break
			assert udm_user
			user_id = Office365Listener.decode_o365data(udm_user.get("UniventionOffice365Data"))[adconnection_alias]['objectId']
			assert user_id

			# get group id
			udm_group1 = ol.udm.get_udm_group(group_dn1)
			group_objectid1 = Office365Listener.decode_o365data(udm_group1.get("UniventionOffice365Data"))[adconnection_alias]['objectId']
			print('group1 id: {}'.format(group_objectid1))
			udm_group2 = ol.udm.get_udm_group(group_dn2)
			group_objectid2 = Office365Listener.decode_o365data(udm_group2.get("UniventionOffice365Data"))[adconnection_alias]['objectId']
			print('group2 id: {}'.format(group_objectid2))

			# check user is member of group
			print('user is member of: {}'.format(ol.ah.member_of_groups(user_id).get('value', [])))
			assert group_objectid1 in ol.ah.member_of_groups(user_id).get('value', [])
			assert group_objectid2 in ol.ah.member_of_groups(user_id).get('value', [])

			# check UniventionOffice365Enabled and disabled
			for attr, disable, enable in [('UniventionOffice365Enabled', 0, 1), ('disabled', 1, 0)]:
				# deactivate office user, groups should be clean
				udm.modify_object(modulename="users/user", dn=user_dn, set={attr: disable})
				for i in range(60):
					time.sleep(1)
					print('waiting for user to be disabled in azure')
					a = ol.ah.list_users(objectid=user_id)
					if a.get('accountEnabled', True) is False:
						break
				print('user is member of: {}'.format(ol.ah.member_of_groups(user_id).get('value', [])))
				assert group_objectid1 not in ol.ah.member_of_groups(user_id).get('value', [])
				assert group_objectid2 not in ol.ah.member_of_groups(user_id).get('value', [])

				# reactivate user, user should be member of groups
				udm.modify_object(modulename="users/user", dn=user_dn, set={attr: enable})
				for i in range(60):
					time.sleep(1)
					print('waiting for user to be enabled in azure')
					a = ol.ah.list_users(objectid=user_id)
					if a.get('accountEnabled', False) is True:
						break
				print('user is member of: {}'.format(ol.ah.member_of_groups(user_id).get('value', [])))
				assert group_objectid1 in ol.ah.member_of_groups(user_id).get('value', [])
				assert group_objectid2 in ol.ah.member_of_groups(user_id).get('value', [])
			

# Cleanup
to_unset = ["office365/groups/sync"]
handler_unset(to_unset)
utils.restart_listener()