# SPDX-FileCopyrightText: WTF Kooperative eG <https://wtf-eg.de/>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

import unittest

from ki.test.ApiTest import ApiTest


class TestFindProfilesEndpoint(ApiTest):
    def test_find_profiles_options(self):
        response = self.client.options("/users/profiles")
        self.assertEqual(response.status_code, 200)
        self.assertIn("Access-Control-Allow-Origin", response.headers)
        self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*")

    def test_find_nobody(self):
        token = self.login("peter", "geheim")["token"]

        response = self.client.get("/users/profiles?nickname=horsthorsthorst",
                                   headers={"Authorization": "Bearer " + token})
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.json, {"total": 0, "profiles": []})

    def test_find_sql_specialchars(self):
        token = self.login("peter", "geheim")["token"]

        response = self.client.get("/users/profiles?nickname=%22%27%25", headers={"Authorization": "Bearer " + token})
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.json, {"total": 0, "profiles": []})

    def test_find_all(self):
        token = self.login("peter", "geheim")["token"]

        response = self.client.get("/users/profiles", headers={"Authorization": "Bearer " + token})
        self.assertEqual(response.status_code, 200)
        self.assertDictContainsSubset({"total": 1}, response.json)
        self.assertDictContainsSubset({"nickname": "dirtydieter"}, response.json["profiles"][0])


if __name__ == "main":
    unittest.main()