package main

import (
	"context"
	"io/ioutil"
	"os"
	"path/filepath"
	"time"

	"github.com/zitadel/zitadel/internal/api/authz"

	"github.com/zitadel/zitadel/internal/command"
	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
)

func execute(ctx context.Context, cmd *command.Commands, cfg E2EConfig, users []userData) error {

	ctx = authz.WithInstanceID(ctx, cfg.InstanceID)
	ctx = authz.WithRequestedDomain(ctx, "localhost")

	orgOwner := newHuman(users[0])

	orgOwnerID, org, err := cmd.SetUpOrg(ctx, &command.OrgSetup{
		Name:         cfg.Org,
		CustomDomain: "localhost",
		Human:        *orgOwner,
	})
	if err != nil {
		return err
	}

	// Avoids the MFA nudge
	if _, err = cmd.AddLoginPolicy(ctx, org.ResourceOwner, &domain.LoginPolicy{
		AllowUsernamePassword: true,
	}); err != nil {
		return err
	}

	// Avoids the change password screen
	if _, err = cmd.ChangePassword(ctx, org.ResourceOwner, orgOwnerID, cfg.OrgOwnerPassword, cfg.OrgOwnerPassword, ""); err != nil {
		return err
	}

	// skip mfa
	if err = cmd.HumanSkipMFAInit(ctx, orgOwnerID, org.ResourceOwner); err != nil {
		return err
	}

	sa, err := cmd.AddMachine(ctx, org.ResourceOwner, &domain.Machine{
		Username:    "e2e",
		Name:        "e2e",
		Description: "User who calls the ZITADEL API for preparing end-to-end tests",
	})
	if err != nil {
		return err
	}

	if _, err = cmd.AddOrgMember(ctx, org.ResourceOwner, sa.AggregateID, domain.RoleOrgOwner); err != nil {
		return err
	}

	key, err := cmd.AddUserMachineKey(ctx, &domain.MachineKey{
		ObjectRoot: models.ObjectRoot{
			AggregateID: sa.AggregateID,
		},
		ExpirationDate: time.Now().Add(30 * 24 * time.Hour),
		Type:           domain.AuthNKeyTypeJSON,
	}, org.ResourceOwner)
	if err != nil {
		return err
	}

	json, err := key.MarshalJSON()
	if err != nil {
		return err
	}

	if err = os.MkdirAll(filepath.Dir(cfg.MachineKeyPath), 0700); err != nil {
		return err
	}

	if err = ioutil.WriteFile(cfg.MachineKeyPath, json, 0600); err != nil {
		return err
	}

	for idx := range users[1:] {
		user := users[idx+1]

		createdHuman, err := cmd.AddHuman(ctx, org.ResourceOwner, newHuman(user))
		if err != nil {
			return err
		}

		// Avoids the change password screen
		if _, err = cmd.ChangePassword(ctx, org.ResourceOwner, createdHuman.ID, user.pw, user.pw, ""); err != nil {
			return err
		}

		// skip mfa
		if err = cmd.HumanSkipMFAInit(ctx, orgOwnerID, org.ResourceOwner); err != nil {
			return err
		}

		if user.role != "" {
			if _, err = cmd.AddOrgMember(ctx, org.ResourceOwner, createdHuman.ID, user.role); err != nil {
				return err
			}
		}
	}
	return nil
}

func newHuman(u userData) *command.AddHuman {
	return &command.AddHuman{
		Username:  u.desc + "_user_name",
		FirstName: u.desc + "_first_name",
		LastName:  u.desc + "_last_name",
		Password:  u.pw,
		Email: command.Email{
			Address:  u.desc + ".e2e@zitadel.com",
			Verified: true,
		},
	}
}