# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

require 'rails_helper'

RSpec.describe 'Ldap', type: :request do
  let!(:admin) do
    create(:admin, groups: Group.all)
  end

  describe 'discover' do
    let(:params) do
      {
        name:       'Example LDAP',
        host:       'example.ldap.okta.com',
        ssl:        'ssl',
        ssl_verify: true,
        active:     'true'
      }
    end

    context 'when disallow bin anon is active' do
      it 'returns special exception treatment for not allowed anonymous bind' do
        authenticated_as(admin)

        post '/api/v1/integration/ldap/discover', params: params, as: :json

        expect(json_response).to eq('result' => 'ok', 'error' => 'disallow-bind-anon')
      end

      context 'with other error code' do
        let(:ldap_instance) { instance_double(Net::LDAP) }
        let(:params) do
          {
            name:   'Example LDAP',
            host:   'localhost',
            ssl:    'off',
            active: 'true'
          }
        end
        let(:operation_result_struct) { Struct.new(:code, :message) }

        before do
          allow(Net::LDAP).to receive(:new).with({ host: params[:host], port: 389 }).and_return(ldap_instance)
          allow(ldap_instance).to receive_messages(
            bind:                 false,
            get_operation_result: operation_result_struct.new(50, 'Insufficient Access Rights')
          )
        end

        it 'returns special exception treatment for not allowed anonymous bind' do
          authenticated_as(admin)

          post '/api/v1/integration/ldap/discover', params: params, as: :json

          expect(json_response).to eq('result' => 'ok', 'error' => 'disallow-bind-anon')
        end
      end
    end
  end
end