use strict;
use warnings;
use lib 't';

use Mojolicious::Lite;

use Test::More tests => 30;
use Test::Mojo;

use TestHelper;

my $t = Test::Mojo->new;
my $url = '/';
any $url => create_action();

$t->get_ok($url)
  ->status_is(401)
  ->content_is('HTTP 401: Unauthorized');

$t->get_ok($url, build_auth_request($t->tx, username => 'sshaw', password => 'bad_bad_bad'))
  ->status_is(401);

$t->get_ok($url, build_auth_request($t->tx, username => 'not_in_realm'))
  ->status_is(401);

$t->get_ok($url, build_auth_request($t->tx, username => '', password => ''))
  ->status_is(401);
    
$t->get_ok($url, build_auth_request($t->tx, algorithm => 'unknown'))
  ->status_is(400)
  ->content_is('HTTP 400: Bad Request');

$t->get_ok($url)
  ->status_is(401);
$t->get_ok($url, build_auth_request($t->tx, qop => 'unknown')) 
  ->status_is(400);

$t->get_ok($url)
  ->status_is(401);
$t->get_ok($url, build_auth_request($t->tx, opaque => 'baaaaahd'))
  ->status_is(400);

$t->get_ok($url)
  ->status_is(401);
$t->get_ok($url, build_auth_request($t->tx))
  ->status_is(200)
  ->content_is("You're in!");

$t->post_ok($url)
  ->status_is(401);
$t->post_ok($url, build_auth_request($t->tx))
  ->status_is(200)
  ->content_is("You're in!");


###
# Not with build_auth_request()
# $url = '/MD5-sess';
# get $url => create_action(algorithm => 'MD5-sess');
							                  
# $t->get_ok($url)    
#   ->status_is(401);
# $t->get_ok($url, build_auth_request($t->tx, algorithm => 'MD5-sess'))
#   ->status_is(200)
#   ->content_is("You're in!");

# $url = '/no_qop';
# get $url => create_action(qop => '');

# $t->get_ok($url)
#   ->status_is(401);
# $t->get_ok($url, build_auth_request($t->tx, qop => ''))
#   ->status_is(200)
#   ->content_is("You're in!");
###


# get '/www-auth' => create_action();
# $t->get_ok('/www-auth')
#   ->status_is(401);

# ## Req
# my $headers = build_auth_request($t->tx);
# $headers->{X_HTTP_AUTHORIZATION} = delete $headers->{Authorization};
# $t->get_ok('/www-auth', $headers)
#   ->status_is(200);